From 6c28be98274e081a1bfa524bc1380420d0193fda Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Thu, 13 Mar 2025 11:49:48 -0500 Subject: [PATCH 001/409] Update query-metadata-style-guide.md initial commit of changes starting to add quality tagging standards --- docs/query-metadata-style-guide.md | 56 +++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index 3350111db22e..d4704c6c11ed 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,12 +121,47 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define categories that the query relates to. Each alert query should belong to one (or more, if necessary) of the following four top-level categories: +The `@tags` property is used to define categories that the query relates to. As we prepare for the release of a dedicated code quality product, we will use tagging to prepare a stronger delineation between queries that are part of our existing "code security" product offering and those that are better suited as part of a "quality" product offering. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: -* `@tags correctness`–for queries that detect incorrect program behavior. -* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. -* `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. +#### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. +* `@tags quality`–for queries that detect code quality issues. See below for further information. + +#### Security query `@tags` + +If your query is a security query, use one or more `@tags` to associate it with the relevant CWEs. Add `@tags` for the most specific Base Weakness or Class Weakness in [View 1000](https://cwe.mitre.org/data/definitions/1000.html), using the parent/child relationship. For example: + +| `@tags security` | `external/cwe/cwe-022`| +|-|-| +||`external/cwe/cwe-023` | +||`external/cwe/cwe-036` | +||`external/cwe/cwe-073` | + +When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the references section of its associated qhelp file. + +> [!NOTE] +> The automatic addition of CWE reference links works only if the qhelp file already contains a `` section. + +#### Quality query sub-category `@tags` + +* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. +* `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. + +Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. + +We'll have two "top-level" categories of quality queries, with sub-categories beneath: + +* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. + * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. + * + + +* `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. + * `@tags correctness`–for queries that detect incorrect program behavior. + + + + There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags: @@ -145,20 +180,7 @@ If necessary, you can also define your own low-level tags to categorize the quer * Use a forward slash / to indicate a hierarchical relationship between tags if necessary. For example, a query with tag `foo/bar` is also interpreted as also having tag `foo`, but not `bar`. * Use a single-word `@tags` name. Multiple words, separated with hyphens, can be used for clarity if necessary. -#### Security query `@tags` - -If your query is a security query, use one or more `@tags` to associate it with the relevant CWEs. Add `@tags` for the most specific Base Weakness or Class Weakness in [View 1000](https://cwe.mitre.org/data/definitions/1000.html), using the parent/child relationship. For example: -| `@tags security` | `external/cwe/cwe-022`| -|-|-| -||`external/cwe/cwe-023` | -||`external/cwe/cwe-036` | -||`external/cwe/cwe-073` | - -When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the references section of its associated qhelp file. - -> [!NOTE] -> The automatic addition of CWE reference links works only if the qhelp file already contains a `` section. #### Metric/summary `@tags` From de5d3b6263b25657f6524306ce66b20beaa9a963 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Thu, 13 Mar 2025 12:42:51 -0500 Subject: [PATCH 002/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 40 +++++++++++++++++------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index d4704c6c11ed..a13ad200a9a3 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,9 +121,9 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define categories that the query relates to. As we prepare for the release of a dedicated code quality product, we will use tagging to prepare a stronger delineation between queries that are part of our existing "code security" product offering and those that are better suited as part of a "quality" product offering. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: +The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: -#### High level category `@tags` +### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. * `@tags quality`–for queries that detect code quality issues. See below for further information. @@ -149,18 +149,19 @@ When you tag a query like this, the associated CWE pages from [MITRE.org](https: Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. -We'll have two "top-level" categories of quality queries, with sub-categories beneath: +We'll use two "top-level" categories of quality queries, with sub-categories beneath: * `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. - * - + * `@tags unused-code`-for queries that detect functions that are never used and other instances of unused code + * `@tags complexity`-for queries that detect patterns in the code that lead to unnecesary complexity such as unclear control flow, or high cyclomatic complexity + * `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. - * `@tags correctness`–for queries that detect incorrect program behavior. - - - + * `@tags correctness`–for queries that detect incorrect program behavior or couse result in unintended outcomes. + * `@tags performance`-for queries that detect code that could impact performance through inefficient algorithms, unnecessary computation, etc + * `@tags concurrency`-for queries that detect concurrency related issues such as race conditions, deadlocks, thread safety, etc + * `@tags error-handling`-for queries that detect issues related to unsafe error handling such as uncaught exceptions, etc There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags: @@ -172,22 +173,27 @@ There are also more specific `@tags` that can be added. See, the following pages * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) -Metric queries (`@kind metric`) may have the `summary` tag. If SARIF output is used, the results of these queries can be found at `run[].properties.metricResults`. -If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization. When creating your own tags, you should: - -* Use all lower-case letters, including for acronyms and proper nouns, with no spaces. All characters apart from * and @ are accepted. -* Use a forward slash / to indicate a hierarchical relationship between tags if necessary. For example, a query with tag `foo/bar` is also interpreted as also having tag `foo`, but not `bar`. -* Use a single-word `@tags` name. Multiple words, separated with hyphens, can be used for clarity if necessary. +### Severities +Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. +TODO: should we have a severity value for quality queries? -#### Metric/summary `@tags` +### Metric/summary `@tags` Code Scanning may use tags to identify queries with specific meanings across languages. Currently, there is only one such tag: `lines-of-code`. The sum of the results for queries with this tag that return a single number column ([example for JavaScript](https://github.com/github/codeql/blob/c47d680d65f09a851e41d4edad58ffa7486b5431/java/ql/src/Metrics/Summaries/LinesOfCode.ql)) is interpreted by Code Scanning as the lines of code under the source root present in the database. Each language should have exactly one query of this form. +Metric queries (`@kind metric`) may have the `summary` tag. If SARIF output is used, the results of these queries can be found at `run[].properties.metricResults`. -Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. + +### Customizing tags + +If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization, but if possible, please try to follow the above standards (or propose changes to this style guide). When creating your own tags, you should: + +* Use all lower-case letters, including for acronyms and proper nouns, with no spaces. All characters apart from * and @ are accepted. +* Use a forward slash / to indicate a hierarchical relationship between tags if necessary. For example, a query with tag `foo/bar` is also interpreted as also having tag `foo`, but not `bar`. +* Use a single-word `@tags` name. Multiple words, separated with hyphens, can be used for clarity if necessary. ## QL area From 14d178f81773c21c62d428af41607f45b5dd5882 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 19 Mar 2025 16:56:37 -0500 Subject: [PATCH 003/409] Update query-metadata-style-guide.md minor tag changes to align with existing tags --- docs/query-metadata-style-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index a13ad200a9a3..b51f6fea5a0a 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -153,7 +153,7 @@ We'll use two "top-level" categories of quality queries, with sub-categories ben * `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. - * `@tags unused-code`-for queries that detect functions that are never used and other instances of unused code + * `@tags useless-code`-for queries that detect functions that are never used and other instances of unused code * `@tags complexity`-for queries that detect patterns in the code that lead to unnecesary complexity such as unclear control flow, or high cyclomatic complexity From f698d0a060b01adec18a57c2e9bfe1d952bf76e0 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 19 Mar 2025 16:58:30 -0500 Subject: [PATCH 004/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index b51f6fea5a0a..4c3f5b8814fe 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,7 +121,7 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: +The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: ### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. @@ -173,6 +173,8 @@ There are also more specific `@tags` that can be added. See, the following pages * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +> [!NOTE] +> There is a limit of 10 tags per query! ### Severities From 81e85010f900a49f7fced559196166a2f982c335 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:30:57 +0000 Subject: [PATCH 005/409] List subpackages in vendor/modules.txt These were all generated by running depstubber. --- go/ql/test/experimental/CWE-285/vendor/modules.txt | 2 +- go/ql/test/experimental/CWE-321-V2/vendor/modules.txt | 2 +- .../CWE-522-DecompressionBombs/vendor/modules.txt | 11 +++++++++-- .../semmle/go/concepts/LoggerCall/vendor/modules.txt | 5 ----- .../semmle/go/frameworks/Beego/vendor/modules.txt | 6 +++++- .../go/frameworks/ElazarlGoproxy/vendor/modules.txt | 1 + .../semmle/go/frameworks/Email/vendor/modules.txt | 2 +- .../semmle/go/frameworks/Gin/vendor/modules.txt | 1 + .../semmle/go/frameworks/GoMicro/vendor/modules.txt | 7 ++++++- .../semmle/go/frameworks/Iris/vendor/modules.txt | 2 +- .../go/frameworks/K8sIoApiCoreV1/vendor/modules.txt | 5 +++-- .../K8sIoApimachineryPkgRuntime/vendor/modules.txt | 4 +++- .../go/frameworks/K8sIoClientGo/vendor/modules.txt | 2 +- .../semmle/go/frameworks/NoSQL/vendor/modules.txt | 7 ++++--- .../semmle/go/frameworks/Revel/vendor/modules.txt | 4 +++- .../semmle/go/frameworks/SQL/gogf/vendor/modules.txt | 3 ++- .../semmle/go/frameworks/Spew/vendor/modules.txt | 2 +- .../SystemCommandExecutors/vendor/modules.txt | 2 +- .../semmle/go/frameworks/WebSocket/vendor/modules.txt | 2 +- .../semmle/go/frameworks/Zap/vendor/modules.txt | 1 + .../IncompleteHostnameRegexp/vendor/modules.txt | 2 -- .../query-tests/Security/CWE-079/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-089/vendor/modules.txt | 4 +++- .../query-tests/Security/CWE-312/vendor/modules.txt | 5 +++-- .../query-tests/Security/CWE-347/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-640/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-643/vendor/modules.txt | 6 ++++-- .../query-tests/Security/CWE-798/vendor/modules.txt | 6 +++--- .../query-tests/Security/CWE-918/vendor/modules.txt | 2 +- 29 files changed, 63 insertions(+), 39 deletions(-) diff --git a/go/ql/test/experimental/CWE-285/vendor/modules.txt b/go/ql/test/experimental/CWE-285/vendor/modules.txt index 5ad327e8bb5b..8de84fbd85d0 100644 --- a/go/ql/test/experimental/CWE-285/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-285/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/msteinert/pam v1.0.0 ## explicit -github.com/msteinert/pam \ No newline at end of file +github.com/msteinert/pam diff --git a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt index eedc2bbfc925..015b30ce9a21 100644 --- a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/go-jose/go-jose/v3 v3.0.0 ## explicit -github.com/go-jose/go-jose/v3 +github.com/go-jose/go-jose/v3/jwt # github.com/golang-jwt/jwt/v5 v5.0.0 ## explicit github.com/golang-jwt/jwt/v5 diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt b/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt index 92976a6e7e99..228cc0e318d5 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt @@ -3,13 +3,20 @@ github.com/DataDog/zstd # github.com/dsnet/compress v0.0.1 ## explicit -github.com/dsnet/compress +github.com/dsnet/compress/bzip2 +github.com/dsnet/compress/flate # github.com/golang/snappy v0.0.4 ## explicit github.com/golang/snappy # github.com/klauspost/compress v1.16.6 ## explicit -github.com/klauspost/compress +github.com/klauspost/compress/zstd +github.com/klauspost/compress/snappy +github.com/klauspost/compress/s2 +github.com/klauspost/compress/zlib +github.com/klauspost/compress/zip +github.com/klauspost/compress/flate +github.com/klauspost/compress/gzip # github.com/klauspost/pgzip v1.2.6 ## explicit github.com/klauspost/pgzip diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt index c20671b41943..da35ae80c085 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt @@ -1,14 +1,9 @@ -# github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4 -## explicit # github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b ## explicit github.com/golang/glog # github.com/sirupsen/logrus v1.7.0 ## explicit github.com/sirupsen/logrus -# golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 -golang.org/x/sys/unix -golang.org/x/sys/windows # k8s.io/klog v1.0.0 ## explicit k8s.io/klog diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt index bb2db0e47da3..2ec051971307 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt @@ -1,6 +1,10 @@ # github.com/astaxie/beego v1.12.3 ## explicit +github.com/astaxie/beego/utils github.com/astaxie/beego +github.com/astaxie/beego/context +github.com/astaxie/beego/logs # github.com/beego/beego/v2 v2.1.2 ## explicit -github.com/beego/beego/v2 +github.com/beego/beego/v2/server/web +github.com/beego/beego/v2/server/web/context diff --git a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt index bf027718a74a..d560618b74da 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt @@ -3,3 +3,4 @@ github.com/elazarl/goproxy # github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d ## explicit +github.com/github/depstubber diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt index 4b7525957dfc..c964e33b1f68 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/sendgrid/sendgrid-go v3.5.0+incompatible ## explicit -github.com/sendgrid/sendgrid-go +github.com/sendgrid/sendgrid-go/helpers/mail diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt index 5f2816316f48..4d249b53d1ae 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt @@ -1,3 +1,4 @@ # github.com/gin-gonic/gin v1.6.2 ## explicit github.com/gin-gonic/gin +github.com/gin-gonic/gin/binding diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt index 1884e9622afa..4235d3525987 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt @@ -1,6 +1,11 @@ # go-micro.dev/v4 v4.10.2 ## explicit +go-micro.dev/v4/api +go-micro.dev/v4/client +go-micro.dev/v4/server go-micro.dev/v4 # google.golang.org/protobuf v1.28.1 ## explicit -google.golang.org/protobuf +google.golang.org/protobuf/proto +google.golang.org/protobuf/reflect/protoreflect +google.golang.org/protobuf/runtime/protoimpl diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt index e3c62be74a71..8fdf3c4082d5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/kataras/iris/v12 v12.2.5 ## explicit -github.com/kataras/iris/v12 +github.com/kataras/iris/v12/context # github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 ## explicit github.com/Shopify/goreferrer diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt index bd3ad03a88b4..859956613d50 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt @@ -1,6 +1,7 @@ # k8s.io/api v0.20.0 ## explicit -k8s.io/api +k8s.io/api/core/v1 +k8s.io/apimachinery/pkg/runtime # k8s.io/apimachinery v0.20.0 ## explicit -k8s.io/apimachinery +k8s.io/apimachinery/pkg/runtime diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt index 007fe13b0dec..59d5b5f7464c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt @@ -1,3 +1,5 @@ # k8s.io/apimachinery v0.19.4 ## explicit -k8s.io/apimachinery +k8s.io/apimachinery/pkg/conversion +k8s.io/apimachinery/pkg/runtime +k8s.io/apimachinery/pkg/runtime/schema diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt index 7c2af6245595..3b8636e54ea4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt @@ -18,7 +18,7 @@ golang.org/x/oauth2 golang.org/x/time # k8s.io/client-go v0.19.0 ## explicit -k8s.io/client-go +k8s.io/client-go/kubernetes/typed/core/v1 # k8s.io/utils v0.0.0-20201110183641-67b214c5f920 ## explicit k8s.io/utils diff --git a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt index efe6455326a2..94d59ce4d62a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt @@ -1,6 +1,3 @@ -# go.mongodb.org/mongo-driver v1.3.2 -## explicit -go.mongodb.org/mongo-driver # github.com/couchbase/gocb/v2 v2.2.0 ## explicit github.com/couchbase/gocb/v2 @@ -10,6 +7,10 @@ github.com/google/uuid # github.com/opentracing/opentracing-go v1.2.0 ## explicit github.com/opentracing/opentracing-go +# go.mongodb.org/mongo-driver v1.3.2 +## explicit +go.mongodb.org/mongo-driver/bson +go.mongodb.org/mongo-driver/mongo # gopkg.in/couchbase/gocb.v1 v1.6.7 ## explicit gopkg.in/couchbase/gocb.v1 diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt index fe1af187494a..b674df40109f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt @@ -3,7 +3,9 @@ github.com/go-stack/stack # github.com/revel/modules v1.0.0 ## explicit -github.com/revel/modules +github.com/revel/modules/orm/gorp/app/controllers +github.com/revel/modules/static/app/controllers # github.com/revel/revel v1.0.0 ## explicit github.com/revel/revel +github.com/revel/revel/logger diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt index 72560d0da5e0..d3645e863f4b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt @@ -1,6 +1,7 @@ # github.com/gogf/gf v1.16.9 ## explicit -github.com/gogf/gf +github.com/gogf/gf/database/gdb +github.com/gogf/gf/frame/g # github.com/BurntSushi/toml v0.3.1 ## explicit github.com/BurntSushi/toml diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt index 9e9ed5edf647..5d0fa4c56ac0 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit -github.com/davecgh/go-spew +github.com/davecgh/go-spew/spew # github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4 ## explicit github.com/github/depstubber diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt index 2fdb2ae4eae1..d6e69c7b2986 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt @@ -3,4 +3,4 @@ github.com/codeskyblue/go-sh # golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 ## explicit -golang.org/x/crypto +golang.org/x/crypto/ssh diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt index 43950046ca3a..ea1d1721a315 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/gorilla/websocket github.com/sacOO7/gowebsocket # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt index 81aa5380f124..d6c25845fd46 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt @@ -1,3 +1,4 @@ # go.uber.org/zap v1.16.0 ## explicit go.uber.org/zap +go.uber.org/zap/zapcore diff --git a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt index bf027718a74a..a81e0c273fa7 100644 --- a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt @@ -1,5 +1,3 @@ # github.com/elazarl/goproxy v0.0.0-20201021153353-00ad82a08272 ## explicit github.com/elazarl/goproxy -# github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d -## explicit diff --git a/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt index 5e59711dd7b0..f61f191db597 100644 --- a/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt @@ -6,7 +6,7 @@ github.com/gobwas/ws github.com/gorilla/websocket # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt index ddbc30953a2e..b0de76d4f889 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt @@ -3,4 +3,6 @@ github.com/Masterminds/squirrel # go.mongodb.org/mongo-driver v1.3.3 ## explicit -go.mongodb.org/mongo-driver +go.mongodb.org/mongo-driver/mongo +go.mongodb.org/mongo-driver/mongo/options +go.mongodb.org/mongo-driver/bson diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt index 239424327022..aa0c56a1a6f3 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt @@ -9,7 +9,8 @@ github.com/sirupsen/logrus k8s.io/klog # github.com/golang/protobuf v1.4.2 ## explicit -github.com/golang/protobuf +github.com/golang/protobuf/proto # google.golang.org/protobuf v1.23.0 ## explicit -google.golang.org/protobuf +google.golang.org/protobuf/reflect/protoreflect +google.golang.org/protobuf/runtime/protoimpl diff --git a/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt index 01144bc92497..811980fafee0 100644 --- a/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt @@ -3,7 +3,7 @@ github.com/gin-gonic/gin # github.com/go-jose/go-jose/v3 v3.0.0 ## explicit -github.com/go-jose/go-jose/v3 +github.com/go-jose/go-jose/v3/jwt # github.com/golang-jwt/jwt/v5 v5.0.0 ## explicit github.com/golang-jwt/jwt/v5 diff --git a/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt index 4b7525957dfc..c964e33b1f68 100644 --- a/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/sendgrid/sendgrid-go v3.5.0+incompatible ## explicit -github.com/sendgrid/sendgrid-go +github.com/sendgrid/sendgrid-go/helpers/mail diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt index 3f70fcb344d3..a852f50be92f 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt @@ -1,5 +1,6 @@ # github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d ## explicit +github.com/ChrisTrenkamp/goxpath/tree github.com/ChrisTrenkamp/goxpath # github.com/antchfx/htmlquery v1.2.2 ## explicit @@ -18,10 +19,11 @@ github.com/antchfx/xpath github.com/go-xmlpath/xmlpath # github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f ## explicit -github.com/jbowtie/gokogiri +github.com/jbowtie/gokogiri/xpath +github.com/jbowtie/gokogiri/xml # github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5 ## explicit -github.com/lestrrat-go/libxml2 +github.com/lestrrat-go/libxml2/parser # github.com/santhosh-tekuri/xpathparser v1.0.0 ## explicit github.com/santhosh-tekuri/xpathparser diff --git a/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt index 61fe07b45404..caa73317d564 100644 --- a/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt @@ -6,7 +6,7 @@ github.com/appleboy/gin-jwt/v2 github.com/cristalhq/jwt/v3 # github.com/go-kit/kit v0.12.0 ## explicit -github.com/go-kit/kit +github.com/go-kit/kit/auth/jwt # github.com/gogf/gf-jwt/v2 v2.0.1 ## explicit github.com/gogf/gf-jwt/v2 @@ -18,13 +18,13 @@ github.com/golang-jwt/jwt/v4 github.com/iris-contrib/middleware/jwt # github.com/kataras/iris/v12 v12.2.0 ## explicit -github.com/kataras/iris/v12 +github.com/kataras/iris/v12/middleware/jwt # github.com/kataras/jwt v0.1.8 ## explicit github.com/kataras/jwt # github.com/lestrrat/go-jwx v0.9.1 ## explicit -github.com/lestrrat/go-jwx +github.com/lestrrat/go-jwx/jwk # github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 ## explicit github.com/square/go-jose/v3 diff --git a/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt index 319b30b771be..a440f984681f 100644 --- a/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/gorilla/websocket github.com/sacOO7/gowebsocket # golang.org/x/net v0.0.0-20200421231249-e086a090c8fd ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket From 40768332d897d31ca57fddc4ffd53cb63350c7ec Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:32:12 +0000 Subject: [PATCH 006/409] Remove empty imports from stubs --- .../concepts/LoggerCall/vendor/github.com/golang/glog/stub.go | 2 -- .../semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go | 2 -- .../vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go | 2 -- .../frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go | 2 -- .../vendor/k8s.io/apimachinery/pkg/runtime/stub.go | 2 -- .../vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go | 2 -- .../vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go | 2 -- .../Security/CWE-312/vendor/github.com/golang/glog/stub.go | 2 -- .../query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go | 2 -- .../vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go | 2 -- .../CWE-643/vendor/github.com/antchfx/htmlquery/stub.go | 2 -- .../CWE-643/vendor/github.com/antchfx/jsonquery/stub.go | 2 -- .../filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go | 2 -- .../filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go | 2 -- 14 files changed, 28 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go index 7c4ffefc1e87..49f90bc21afb 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go @@ -7,8 +7,6 @@ // Package glog is a stub of github.com/golang/glog, generated by depstubber. package glog -import () - func Error(_ ...interface{}) {} func ErrorDepth(_ int, _ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go index d03572488124..0c29992abcf8 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go @@ -7,8 +7,6 @@ // Package klog is a stub of k8s.io/klog, generated by depstubber. package klog -import () - func Error(_ ...interface{}) {} func ErrorDepth(_ int, _ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go index cd1956cecc05..f5d9d9bbbef2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go @@ -7,8 +7,6 @@ // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber. package mail -import () - type Asm struct { GroupID int GroupsToDisplay []int diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go index 1c9a8e0dfdd4..e5f5c4ffa01b 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go @@ -7,8 +7,6 @@ // Package core is a stub of k8s.io/api/core/v1, generated by depstubber. package core -import () - type Secret struct { TypeMeta interface{} ObjectMeta interface{} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go index bb7bf0431974..2655b31d450a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go @@ -7,8 +7,6 @@ // Package runtime is a stub of k8s.io/apimachinery/pkg/runtime, generated by depstubber. package runtime -import () - type ProtobufMarshaller interface { MarshalTo(_ []byte) (int, error) } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go index 58c86777a1cd..2d58b01f8eaa 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go @@ -7,8 +7,6 @@ // Package schema is a stub of k8s.io/apimachinery/pkg/runtime/schema, generated by depstubber. package schema -import () - type GroupKind struct { Group string Kind string diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go b/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go index 6f07aaff4ee2..3349209245aa 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go @@ -7,8 +7,6 @@ // Package primitive is a stub of go.mongodb.org/mongo-driver/bson/primitive, generated by depstubber. package primitive -import () - type D []E func (_ D) Map() M { diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go b/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go index cdd12b34901a..932a5e6fc257 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go @@ -7,6 +7,4 @@ // Package glog is a stub of github.com/golang/glog, generated by depstubber. package glog -import () - func Info(_ ...interface{}) {} diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go b/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go index 7dbaa5001fc3..db9ede2303e3 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go @@ -7,6 +7,4 @@ // Package klog is a stub of k8s.io/klog, generated by depstubber. package klog -import () - func Info(_ ...interface{}) {} diff --git a/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go b/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go index cd1956cecc05..f5d9d9bbbef2 100644 --- a/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go +++ b/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go @@ -7,8 +7,6 @@ // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber. package mail -import () - type Asm struct { GroupID int GroupsToDisplay []int diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go index 0bac0acfe55c..7a41d8f98837 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go @@ -7,8 +7,6 @@ // Package htmlquery is a stub of github.com/antchfx/htmlquery, generated by depstubber. package htmlquery -import () - func Find(_ interface{}, _ string) []interface{} { return nil } diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go index 2948daae031c..4abcf002faa9 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go @@ -7,8 +7,6 @@ // Package jsonquery is a stub of github.com/antchfx/jsonquery, generated by depstubber. package jsonquery -import () - func Find(_ *Node, _ string) []*Node { return nil } diff --git a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go index fcf8b8b5683d..20f179c90028 100644 --- a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go +++ b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go @@ -7,8 +7,6 @@ // Package ginkgo is a stub of github.com/onsi/ginkgo, generated by depstubber. package ginkgo -import () - func Fail(_ string, _ ...int) {} type GinkgoTestingT interface { diff --git a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go index 27fa1387b46a..61c9db70ad61 100644 --- a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go +++ b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go @@ -7,6 +7,4 @@ // Package gomega is a stub of github.com/onsi/gomega, generated by depstubber. package gomega -import () - func RegisterFailHandler(_ interface{}) {} From 6147f0a8734c26ac0912f3404301e0da0c730564 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:32:56 +0000 Subject: [PATCH 007/409] Fix outdated depstubber command --- .../semmle/go/frameworks/SQL/pg.go | 2 +- .../vendor/github.com/go-pg/pg/orm/stub.go | 45 ++++++++++++------- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go index 09ffa084fe0e..7cd76f715c99 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go @@ -1,7 +1,7 @@ package main //go:generate depstubber -vendor github.com/go-pg/pg Conn,DB,Tx Q -//go:generate depstubber -vendor github.com/go-pg/pg/orm Query Q +//go:generate depstubber -vendor github.com/go-pg/pg/orm Query,Formatter Q //go:generate depstubber -vendor github.com/go-pg/pg/v9 Conn,DB,Tx Q import ( diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go index 1d049c8a9a3c..1214ad0492da 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for github.com/go-pg/pg/orm, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/go-pg/pg/orm (exports: Query, Formatter; functions: Q) +// Source: github.com/go-pg/pg/orm (exports: Query,Formatter; functions: Q) // Package orm is a stub of github.com/go-pg/pg/orm, generated by depstubber. package orm @@ -94,6 +94,34 @@ func (_ *Field) Value(_ reflect.Value) reflect.Value { return reflect.Value{} } +type Formatter struct{} + +func (_ Formatter) Append(_ []byte, _ string, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) AppendBytes(_ []byte, _ []byte, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) FormatQuery(_ []byte, _ string, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) Param(_ string) interface{} { + return nil +} + +func (_ Formatter) String() string { + return "" +} + +func (_ Formatter) WithParam(_ string, _ interface{}) Formatter { + return Formatter{} +} + +func (_ *Formatter) SetParam(_ string, _ interface{}) {} + type Method struct { Index int } @@ -491,18 +519,3 @@ type TableModel interface { Table() *Table Value() reflect.Value } - -type Formatter struct { -} - -func (f Formatter) Append(dst []byte, src string, params ...interface{}) []byte { - return nil -} - -func (f Formatter) AppendBytes(dst, src []byte, params ...interface{}) []byte { - return nil -} - -func (f Formatter) FormatQuery(dst []byte, query string, params ...interface{}) []byte { - return nil -} From 7e04a9f6c0e33e06e21d178a224201dd5b3085b8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:33:39 +0000 Subject: [PATCH 008/409] Improve stubs (made by old version of depstubber?) --- .../github.com/codeskyblue/go-sh/stub.go | 45 ++++--------- .../vendor/golang.org/x/crypto/ssh/stub.go | 67 +++++-------------- 2 files changed, 31 insertions(+), 81 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go index 229a21145693..ae0660e5633c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go @@ -1,10 +1,11 @@ // Code generated by depstubber. DO NOT EDIT. // This is a simple stub for github.com/codeskyblue/go-sh, strictly for use in testing. +// See the LICENSE file for information about the licensing of the original library. // Source: github.com/codeskyblue/go-sh (exports: ; functions: Command,InteractiveSession) -// Package go_sh is a stub of github.com/codeskyblue/go-sh, generated by depstubber. -package go_sh +// Package go_pkg is a stub of github.com/codeskyblue/go-sh, generated by depstubber. +package go_pkg import ( io "io" @@ -32,15 +33,11 @@ type Session struct { func (_ *Session) Alias(_ string, _ string, _ ...string) {} -func (_ *Session) Call(_ string, _ ...interface{}) interface { - Error() string -} { +func (_ *Session) Call(_ string, _ ...interface{}) error { return nil } -func (_ *Session) CombinedOutput() ([]uint8, interface { - Error() string -}) { +func (_ *Session) CombinedOutput() ([]byte, error) { return nil, nil } @@ -50,15 +47,11 @@ func (_ *Session) Command(_ string, _ ...interface{}) *Session { func (_ *Session) Kill(_ os.Signal) {} -func (_ *Session) Output() ([]uint8, interface { - Error() string -}) { +func (_ *Session) Output() ([]byte, error) { return nil, nil } -func (_ *Session) Run() interface { - Error() string -} { +func (_ *Session) Run() error { return nil } @@ -82,9 +75,7 @@ func (_ *Session) SetTimeout(_ time.Duration) *Session { return nil } -func (_ *Session) Start() interface { - Error() string -} { +func (_ *Session) Start() error { return nil } @@ -92,32 +83,22 @@ func (_ *Session) Test(_ string, _ string) bool { return false } -func (_ *Session) UnmarshalJSON(_ interface{}) interface { - Error() string -} { +func (_ *Session) UnmarshalJSON(_ interface{}) error { return nil } -func (_ *Session) UnmarshalXML(_ interface{}) interface { - Error() string -} { +func (_ *Session) UnmarshalXML(_ interface{}) error { return nil } -func (_ *Session) Wait() interface { - Error() string -} { +func (_ *Session) Wait() error { return nil } -func (_ *Session) WaitTimeout(_ time.Duration) interface { - Error() string -} { +func (_ *Session) WaitTimeout(_ time.Duration) error { return nil } -func (_ *Session) WriteStdout(_ string) interface { - Error() string -} { +func (_ *Session) WriteStdout(_ string) error { return nil } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go index 9d1aab65e3c9..0c0c3d879bb8 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go @@ -1,6 +1,7 @@ // Code generated by depstubber. DO NOT EDIT. // This is a simple stub for golang.org/x/crypto/ssh, strictly for use in testing. +// See the LICENSE file for information about the licensing of the original library. // Source: golang.org/x/crypto/ssh (exports: Session; functions: ) // Package ssh is a stub of golang.org/x/crypto/ssh, generated by depstubber. @@ -16,102 +17,70 @@ type Session struct { Stderr io.Writer } -func (_ *Session) Close() interface { - Error() string -} { +func (_ *Session) Close() error { return nil } -func (_ *Session) CombinedOutput(_ string) ([]uint8, interface { - Error() string -}) { +func (_ *Session) CombinedOutput(_ string) ([]byte, error) { return nil, nil } -func (_ *Session) Output(_ string) ([]uint8, interface { - Error() string -}) { +func (_ *Session) Output(_ string) ([]byte, error) { return nil, nil } -func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) interface { - Error() string -} { +func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) error { return nil } -func (_ *Session) RequestSubsystem(_ string) interface { - Error() string -} { +func (_ *Session) RequestSubsystem(_ string) error { return nil } -func (_ *Session) Run(_ string) interface { - Error() string -} { +func (_ *Session) Run(_ string) error { return nil } -func (_ *Session) SendRequest(_ string, _ bool, _ []uint8) (bool, interface { - Error() string -}) { +func (_ *Session) SendRequest(_ string, _ bool, _ []byte) (bool, error) { return false, nil } -func (_ *Session) Setenv(_ string, _ string) interface { - Error() string -} { +func (_ *Session) Setenv(_ string, _ string) error { return nil } -func (_ *Session) Shell() interface { - Error() string -} { +func (_ *Session) Shell() error { return nil } -func (_ *Session) Signal(_ Signal) interface { - Error() string -} { +func (_ *Session) Signal(_ Signal) error { return nil } -func (_ *Session) Start(_ string) interface { - Error() string -} { +func (_ *Session) Start(_ string) error { return nil } -func (_ *Session) StderrPipe() (io.Reader, interface { - Error() string -}) { +func (_ *Session) StderrPipe() (io.Reader, error) { return nil, nil } -func (_ *Session) StdinPipe() (io.WriteCloser, interface { - Error() string -}) { +func (_ *Session) StdinPipe() (io.WriteCloser, error) { return nil, nil } -func (_ *Session) StdoutPipe() (io.Reader, interface { - Error() string -}) { +func (_ *Session) StdoutPipe() (io.Reader, error) { return nil, nil } -func (_ *Session) Wait() interface { - Error() string -} { +func (_ *Session) Wait() error { return nil } -func (_ *Session) WindowChange(_ int, _ int) interface { - Error() string -} { +func (_ *Session) WindowChange(_ int, _ int) error { return nil } type Signal string -type TerminalModes map[uint8]uint32 +type TerminalModes map[byte]uint32 From 19f009ae0807d1d143d1ac648b65121cc971f1d1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:48:13 +0000 Subject: [PATCH 009/409] Rust: Add tests for various kinds of dangling pointers. --- .../security/CWE-825/deallocation.rs | 149 +++++++ .../query-tests/security/CWE-825/lifetime.rs | 410 ++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 157 +++++++ .../query-tests/security/CWE-825/options.yml | 3 + .../security/CWE-825/rust-toolchain.toml | 2 + 5 files changed, 721 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-825/deallocation.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/lifetime.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/main.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/options.yml create mode 100644 rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs new file mode 100644 index 000000000000..1ad8d72c0082 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -0,0 +1,149 @@ + +// --- std::alloc --- + +pub fn test_alloc(do_dangerous_writes: bool) { + let layout = std::alloc::Layout::new::(); + unsafe { + let m1 = std::alloc::alloc(layout); // *mut u8 + let m2 = m1 as *mut i64; // *mut i64 + *m2 = 1; // GOOD + + let v1 = *m1; // GOOD + let v2 = *m2; // GOOD + let v3 = std::ptr::read::(m1); // GOOD + let v4 = std::ptr::read::(m2); // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + + std::alloc::dealloc(m1, layout); // m1, m2 are now dangling + + let v5 = *m1; // $ MISSING: Alert + let v6 = *m2; // $ MISSING: Alert + let v7 = std::ptr::read::(m1); // $ MISSING: Alert + let v8 = std::ptr::read::(m2); // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + println!(" v7 = {v7} (!)"); // corrupt in practice + println!(" v8 = {v8} (!)"); // corrupt in practice + + if do_dangerous_writes { + *m1 = 2; // $ MISSING: Alert + *m2 = 3; // $ MISSING: Alert + std::ptr::write::(m1, 4); // $ MISSING: Alert + std::ptr::write::(m2, 5); // $ MISSING: Alert + } + } +} + +pub fn test_alloc_array(do_dangerous_writes: bool) { + let layout = std::alloc::Layout::new::<[u8; 10]>(); + unsafe { + let m1 = std::alloc::alloc(layout); + let m2 = m1 as *mut [u8; 10]; + (*m2)[0] = 4; // GOOD + (*m2)[1] = 5; // GOOD + + let v1 = (*m2)[0]; // GOOD + let v2 = (*m2)[1]; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + + std::alloc::dealloc(m2 as *mut u8, layout); // m1, m2 are now dangling + + let v3 = (*m2)[0]; // $ MISSING: Alert + let v4 = (*m2)[1]; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + + if do_dangerous_writes { + (*m2)[0] = 3; // $ MISSING: Alert + (*m2)[1] = 4; // $ MISSING: Alert + std::ptr::write::(m1, 5); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ MISSING: Alert + } + } +} + +// --- libc::malloc --- + +pub fn test_libc() { + unsafe { + let my_ptr = libc::malloc(256) as *mut i64; + *my_ptr = 10; + + let v1 = *my_ptr; // GOOD + println!(" v1 = {v1}"); + + libc::free(my_ptr as *mut libc::c_void); // my_ptr is now dangling + + let v2 = *my_ptr; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- std::ptr --- + +pub fn test_ptr_invalid(do_dangerous_accesses: bool) { + let p1: *const i64 = std::ptr::dangling(); + let p2: *mut i64 = std::ptr::dangling_mut(); + let p3: *const i64 = std::ptr::null(); + + if do_dangerous_accesses { + unsafe { + // (a segmentation fault occurs in the code below) + let v1 = *p1; // $ MISSING: Alert + let v2 = *p2; // $ MISSING: Alert + let v3 = *p3; // $ MISSING: Alert + println!(" v1 = {v1} (!)"); + println!(" v2 = {v2} (!)"); + println!(" v3 = {v3} (!)"); + } + } +} + +// --- drop --- + +struct MyBuffer { + data: Vec +} + +pub fn test_drop() { + let my_buffer = MyBuffer { data: vec!(1, 2, 3) }; + let p1 = std::ptr::addr_of!(my_buffer); + + unsafe { + let v1 = (*p1).data[0]; // GOOD + println!(" v1 = {v1}"); + } + + drop(my_buffer); // explicitly destructs the `my_buffer` variable + + unsafe { + let v2 = (*p1).data[0]; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +pub fn test_ptr_drop() { + let layout = std::alloc::Layout::new::>(); + unsafe { + let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 + let p2 = p1; + + *p1 = vec!(1, 2, 3); + + let v1 = (*p1)[0]; // GOOD + let v2 = (*p2)[0]; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + + std::ptr::drop_in_place(p1); // explicitly destructs the pointed-to `m2` + + let v3 = (*p1)[0]; // $ MISSING: Alert + let v4 = (*p2)[0]; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs new file mode 100644 index 000000000000..49b0678b0359 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs @@ -0,0 +1,410 @@ + +fn use_the_stack() { + let _buffer: [u8; 256] = [0xFF; 256]; +} + +struct MyValue { + value: i64 +} + +impl Drop for MyValue { + fn drop(&mut self) { + println!(" drop MyValue '{}'", self.value) + } +} + +// --- local dangling --- + +fn get_local_dangling() -> *const i64 { + let my_local1: i64 = 1; + + return &my_local1; +} // (return value immediately becomes dangling) + +fn get_local_dangling_mut() -> *mut i64 { + let mut my_local2: i64 = 2; + + return &mut my_local2; +} // (return value immediately becomes dangling) + +fn get_local_dangling_raw_const() -> *const i64 { + let my_local3: i64 = 3; + + return &raw const my_local3; +} // (return value immediately becomes dangling) + +fn get_local_dangling_raw_mut() -> *mut i64 { + let mut my_local4: i64 = 4; + + return &raw mut my_local4; +} // (return value immediately becomes dangling) + +fn get_param_dangling(param5: i64) -> *const i64 { + return ¶m5; +} // (return value immediately becomes dangling) + +fn get_local_field_dangling() -> *const i64 { + let val: MyValue; + + val = MyValue { value: 6 }; + return &val.value; +} + +pub fn test_local_dangling() { + let p1 = get_local_dangling(); + let p2 = get_local_dangling_mut(); + let p3 = get_local_dangling_raw_const(); + let p4 = get_local_dangling_raw_mut(); + let p5 = get_param_dangling(5); + let p6 = get_local_field_dangling(); + let p7: *const i64; + { + let my_local7 = 7; + p7 = &raw const my_local7; + } // (my_local goes out of scope, thus p7 is dangling) + + use_the_stack(); + + unsafe { + let v1 = *p1; // $ MISSING: Alert + let v2 = *p2; // $ MISSING: Alert + let v3 = *p3; // $ MISSING: Alert + let v4 = *p4; // $ MISSING: Alert + let v5 = *p5; // $ MISSING: Alert + let v6 = *p6; // $ MISSING: Alert + let v7 = *p7; // $ MISSING: Alert + *p2 = 8; // $ MISSING: Alert + *p4 = 9; // $ MISSING: Alert + + println!(" v1 = {v1} (!)"); // corrupt in practice + println!(" v2 = {v2} (!)"); // corrupt in practice + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + println!(" v7 = {v7} (!)"); + } +} + +// --- local in scope --- + +fn use_pointers(p1: *const i64, p2: *mut i64) { + let p3: *const i64; + let my_local1 = 1; + p3 = &my_local1; + + use_the_stack(); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + *p2 = 2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } +} + +pub fn test_local_in_scope() { + let my_local3: i64 = 3; + let mut my_local_mut4: i64 = 4; + + use_pointers(&my_local3, &mut my_local_mut4); +} + +// --- static lifetime --- + +const MY_GLOBAL_CONST: i64 = 1; + +fn get_const() -> *const i64 { + return &MY_GLOBAL_CONST; +} + +static mut MY_GLOBAL_STATIC: i64 = 2; + +fn get_static_mut() -> *mut i64 { + unsafe { + return &mut MY_GLOBAL_STATIC; + } +} + +pub fn test_static() { + let p1 = get_const(); + let p2 = get_static_mut(); + + use_the_stack(); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + *p2 = 3; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } +} + +// --- call contexts --- + +fn access_ptr_1(ptr: *const i64) { + // only called with `ptr` safe + unsafe { + let v1 = *ptr; // GOOD + println!(" v1 = {v1}"); + } +} + +fn access_ptr_2(ptr: *const i64) { + // only called with `ptr` dangling + unsafe { + let v2 = *ptr; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +fn access_ptr_3(ptr: *const i64) { + // called from contexts with `ptr` safe and dangling + unsafe { + let v3 = *ptr; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice (in one context) + } +} + +fn access_and_get_dangling() -> *const i64 { + let my_local1 = 1; + let ptr = &my_local1; + + access_ptr_1(ptr); + access_ptr_3(ptr); + + return ptr; +} // (returned pointer becomes dangling) + +pub fn test_call_contexts() { + let ptr = access_and_get_dangling(); + + use_the_stack(); + + access_ptr_2(ptr); + access_ptr_3(ptr); +} + +// --- call contexts (recursive) --- + +fn access_ptr_rec(ptr_up: *const i64, count: i64) -> *const i64 { + let my_local_rec = count; + let ptr_ours = &my_local_rec; + + if count < 5 { + let ptr_down = access_ptr_rec(ptr_ours, count + 1); + + use_the_stack(); + + unsafe { + let v_up = *ptr_up; // GOOD + let v_ours = *ptr_ours; // GOOD + let v_down = *ptr_down; // $ MISSING: Alert + println!(" v_up = {v_up}"); + println!(" v_ours = {v_ours}"); + println!(" v_down = {v_down} (!)"); + } + } + + return ptr_ours; +} // (returned pointer becomes dangling) + +pub fn test_call_contexts_rec() { + let my_local_rec2 = 1; + let ptr_start = &my_local_rec2; + + _ = access_ptr_rec(ptr_start, 2); +} + +// --- loops --- + +pub fn test_loop() { + let my_local1 = vec!(0); + let mut prev: *const Vec = &my_local1; + + for i in 1..5 { + let my_local2 = vec!(i); + + use_the_stack(); + + unsafe { + let v1 = (*prev)[0]; // $ MISSING: Alert + println!(" v1 = {v1} (!)"); // incorrect values in practice (except first iteration) + } + + prev = &my_local2; + } // (my_local2 goes out of scope, thus prev is dangling) + + unsafe { + let v2 = (*prev)[0]; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- enum --- + +enum MyEnum { + Value(i64), +} + +impl Drop for MyEnum { + fn drop(&mut self) { + println!(" drop MyEnum"); + } +} + +pub fn test_enum() { + let result: *const i64; + + { + let e1 = MyEnum::Value(1); + + result = match e1 { + MyEnum::Value(x) => { &x } + }; // (x goes out of scope, so result is dangling, I think; seen in real world code) + + use_the_stack(); + + unsafe { + let v1 = *result; // $ MISSING: Alert + println!(" v1 = {v1}"); + } + } // (e1 goes out of scope, so result is definitely dangling now) + + use_the_stack(); + + unsafe { + let v2 = *result; // $ MISSING: Alert + println!(" v2 = {v2}"); // dropped in practice + } +} + +// --- std::ptr --- + +#[derive(Debug)] +struct MyPair { + a: i64, + b: i64 +} + +impl Drop for MyPair { + fn drop(&mut self) { + println!(" drop MyPair '{} {}'", self.a, self.b); + self.a = -1; + self.b = -1; + } +} + +pub fn test_ptr_to_struct() { + let p1: *mut MyPair; + let p2: *const i64; + let p3: *mut i64; + + { + let mut my_pair = MyPair { a: 1, b: 2}; + p1 = std::ptr::addr_of_mut!(my_pair); + p2 = std::ptr::addr_of!(my_pair.a); + p3 = std::ptr::addr_of_mut!(my_pair.b); + + unsafe { + let v1 = (*p1).a; // GOOD + let v2 = (*p1).b; // GOOD + let v3 = *p2; // GOOD + let v4 = *p3; // GOOD + (*p1).a = 3; // GOOD + (*p1).b = 4; // GOOD + *p3 = 5; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + } + }; // my_pair goes out of scope, thus p1, p2, p3 are dangling + + use_the_stack(); + + unsafe { + let v5 = (*p1).a; // $ MISSING: Alert + let v6 = (*p1).b; // $ MISSING: Alert + let v7 = *p2; // $ MISSING: Alert + let v8 = *p3; // $ MISSING: Alert + (*p1).a = 6; // $ MISSING: Alert + (*p1).b = 7; // $ MISSING: Alert + *p3 = 8; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // dropped in practice + println!(" v6 = {v6} (!)"); // dropped in practice + println!(" v7 = {v7} (!)"); // dropped in practice + println!(" v8 = {v8} (!)"); // dropped in practice + } +} + +fn get_ptr_from_ref(val: i32) -> *const i32 { + let my_val = val; + let r1: &i32 = &my_val; + let p1: *const i32 = std::ptr::from_ref(r1); + + unsafe { + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } + + return p1; +} // (returned pointer becomes dangling) + +pub fn test_ptr_from_ref() { + let p1 = get_ptr_from_ref(1); + + use_the_stack(); + + unsafe { + let v2 = *p1; // $ MISSING: Alert + let v3 = *get_ptr_from_ref(2); // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + println!(" v3 = {v3} (!)"); + } +} + +// --- std::rc (reference counting pointer) --- + +pub fn test_rc() { + let p1: *const i64; + let p2: *const i64; + + { + let rc1: std::rc::Rc = std::rc::Rc::new(1); + p1 = std::rc::Rc::::as_ptr(&rc1); + + { + let rc2: std::rc::Rc = std::rc::Rc::clone(&rc1); + p2 = std::rc::Rc::::as_ptr(&rc2); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } + } // rc2 goes out of scope, but the reference count is still 1 so the pointer remains valid + + unsafe { + let v3 = *p1; // GOOD + let v4 = *p2; // GOOD + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + } + } // rc1 go out of scope, the reference count is 0, so p1, p2 are dangling + + unsafe { + let v5 = *p1; // $ MISSING: Alert + let v6 = *p2; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } + + // note: simialar things are likely possible with Ref, RefMut, RefCell, + // Vec and others. +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs new file mode 100644 index 000000000000..e7a2154c3262 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -0,0 +1,157 @@ +#![feature(box_as_ptr)] +#![feature(box_into_inner)] + +mod deallocation; +use deallocation::*; +mod lifetime; +use lifetime::*; + +fn use_the_heap() { + let _a = Box::new(0x7FFFFFFF); + let _b = Box::new(0x7FFFFFFF); +} + +// --- boxes --- + +pub fn test_boxes_into() { + let b1: Box = Box::new(7); // b1 owns the memory for '50' + let p1 = Box::as_ptr(&b1); // b1 still owns the memory + + unsafe { + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } + + let v2 = Box::into_inner(b1); // b1 is explicitly freed here, thus p1 is dangling + println!(" v2 = {v2}"); + + unsafe { + let v3 = *p1; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + } +} + +pub fn test_boxes_1(do_dangerous_writes: bool) { + let p1: *const i64; + let p2: *const i64; + let p3: *mut i64; + + { + let b1: Box = Box::new(1); + p1 = Box::into_raw(b1); // now owned by p1 + + let b2: Box = Box::new(2); + p2 = Box::as_ptr(&b2); // still owned by b2 + + let mut b3: Box = Box::new(3); + p3 = Box::as_mut_ptr(&mut b3); // still owned by b3 + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + *p3 = 4; + + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } + } // (b2, b3 go out of scope, thus p2, p3 are dangling) + + unsafe { + let v4 = *p1; // GOOD + let v5 = *p2; // $ MISSING: Alert + let v6 = *p3; // $ MISSING: Alert + + if do_dangerous_writes { + *p3 = 5; // $ MISSING: Alert + use_the_heap(); // "malloc: Heap corruption detected" + } + + println!(" v4 = {v4}"); + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } +} + +pub fn test_boxes_2() { + let b1: Box = Box::new(6); // b1 owns the memory + let p1 = Box::into_raw(b1); // now p1 owns the memory + + unsafe { + let _b2 = Box::from_raw(p1); // now _b2 owns the memory + + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } // (_b2 goes out of scope, thus the memory is freed and p1 is dangling) + + unsafe { + let v2 = *p1; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- main --- + +fn main() { + println!("test_boxes_into:"); + test_boxes_into(); + + println!("test_boxes_1:"); + test_boxes_1(false); + + println!("test_boxes_2:"); + test_boxes_2(); + + // --- + + println!("test_alloc:"); + test_alloc(false); + + println!("test_alloc_array:"); + test_alloc_array(false); + + println!("test_libc:"); + test_libc(); + + println!("test_ptr_invalid:"); + test_ptr_invalid(false); + + println!("test_drop:"); + test_drop(); + + println!("test_ptr_drop:"); + test_ptr_drop(); + + // --- + + println!("test_local_dangling:"); + test_local_dangling(); + + println!("test_local_in_scope:"); + test_local_in_scope(); + + println!("test_static:"); + test_static(); + + println!("test_call_contexts:"); + test_call_contexts(); + + println!("test_call_contexts_rec:"); + test_call_contexts_rec(); + + println!("test_loop:"); + test_loop(); + + println!("test_enum:"); + test_enum(); + + println!("test_ptr_to_struct:"); + test_ptr_to_struct(); + + println!("test_ptr_from_ref:"); + test_ptr_from_ref(); + + println!("test_rc:"); + test_rc(); +} diff --git a/rust/ql/test/query-tests/security/CWE-825/options.yml b/rust/ql/test/query-tests/security/CWE-825/options.yml new file mode 100644 index 000000000000..95a17a53b431 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/options.yml @@ -0,0 +1,3 @@ +qltest_cargo_check: true +qltest_dependencies: + - libc = { version = "0.2.11" } diff --git a/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml new file mode 100644 index 000000000000..afeb59293258 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "nightly-2025-03-17" From a139b3734cdb644e836f82e3258c467dd863fb37 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:40:54 +0000 Subject: [PATCH 010/409] Rust: Split lang-core.model.yml into lang-core and lang-alloc. --- .../rust/frameworks/stdlib/lang-alloc.model.yml | 11 +++++++++++ .../codeql/rust/frameworks/stdlib/lang-core.model.yml | 6 ------ 2 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml new file mode 100644 index 000000000000..4e8f86dae345 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + # Fmt + - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] + # String + - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index a2f6b15ab2cc..fb11ff1e1220 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -3,8 +3,6 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: - # Fmt - - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] # Iterator - ["lang:core", "<[_]>::iter", "Argument[Self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "<[_]>::iter_mut", "Argument[Self].Element", "ReturnValue.Element", "value", "manual"] @@ -28,7 +26,3 @@ extensions: - ["lang:core", "crate::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str - ["lang:core", "::parse", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] - # String - - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] From dcd016f5be41301d9e55bdc8409ba57a9412cbff Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:04:48 +0000 Subject: [PATCH 011/409] Rust: Initial version of the query. --- .../frameworks/stdlib/lang-core.model.yml | 8 +++ .../AccessInvalidPointerExtensions.qll | 58 +++++++++++++++++++ .../security/CWE-825/AccessInvalidPointer.ql | 35 +++++++++++ rust/ql/src/queries/summary/Stats.qll | 1 + .../CWE-825/AccessInvalidPointer.expected | 32 ++++++++++ .../CWE-825/AccessInvalidPointer.qlref | 4 ++ .../security/CWE-825/deallocation.rs | 12 ++-- 7 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql create mode 100644 rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected create mode 100644 rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index fb11ff1e1220..db1901bf8522 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -26,3 +26,11 @@ extensions: - ["lang:core", "crate::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str - ["lang:core", "::parse", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] + - ["lang:core", "crate::ptr::dangling_mut", "ReturnValue", "pointer-invalidate", "manual"] + - ["lang:core", "crate::ptr::null", "ReturnValue", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll new file mode 100644 index 000000000000..faf9de48deff --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -0,0 +1,58 @@ +/** + * Provides classes and predicates for reasoning about accesses to invalid + * pointers. + */ + +import rust +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSource +private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts + +/** + * Provides default sources, sinks and barriers for detecting accesses to + * invalid pointers, as well as extension points for adding your own. + */ +module AccessInvalidPointer { + /** + * A data flow source for invalid pointer accesses, that is, an operation + * where a pointer becomes invalid. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for invalid pointer accesses, that is, a pointer + * dereference. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "AccessInvalidPointer" } + } + + /** + * A barrier for invalid pointer accesses. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A pointer invalidation from model data. + */ + private class ModelsAsDataSource extends Source { + ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } + } + + /** + * A pointer access using the unary `*` operator. + */ + private class DereferenceSink extends Sink { + DereferenceSink() { + exists(PrefixExpr p | p.getOperatorName() = "*" and p.getExpr() = this.asExpr().getExpr()) + } + } + + /** + * A pointer access from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "pointer-access") } + } +} diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql new file mode 100644 index 000000000000..ba124c99d40f --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -0,0 +1,35 @@ +/** + * @name Access of invalid pointer + * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. + * @kind path-problem + * @problem.severity error + * @security-severity TODO + * @precision TODO + * @id rust/access-invalid-pointer + * @tags reliability + * security + * external/cwe/cwe-476 + * external/cwe/cwe-825 + */ + +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.security.AccessInvalidPointerExtensions +import AccessInvalidPointerFlow::PathGraph + +/** + * A data flow configuration for accesses to invalid pointers. + */ +module AccessInvalidPointerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof AccessInvalidPointer::Source } + + predicate isSink(DataFlow::Node node) { node instanceof AccessInvalidPointer::Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessInvalidPointer::Barrier } +} + +module AccessInvalidPointerFlow = DataFlow::Global; + +from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode +where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b415..f011dda2852e 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -12,6 +12,7 @@ private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency private import codeql.rust.Concepts // import all query extensions files, so that all extensions of `QuerySink` are found +private import codeql.rust.security.AccessInvalidPointerExtensions private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected new file mode 100644 index 000000000000..88c1e0d685c0 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -0,0 +1,32 @@ +#select +| deallocation.rs:96:14:96:15 | p1 | deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:96:14:96:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:89:23:89:40 | ...::dangling | invalid | +| deallocation.rs:97:14:97:15 | p2 | deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:97:14:97:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:21:90:42 | ...::dangling_mut | invalid | +| deallocation.rs:98:14:98:15 | p3 | deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:98:14:98:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:23:91:36 | ...::null | invalid | +edges +| deallocation.rs:89:6:89:7 | p1 | deallocation.rs:96:14:96:15 | p1 | provenance | | +| deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:89:23:89:42 | ...::dangling(...) | provenance | Src:MaD:1 MaD:1 | +| deallocation.rs:89:23:89:42 | ...::dangling(...) | deallocation.rs:89:6:89:7 | p1 | provenance | | +| deallocation.rs:90:6:90:7 | p2 | deallocation.rs:97:14:97:15 | p2 | provenance | | +| deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | provenance | Src:MaD:2 MaD:2 | +| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | deallocation.rs:90:6:90:7 | p2 | provenance | | +| deallocation.rs:91:6:91:7 | p3 | deallocation.rs:98:14:98:15 | p3 | provenance | | +| deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:91:23:91:38 | ...::null(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:91:23:91:38 | ...::null(...) | deallocation.rs:91:6:91:7 | p3 | provenance | | +models +| 1 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 2 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 3 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +nodes +| deallocation.rs:89:6:89:7 | p1 | semmle.label | p1 | +| deallocation.rs:89:23:89:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:89:23:89:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:90:6:90:7 | p2 | semmle.label | p2 | +| deallocation.rs:90:21:90:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:91:6:91:7 | p3 | semmle.label | p3 | +| deallocation.rs:91:23:91:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:91:23:91:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:96:14:96:15 | p1 | semmle.label | p1 | +| deallocation.rs:97:14:97:15 | p2 | semmle.label | p2 | +| deallocation.rs:98:14:98:15 | p3 | semmle.label | p3 | +subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref new file mode 100644 index 000000000000..c8e593a6a31f --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-825/AccessInvalidPointer.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 1ad8d72c0082..c880ed9fd082 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -86,16 +86,16 @@ pub fn test_libc() { // --- std::ptr --- pub fn test_ptr_invalid(do_dangerous_accesses: bool) { - let p1: *const i64 = std::ptr::dangling(); - let p2: *mut i64 = std::ptr::dangling_mut(); - let p3: *const i64 = std::ptr::null(); + let p1: *const i64 = std::ptr::dangling(); // $ Source=dangling + let p2: *mut i64 = std::ptr::dangling_mut(); // $ Source=dangling_mut + let p3: *const i64 = std::ptr::null(); // $ Source=null if do_dangerous_accesses { unsafe { // (a segmentation fault occurs in the code below) - let v1 = *p1; // $ MISSING: Alert - let v2 = *p2; // $ MISSING: Alert - let v3 = *p3; // $ MISSING: Alert + let v1 = *p1; // $ Alert[rust/access-invalid-pointer]=dangling + let v2 = *p2; // $ Alert[rust/access-invalid-pointer]=dangling_mut + let v3 = *p3; // $ Alert[rust/access-invalid-pointer]=null println!(" v1 = {v1} (!)"); println!(" v2 = {v2} (!)"); println!(" v3 = {v3} (!)"); From c2ee4211e5622f119361970475090d27bc64bb71 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 18 Mar 2025 17:53:58 +0000 Subject: [PATCH 012/409] Rust: Add more models. --- .../lib/codeql/rust/frameworks/libc.model.yml | 7 +++++++ .../frameworks/stdlib/lang-alloc.model.yml | 6 ++++++ .../frameworks/stdlib/lang-core.model.yml | 19 +++++++++++++++++-- 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/libc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml new file mode 100644 index 000000000000..77f0212b6c15 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["repo:https://github.com/rust-lang/libc:libc", "::free", "Argument[0]", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 4e8f86dae345..fba9ae5fea33 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -9,3 +9,9 @@ extensions: - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["lang:alloc", "crate::alloc::dealloc", "Argument[0]", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index db1901bf8522..0960dd9c541a 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -17,7 +17,7 @@ extensions: - ["lang:core", "::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["lang:core", "::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # ptr + # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_volatile", "Argument[0].Reference", "ReturnValue", "value", "manual"] @@ -30,7 +30,22 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - # Alloc + # Mem + - ["lang:core", "crate::mem::drop", "Argument[0]", "pointer-invalidate", "manual"] + # Ptr + - ["lang:core", "crate::ptr::drop_in_place", "Argument[0]", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling_mut", "ReturnValue", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::null", "ReturnValue", "pointer-invalidate", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + # Ptr + - ["lang:core", "crate::ptr::read", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::read_unaligned", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::read_volatile", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_bytes", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_unaligned", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_volatile", "Argument[0]", "pointer-access", "manual"] From be6d0d1f863067901792b1a1d818590a483c6d83 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:50:48 +0000 Subject: [PATCH 013/409] Rust: Work around data flow source issue. --- .../AccessInvalidPointerExtensions.qll | 15 ++++ .../CWE-825/AccessInvalidPointer.expected | 79 ++++++++++++------- .../security/CWE-825/deallocation.rs | 16 ++-- 3 files changed, 76 insertions(+), 34 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index faf9de48deff..64b97a62de62 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -8,6 +8,7 @@ private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSource private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts +private import codeql.rust.dataflow.internal.Node /** * Provides default sources, sinks and barriers for detecting accesses to @@ -40,6 +41,20 @@ module AccessInvalidPointer { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } } + /** + * A pointer invalidation from an argument of a modelled call (this is a workaround). + */ + private class ModelsAsDataArgumentSource extends Source { + ModelsAsDataArgumentSource() { + exists(DataFlow::Node n, CallExpr ce, Expr arg | + sourceNode(n, "pointer-invalidate") and + n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and + arg = ce.getArgList().getAnArg() and + this.asExpr().getExpr() = arg + ) + } + } + /** * A pointer access using the unary `*` operator. */ diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 88c1e0d685c0..ee35913d6511 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,32 +1,57 @@ #select -| deallocation.rs:96:14:96:15 | p1 | deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:96:14:96:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:89:23:89:40 | ...::dangling | invalid | -| deallocation.rs:97:14:97:15 | p2 | deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:97:14:97:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:21:90:42 | ...::dangling_mut | invalid | -| deallocation.rs:98:14:98:15 | p3 | deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:98:14:98:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:23:91:36 | ...::null | invalid | +| deallocation.rs:23:13:23:14 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:97:14:97:15 | p1 | deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:97:14:97:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:23:90:40 | ...::dangling | invalid | +| deallocation.rs:98:14:98:15 | p2 | deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:98:14:98:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:21:91:42 | ...::dangling_mut | invalid | +| deallocation.rs:99:14:99:15 | p3 | deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:99:14:99:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:36 | ...::null | invalid | +| deallocation.rs:146:14:146:15 | p1 | deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:143:27:143:28 | p1 | invalid | edges -| deallocation.rs:89:6:89:7 | p1 | deallocation.rs:96:14:96:15 | p1 | provenance | | -| deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:89:23:89:42 | ...::dangling(...) | provenance | Src:MaD:1 MaD:1 | -| deallocation.rs:89:23:89:42 | ...::dangling(...) | deallocation.rs:89:6:89:7 | p1 | provenance | | -| deallocation.rs:90:6:90:7 | p2 | deallocation.rs:97:14:97:15 | p2 | provenance | | -| deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | provenance | Src:MaD:2 MaD:2 | -| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | deallocation.rs:90:6:90:7 | p2 | provenance | | -| deallocation.rs:91:6:91:7 | p3 | deallocation.rs:98:14:98:15 | p3 | provenance | | -| deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:91:23:91:38 | ...::null(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:91:23:91:38 | ...::null(...) | deallocation.rs:91:6:91:7 | p3 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | +| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | +| deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:90:6:90:7 | p1 | deallocation.rs:97:14:97:15 | p1 | provenance | | +| deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:90:23:90:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:90:23:90:42 | ...::dangling(...) | deallocation.rs:90:6:90:7 | p1 | provenance | | +| deallocation.rs:91:6:91:7 | p2 | deallocation.rs:98:14:98:15 | p2 | provenance | | +| deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | deallocation.rs:91:6:91:7 | p2 | provenance | | +| deallocation.rs:92:6:92:7 | p3 | deallocation.rs:99:14:99:15 | p3 | provenance | | +| deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:92:23:92:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:92:23:92:38 | ...::null(...) | deallocation.rs:92:6:92:7 | p3 | provenance | | +| deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | provenance | | models -| 1 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | -| 2 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | -| 3 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | +| 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | +| 3 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 4 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes -| deallocation.rs:89:6:89:7 | p1 | semmle.label | p1 | -| deallocation.rs:89:23:89:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:89:23:89:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:90:6:90:7 | p2 | semmle.label | p2 | -| deallocation.rs:90:21:90:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:91:6:91:7 | p3 | semmle.label | p3 | -| deallocation.rs:91:23:91:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:91:23:91:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:96:14:96:15 | p1 | semmle.label | p1 | -| deallocation.rs:97:14:97:15 | p2 | semmle.label | p2 | -| deallocation.rs:98:14:98:15 | p3 | semmle.label | p3 | +| deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | +| deallocation.rs:23:13:23:14 | m1 | semmle.label | m1 | +| deallocation.rs:25:12:25:31 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:25:33:25:34 | m1 | semmle.label | m1 | +| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | +| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | +| deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | +| deallocation.rs:90:6:90:7 | p1 | semmle.label | p1 | +| deallocation.rs:90:23:90:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:90:23:90:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:91:6:91:7 | p2 | semmle.label | p2 | +| deallocation.rs:91:21:91:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:92:6:92:7 | p3 | semmle.label | p3 | +| deallocation.rs:92:23:92:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:92:23:92:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:97:14:97:15 | p1 | semmle.label | p1 | +| deallocation.rs:98:14:98:15 | p2 | semmle.label | p2 | +| deallocation.rs:99:14:99:15 | p3 | semmle.label | p3 | +| deallocation.rs:143:27:143:28 | p1 | semmle.label | p1 | +| deallocation.rs:146:14:146:15 | p1 | semmle.label | p1 | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index c880ed9fd082..e8acb404253d 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -17,11 +17,12 @@ pub fn test_alloc(do_dangerous_writes: bool) { println!(" v3 = {v3}"); println!(" v4 = {v4}"); - std::alloc::dealloc(m1, layout); // m1, m2 are now dangling + std::alloc::dealloc(m1, layout); // $ Source=dealloc + // (m1, m2 are now dangling) - let v5 = *m1; // $ MISSING: Alert + let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc let v6 = *m2; // $ MISSING: Alert - let v7 = std::ptr::read::(m1); // $ MISSING: Alert + let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc let v8 = std::ptr::read::(m2); // $ MISSING: Alert println!(" v5 = {v5} (!)"); // corrupt in practice println!(" v6 = {v6} (!)"); // corrupt in practice @@ -29,9 +30,9 @@ pub fn test_alloc(do_dangerous_writes: bool) { println!(" v8 = {v8} (!)"); // corrupt in practice if do_dangerous_writes { - *m1 = 2; // $ MISSING: Alert + *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc *m2 = 3; // $ MISSING: Alert - std::ptr::write::(m1, 4); // $ MISSING: Alert + std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc std::ptr::write::(m2, 5); // $ MISSING: Alert } } @@ -139,9 +140,10 @@ pub fn test_ptr_drop() { println!(" v1 = {v1}"); println!(" v2 = {v2}"); - std::ptr::drop_in_place(p1); // explicitly destructs the pointed-to `m2` + std::ptr::drop_in_place(p1); // $ Source=drop_in_place + // explicitly destructs the pointed-to `m2` - let v3 = (*p1)[0]; // $ MISSING: Alert + let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place let v4 = (*p2)[0]; // $ MISSING: Alert println!(" v3 = {v3} (!)"); // corrupt in practice println!(" v4 = {v4} (!)"); // corrupt in practice From 7ceb76441a4e7256684fd1b5b3cfebeee8a66852 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 18:01:45 +0000 Subject: [PATCH 014/409] Rust: Improve the source to account for conversions. --- .../AccessInvalidPointerExtensions.qll | 2 +- .../CWE-825/AccessInvalidPointer.expected | 78 ++++++++++++------- .../security/CWE-825/deallocation.rs | 18 +++-- 3 files changed, 61 insertions(+), 37 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 64b97a62de62..ca485273c068 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,7 +50,7 @@ module AccessInvalidPointer { sourceNode(n, "pointer-invalidate") and n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr() = arg + this.asExpr().getExpr().getParentNode*() = arg ) } } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ee35913d6511..ae7fb1dfb501 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -3,10 +3,16 @@ | deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:97:14:97:15 | p1 | deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:97:14:97:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:23:90:40 | ...::dangling | invalid | -| deallocation.rs:98:14:98:15 | p2 | deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:98:14:98:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:21:91:42 | ...::dangling_mut | invalid | -| deallocation.rs:99:14:99:15 | p3 | deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:99:14:99:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:36 | ...::null | invalid | -| deallocation.rs:146:14:146:15 | p1 | deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:143:27:143:28 | p1 | invalid | +| deallocation.rs:57:14:57:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:58:14:58:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:63:6:63:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:64:6:64:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:66:4:66:30 | ...::write::<...> | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:84:13:84:18 | my_ptr | deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:81:14:81:19 | my_ptr | invalid | +| deallocation.rs:99:14:99:15 | p1 | deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:99:14:99:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:40 | ...::dangling | invalid | +| deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | +| deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | +| deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | @@ -15,16 +21,23 @@ edges | deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | | deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | | deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:90:6:90:7 | p1 | deallocation.rs:97:14:97:15 | p1 | provenance | | -| deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:90:23:90:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:90:23:90:42 | ...::dangling(...) | deallocation.rs:90:6:90:7 | p1 | provenance | | -| deallocation.rs:91:6:91:7 | p2 | deallocation.rs:98:14:98:15 | p2 | provenance | | -| deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | deallocation.rs:91:6:91:7 | p2 | provenance | | -| deallocation.rs:92:6:92:7 | p3 | deallocation.rs:99:14:99:15 | p3 | provenance | | -| deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:92:23:92:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:92:23:92:38 | ...::null(...) | deallocation.rs:92:6:92:7 | p3 | provenance | | -| deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:32:66:33 | m2 | provenance | | +| deallocation.rs:66:32:66:33 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | provenance | | +| deallocation.rs:92:6:92:7 | p1 | deallocation.rs:99:14:99:15 | p1 | provenance | | +| deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:92:23:92:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:92:23:92:42 | ...::dangling(...) | deallocation.rs:92:6:92:7 | p1 | provenance | | +| deallocation.rs:93:6:93:7 | p2 | deallocation.rs:100:14:100:15 | p2 | provenance | | +| deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | deallocation.rs:93:6:93:7 | p2 | provenance | | +| deallocation.rs:94:6:94:7 | p3 | deallocation.rs:101:14:101:15 | p3 | provenance | | +| deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | +| deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -40,18 +53,27 @@ nodes | deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | | deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | -| deallocation.rs:90:6:90:7 | p1 | semmle.label | p1 | -| deallocation.rs:90:23:90:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:90:23:90:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:91:6:91:7 | p2 | semmle.label | p2 | -| deallocation.rs:91:21:91:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:92:6:92:7 | p3 | semmle.label | p3 | -| deallocation.rs:92:23:92:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:92:23:92:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:97:14:97:15 | p1 | semmle.label | p1 | -| deallocation.rs:98:14:98:15 | p2 | semmle.label | p2 | -| deallocation.rs:99:14:99:15 | p3 | semmle.label | p3 | -| deallocation.rs:143:27:143:28 | p1 | semmle.label | p1 | -| deallocation.rs:146:14:146:15 | p1 | semmle.label | p1 | +| deallocation.rs:54:23:54:24 | m2 | semmle.label | m2 | +| deallocation.rs:57:14:57:15 | m2 | semmle.label | m2 | +| deallocation.rs:58:14:58:15 | m2 | semmle.label | m2 | +| deallocation.rs:63:6:63:7 | m2 | semmle.label | m2 | +| deallocation.rs:64:6:64:7 | m2 | semmle.label | m2 | +| deallocation.rs:66:4:66:30 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:66:32:66:33 | m2 | semmle.label | m2 | +| deallocation.rs:81:14:81:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:84:13:84:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:92:6:92:7 | p1 | semmle.label | p1 | +| deallocation.rs:92:23:92:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:92:23:92:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:93:6:93:7 | p2 | semmle.label | p2 | +| deallocation.rs:93:21:93:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:94:6:94:7 | p3 | semmle.label | p3 | +| deallocation.rs:94:23:94:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:94:23:94:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:99:14:99:15 | p1 | semmle.label | p1 | +| deallocation.rs:100:14:100:15 | p2 | semmle.label | p2 | +| deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | +| deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | +| deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index e8acb404253d..cd3ac57c487d 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -51,18 +51,19 @@ pub fn test_alloc_array(do_dangerous_writes: bool) { println!(" v1 = {v1}"); println!(" v2 = {v2}"); - std::alloc::dealloc(m2 as *mut u8, layout); // m1, m2 are now dangling + std::alloc::dealloc(m2 as *mut u8, layout); // $ Source=dealloc_array + // m1, m2 are now dangling - let v3 = (*m2)[0]; // $ MISSING: Alert - let v4 = (*m2)[1]; // $ MISSING: Alert + let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array println!(" v3 = {v3} (!)"); // corrupt in practice println!(" v4 = {v4} (!)"); // corrupt in practice if do_dangerous_writes { - (*m2)[0] = 3; // $ MISSING: Alert - (*m2)[1] = 4; // $ MISSING: Alert + (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array + (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array std::ptr::write::(m1, 5); // $ MISSING: Alert - std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array } } } @@ -77,9 +78,10 @@ pub fn test_libc() { let v1 = *my_ptr; // GOOD println!(" v1 = {v1}"); - libc::free(my_ptr as *mut libc::c_void); // my_ptr is now dangling + libc::free(my_ptr as *mut libc::c_void); // $ Source=free + // (my_ptr is now dangling) - let v2 = *my_ptr; // $ MISSING: Alert + let v2 = *my_ptr; // $ Alert[rust/access-invalid-pointer]=free println!(" v2 = {v2} (!)"); // corrupt in practice } } From 671f7dff943094abcc9e9301f206ad5ad8e521ce Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 18:59:48 +0000 Subject: [PATCH 015/409] Rust: Query metadata. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index ba124c99d40f..a1ff02bb429a 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -3,8 +3,8 @@ * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. * @kind path-problem * @problem.severity error - * @security-severity TODO - * @precision TODO + * @security-severity 7.5 + * @precision high * @id rust/access-invalid-pointer * @tags reliability * security From 019fcbfbf9b0867ffd464772c93affa732e7b0be Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 10:04:34 +0000 Subject: [PATCH 016/409] Rust: Add qhelp examples, and add them as tests. --- .../CWE-825/AccessInvalidPointerBad.rs | 10 ++++ .../CWE-825/AccessInvalidPointerGood.rs | 10 ++++ .../CWE-825/AccessInvalidPointer.expected | 4 ++ .../security/CWE-825/deallocation.rs | 47 +++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 3 ++ 5 files changed, 74 insertions(+) create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs new file mode 100644 index 000000000000..ef635450bddb --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs @@ -0,0 +1,10 @@ + +unsafe { + std::ptr::drop_in_place(ptr); // executes the destructor of `*ptr` +} + +// ... + +unsafe { + do_something(&*ptr); // BAD: dereferences `ptr` +} diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs new file mode 100644 index 000000000000..77dbdfb9d394 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs @@ -0,0 +1,10 @@ + +unsafe { + do_something(&*ptr); // GOOD: dereferences `ptr` while it is still valid +} + +// ... + +{ + std::ptr::drop_in_place(ptr); // executes the destructor of `*ptr` +} diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ae7fb1dfb501..0067fcc17daa 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,6 +13,7 @@ | deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | | deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | | deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | +| deallocation.rs:179:18:179:20 | ptr | deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:173:27:173:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | @@ -38,6 +39,7 @@ edges | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | | deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | +| deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -76,4 +78,6 @@ nodes | deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | | deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | | deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | +| deallocation.rs:173:27:173:29 | ptr | semmle.label | ptr | +| deallocation.rs:179:18:179:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index cd3ac57c487d..69e4919b480f 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -151,3 +151,50 @@ pub fn test_ptr_drop() { println!(" v4 = {v4} (!)"); // corrupt in practice } } + +fn do_something(s: &String) { + println!(" s = {}", s); +} + +fn test_qhelp_test_good(ptr: *mut String) { + unsafe { + do_something(&*ptr); + } + + // ... + + unsafe { + std::ptr::drop_in_place(ptr); + } +} + +fn test_qhelp_test_bad(ptr: *mut String) { + unsafe { + std::ptr::drop_in_place(ptr); // $ Source=drop_in_place + } + + // ... + + unsafe { + do_something(&*ptr); // $ Alert[rust/access-invalid-pointer]=drop_in_place + } +} + +pub fn test_qhelp_tests() { + let layout = std::alloc::Layout::new::<[String; 2]>(); + unsafe { + let ptr = std::alloc::alloc(layout); + let ptr_s = ptr as *mut [String; 2]; + let ptr1 = &raw mut (*ptr_s)[0]; + let ptr2 = &raw mut (*ptr_s)[1]; + + *ptr1 = String::from("123"); + *ptr2 = String::from("456"); + + test_qhelp_test_good(ptr1); + + test_qhelp_test_bad(ptr2); + + std::alloc::dealloc(ptr, layout); + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index e7a2154c3262..1859ac8c7219 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -123,6 +123,9 @@ fn main() { println!("test_ptr_drop:"); test_ptr_drop(); + println!("test_qhelp_tests:"); + test_qhelp_tests(); + // --- println!("test_local_dangling:"); From 7ecba71166dab89a9aad23bf3b6eee2537dfaad3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 11:13:28 +0000 Subject: [PATCH 017/409] Rust: Add .qhelp. --- .../CWE-825/AccessInvalidPointer.qhelp | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp new file mode 100644 index 000000000000..78c7267a0e6f --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -0,0 +1,48 @@ + + + + +

+Dereferencing an invalid or dangling pointer is undefined behavior. Memory may be corrupted +causing the program to crash or behave incorrectly, in some cases exposing the program to +potential attacks. +

+ + + + +

+When dereferencing a pointer in unsafe code, take care that the pointer is valid and +points to the intended data. Code may need to be rearranged or additional checks added to ensure +safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this +class of problems altogether. +

+ + + + +

+In the following example, std::ptr::drop_in_place is used to execute the destructor +of an object. However, a pointer to that object is dereferenced later in the program, causing +undefined behavior: +

+ + + +

+In this case undefined behavior can be avoided by rearranging the code so that the dereference +comes before the call to std::ptr::drop_in_place: +

+ + + + + + +
  • Rust Documentation: Behavior considered undefined >> Dangling pointers.
    • +
  • Rust Documentation: Module ptr - Safety.
    • + +     +     From 5831c446d331273e5da839c863bd79711c9e990c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 13:46:20 +0000 Subject: [PATCH 018/409] Rust: Add test cases for another situation I came across. --- .../security/CWE-825/deallocation.rs | 40 +++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 3 ++ 2 files changed, 43 insertions(+) diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 69e4919b480f..30677ddc07cc 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -198,3 +198,43 @@ pub fn test_qhelp_tests() { std::alloc::dealloc(ptr, layout); } } + +pub fn test_vec_reserve() { + let mut vec1 = Vec::::new(); + vec1.push(100); + let ptr1 = &raw mut vec1[0]; + + unsafe { + let v1 = *ptr1; + println!(" v1 = {}", v1); + } + + vec1.reserve(1000); // $ MISSING: Source=reserve + // (may invalidate the pointer) + + unsafe { + let v2 = *ptr1; // $ MISSING: Alert[rust/access-invalid-pointer]=reserve + println!(" v2 = {}", v2); // corrupt in practice + } + + // - + + let mut vec2 = Vec::::new(); + vec2.push(200); + let ptr2 = &raw mut vec2[0]; + + unsafe { + let v3 = *ptr2; + println!(" v3 = {}", v3); + } + + for _i in 0..1000 { + vec2.push(0); // $ MISSING: Source=push + // (may invalidate the pointer) + } + + unsafe { + let v4 = *ptr2; // $ MISSING: Alert[rust/access-invalid-pointer]=push + println!(" v4 = {}", v4); // corrupt in practice + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 1859ac8c7219..9a3dfcd2889c 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -126,6 +126,9 @@ fn main() { println!("test_qhelp_tests:"); test_qhelp_tests(); + println!("test_vec_reserve:"); + test_vec_reserve(); + // --- println!("test_local_dangling:"); From 5e18e1be11f7dde5a7faef6852ca58e32373cded Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:03:55 +0000 Subject: [PATCH 019/409] Rust: Autofix and US spelling. --- .../codeql/rust/security/AccessInvalidPointerExtensions.qll | 2 +- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index ca485273c068..9f895ef6f87e 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -42,7 +42,7 @@ module AccessInvalidPointer { } /** - * A pointer invalidation from an argument of a modelled call (this is a workaround). + * A pointer invalidation from an argument of a modeled call (this is a workaround). */ private class ModelsAsDataArgumentSource extends Source { ModelsAsDataArgumentSource() { diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index a1ff02bb429a..cb474d0bb0fb 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -32,4 +32,5 @@ module AccessInvalidPointerFlow = DataFlow::Global; from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) -select sinkNode.getNode(), sourceNode, sinkNode, "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" +select sinkNode.getNode(), sourceNode, sinkNode, + "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" From c6c4e3cf16f71793db8661f281fbd5aad436b824 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:16:17 +0000 Subject: [PATCH 020/409] Rust: Add another reference. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 78c7267a0e6f..2981564b9eec 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -43,6 +43,7 @@ comes before the call to std::ptr::drop_in_place:
  • Rust Documentation: Behavior considered undefined >> Dangling pointers.
  • Rust Documentation: Module ptr - Safety.
    • +
  • Massachusetts Institute of Technology: Unsafe Rust - Dereferencing a Raw Pointer.
    •  From 98690f924a1dd829c42fbc70578c9dfb7bda473f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:38:54 +0000 Subject: [PATCH 021/409] Rust: Incidental changes to other .expected files. --- .../query-tests/security/CWE-020/RegexInjection.expected | 8 ++++---- .../utils-tests/modelgenerator/CaptureSinkModels.expected | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index e204b5a39264..0e1ea0fb063a 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:62 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1593 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1607 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:66 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3016 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3030 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected index cb6fc390349c..12afcda158bb 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected @@ -1,2 +1,6 @@ unexpectedModel +| Unexpected sink found: repo::test;::replace;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;::take;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;::take_if;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;crate::option::replace;Argument[0];pointer-access;df-generated | expectedModel From 91d273ad761f3ec64808b9727af847d5b901aca8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:49:55 +0000 Subject: [PATCH 022/409] Rust: I think these generated models are correct. Accept them. --- .../utils-tests/modelgenerator/CaptureSinkModels.expected | 4 ---- rust/ql/test/utils-tests/modelgenerator/option.rs | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected index 12afcda158bb..cb6fc390349c 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected @@ -1,6 +1,2 @@ unexpectedModel -| Unexpected sink found: repo::test;::replace;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;::take;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;::take_if;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;crate::option::replace;Argument[0];pointer-access;df-generated | expectedModel diff --git a/rust/ql/test/utils-tests/modelgenerator/option.rs b/rust/ql/test/utils-tests/modelgenerator/option.rs index 774cce8c38f7..5e2e2391ba76 100644 --- a/rust/ql/test/utils-tests/modelgenerator/option.rs +++ b/rust/ql/test/utils-tests/modelgenerator/option.rs @@ -10,6 +10,7 @@ use core::{hint, mem}; // summary=repo::test;crate::option::replace;Argument[0].Reference;ReturnValue;value;dfc-generated // summary=repo::test;crate::option::replace;Argument[1];Argument[0].Reference;value;dfc-generated +// sink=repo::test;crate::option::replace;Argument[0];pointer-access;df-generated pub fn replace(dest: &mut T, src: T) -> T { unsafe { let result = ptr::read(dest); @@ -338,6 +339,7 @@ impl MyOption { } // summary=repo::test;::take;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::take;Argument[self];pointer-access;df-generated pub fn take(&mut self) -> MyOption { // FIXME(const-hack) replace `mem::replace` by `mem::take` when the latter is const ready replace(self, MyNone) @@ -345,6 +347,7 @@ impl MyOption { // summary=repo::test;::take_if;Argument[self].Reference.Field[crate::option::MyOption::MySome(0)];Argument[0].Parameter[0].Reference;value;dfc-generated // summary=repo::test;::take_if;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::take_if;Argument[self];pointer-access;df-generated pub fn take_if

    (&mut self, predicate: P) -> MyOption where P: FnOnce(&mut T) -> bool, @@ -358,6 +361,7 @@ impl MyOption { // summary=repo::test;::replace;Argument[0];Argument[self].Reference.Field[crate::option::MyOption::MySome(0)];value;dfc-generated // summary=repo::test;::replace;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::replace;Argument[self];pointer-access;df-generated pub fn replace(&mut self, value: T) -> MyOption { replace(self, MySome(value)) } From e44f7f946fa1f4514074de01a5023f3852e0191b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 21 Mar 2025 09:45:50 +0000 Subject: [PATCH 023/409] Sort package paths in vendor/modules.txt --- .../semmle/go/frameworks/Beego/vendor/modules.txt | 2 +- .../semmle/go/frameworks/GoMicro/vendor/modules.txt | 2 +- go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt | 2 +- go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt index 2ec051971307..d1bcf3037c5e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt @@ -1,9 +1,9 @@ # github.com/astaxie/beego v1.12.3 ## explicit -github.com/astaxie/beego/utils github.com/astaxie/beego github.com/astaxie/beego/context github.com/astaxie/beego/logs +github.com/astaxie/beego/utils # github.com/beego/beego/v2 v2.1.2 ## explicit github.com/beego/beego/v2/server/web diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt index 4235d3525987..a03262041901 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt @@ -1,9 +1,9 @@ # go-micro.dev/v4 v4.10.2 ## explicit +go-micro.dev/v4 go-micro.dev/v4/api go-micro.dev/v4/client go-micro.dev/v4/server -go-micro.dev/v4 # google.golang.org/protobuf v1.28.1 ## explicit google.golang.org/protobuf/proto diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt index b0de76d4f889..020db5bbe9ca 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt @@ -3,6 +3,6 @@ github.com/Masterminds/squirrel # go.mongodb.org/mongo-driver v1.3.3 ## explicit +go.mongodb.org/mongo-driver/bson go.mongodb.org/mongo-driver/mongo go.mongodb.org/mongo-driver/mongo/options -go.mongodb.org/mongo-driver/bson diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt index a852f50be92f..36b5fdf2ae07 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d ## explicit -github.com/ChrisTrenkamp/goxpath/tree github.com/ChrisTrenkamp/goxpath +github.com/ChrisTrenkamp/goxpath/tree # github.com/antchfx/htmlquery v1.2.2 ## explicit github.com/antchfx/htmlquery @@ -19,8 +19,8 @@ github.com/antchfx/xpath github.com/go-xmlpath/xmlpath # github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f ## explicit -github.com/jbowtie/gokogiri/xpath github.com/jbowtie/gokogiri/xml +github.com/jbowtie/gokogiri/xpath # github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5 ## explicit github.com/lestrrat-go/libxml2/parser From af6e1bda4c5bc02e1833289d69e219f8c26349a3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 15:18:19 +0100 Subject: [PATCH 024/409] C#: Extract alignment and format clauses of string interpolation expressions. --- .../SymbolExtensions.cs | 9 ++++ .../Entities/Expressions/Binary.cs | 2 +- .../Entities/Expressions/ImplicitToString.cs | 7 +-- .../Expressions/InterpolatedString.cs | 11 +--- .../Expressions/InterpolatedStringInsert.cs | 41 +++++++++++++++ .../Kinds/ExprKind.cs | 1 + .../internal/TaintTrackingPrivate.qll | 3 ++ .../ql/lib/semmle/code/csharp/exprs/Expr.qll | 51 ++++++++++++++++--- csharp/ql/lib/semmlecode.csharp.dbscheme | 1 + 9 files changed, 104 insertions(+), 22 deletions(-) create mode 100644 csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs diff --git a/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs b/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs index cb1f36f8a2de..72f78f160598 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs @@ -29,6 +29,15 @@ public AnnotatedTypeSymbol(ITypeSymbol? symbol, NullableAnnotation nullability) symbol is null ? (AnnotatedTypeSymbol?)null : new AnnotatedTypeSymbol(symbol, NullableAnnotation.None); } + internal static class AnnotatedTypeSymbolExtensions + { + ///

    + /// Returns true if the type is a string type. + /// + public static bool IsStringType(this AnnotatedTypeSymbol? type) => + type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String; + } + internal static class SymbolExtensions { /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs index eeb1b9ba63b2..d4cc5cc81d58 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs @@ -18,7 +18,7 @@ private Expression CreateChild(Context cx, ExpressionSyntax node, int child) { // If this is a "+" expression we might need to wrap the child expressions // in ToString calls - return Kind == ExprKind.ADD + return Kind == ExprKind.ADD && Type.IsStringType() ? ImplicitToString.Create(cx, node, this, child) : Create(cx, node, this, child); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs index 32c00f8a729e..bebc0c2c5d81 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs @@ -39,16 +39,13 @@ private ImplicitToString(ExpressionNodeInfo info, IMethodSymbol toString) : base Context.TrapWriter.Writer.expr_call(this, target); } - private static bool IsStringType(AnnotatedTypeSymbol? type) => - type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String; - /// /// Creates a new expression, adding a compiler generated `ToString` call if required. /// - public static Expression Create(Context cx, ExpressionSyntax node, Expression parent, int child) + public static Expression Create(Context cx, ExpressionSyntax node, IExpressionParentEntity parent, int child) { var info = new ExpressionNodeInfo(cx, node, parent, child); - return CreateFromNode(info.SetImplicitToString(IsStringType(parent.Type) && !IsStringType(info.Type))); + return CreateFromNode(info.SetImplicitToString(!info.Type.IsStringType())); } /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs index 6d17d1e7f176..5cd13dffe20b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs @@ -1,5 +1,4 @@ using System.IO; -using Microsoft.CodeAnalysis; using Microsoft.CodeAnalysis.CSharp; using Microsoft.CodeAnalysis.CSharp.Syntax; using Semmle.Extraction.Kinds; @@ -21,15 +20,7 @@ protected override void PopulateExpression(TextWriter trapFile) { case SyntaxKind.Interpolation: var interpolation = (InterpolationSyntax)c; - var exp = interpolation.Expression; - if (Context.GetTypeInfo(exp).Type is ITypeSymbol type && !type.ImplementsIFormattable()) - { - ImplicitToString.Create(Context, exp, this, child++); - } - else - { - Create(Context, exp, this, child++); - } + new InterpolatedStringInsert(Context, interpolation, this, child++); break; case SyntaxKind.InterpolatedStringText: // Create a string literal diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs new file mode 100644 index 000000000000..beac4bc64a64 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs @@ -0,0 +1,41 @@ +using Microsoft.CodeAnalysis; +using Microsoft.CodeAnalysis.CSharp.Syntax; +using Semmle.Extraction.Kinds; + +namespace Semmle.Extraction.CSharp.Entities.Expressions +{ + internal class InterpolatedStringInsert : Expression + { + public InterpolatedStringInsert(Context cx, InterpolationSyntax syntax, Expression parent, int child) : + base(new ExpressionInfo(cx, null, cx.CreateLocation(syntax.GetLocation()), ExprKind.INTERPOLATED_STRING_INSERT, parent, child, isCompilerGenerated: false, null)) + { + var exp = syntax.Expression; + if (parent.Type.IsStringType() && + cx.GetTypeInfo(exp).Type is ITypeSymbol type && + !type.ImplementsIFormattable()) + { + ImplicitToString.Create(cx, exp, this, 0); + } + else + { + Create(cx, exp, this, 0); + } + + // Hardcode the child number of the optional alignment clause to 1 and format clause to 2. + // This simplifies the logic in QL. + if (syntax.AlignmentClause?.Value is ExpressionSyntax alignment) + { + Create(cx, alignment, this, 1); + } + + if (syntax.FormatClause is InterpolationFormatClauseSyntax format) + { + var f = format.FormatStringToken.ValueText; + var t = AnnotatedTypeSymbol.CreateNotAnnotated(cx.Compilation.GetSpecialType(SpecialType.System_String)); + new Expression(new ExpressionInfo(cx, t, cx.CreateLocation(format.GetLocation()), ExprKind.UTF16_STRING_LITERAL, this, 2, isCompilerGenerated: false, f)); + } + + } + } + +} diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs index 297acda9524c..46a694192842 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs @@ -132,6 +132,7 @@ public enum ExprKind UTF8_STRING_LITERAL = 135, COLLECTION = 136, SPREAD_ELEMENT = 137, + INTERPOLATED_STRING_INSERT = 138, DEFINE_SYMBOL = 999, } } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 1a044a77777d..b7681994e2c3 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -66,6 +66,9 @@ private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityCon e1 = e2.(InterpolatedStringExpr).getAChild() and scope = e2 or + e1 = e2.(InterpolatedStringInsertExpr).getInsert() and + scope = e2 + or e2 = any(OperatorCall oc | oc.getTarget().(ConversionOperator).fromLibrary() and diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll index 85676bbd2701..ada010652588 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll @@ -34,8 +34,9 @@ private import semmle.code.csharp.TypeRef * `as` expression (`AsExpr`), a cast (`CastExpr`), a `typeof` expression * (`TypeofExpr`), a `default` expression (`DefaultValueExpr`), an `await` * expression (`AwaitExpr`), a `nameof` expression (`NameOfExpr`), an - * interpolated string (`InterpolatedStringExpr`), a qualifiable expression - * (`QualifiableExpr`), or a literal (`Literal`). + * interpolated string (`InterpolatedStringExpr`), an interpolated string + * insert (`InterpolatedStringInsertExpr`), a qualifiable expression (`QualifiableExpr`), + * or a literal (`Literal`). */ class Expr extends ControlFlowElement, @expr { override Location getALocation() { expr_location(this, result) } @@ -917,6 +918,40 @@ class NameOfExpr extends Expr, @nameof_expr { override string getAPrimaryQlClass() { result = "NameOfExpr" } } +/** + * An interpolated string insert, for example `{pi, align:F3}` on line 3 in + * + * ```csharp + * void Pi() { + * float pi = 3.14159f; + * Console.WriteLine($"Hello Pi, {pi,6:F3}"); + * } + * ``` + */ +class InterpolatedStringInsertExpr extends Expr, @interpolated_string_insert_expr { + override string toString() { result = "{...}" } + + override string getAPrimaryQlClass() { result = "InterpolatedStringInsertExpr" } + + /** + * Gets the insert expression in this interpolated string insert. For + * example, the insert expression in `{pi, align:F3}` is `pi`. + */ + Expr getInsert() { result = this.getChild(0) } + + /** + * Gets the alignment expression in this interpolated string insert, if any. + * For example, the alignment expression in `{pi, align:F3}` is `align`. + */ + Expr getAlignment() { result = this.getChild(1) } + + /** + * Gets the format expression in this interpolated string insert, if any. + * For example, the format expression in `{pi, align:F3}` is `F3`. + */ + StringLiteral getFormat() { result = this.getChild(2) } +} + /** * An interpolated string, for example `$"Hello, {name}!"` on line 2 in * @@ -931,16 +966,20 @@ class InterpolatedStringExpr extends Expr, @interpolated_string_expr { override string getAPrimaryQlClass() { result = "InterpolatedStringExpr" } + /** + * Gets the interpolated string insert at index `i` in this interpolated string, if any. + * For example, the interpolated string insert at index `i = 1` is `{pi, align:F3}` + * in `$"Hello, {pi, align:F3}!"`. + */ + InterpolatedStringInsertExpr getInterpolatedInsert(int i) { result = this.getChild(i) } + /** * Gets the insert at index `i` in this interpolated string, if any. For * example, the insert at index `i = 1` is `name` in `$"Hello, {name}!"`. * Note that there is no insert at index `i = 0`, but instead a text * element (`getText(0)` gets the text). */ - Expr getInsert(int i) { - result = this.getChild(i) and - not result instanceof StringLiteral - } + Expr getInsert(int i) { result = this.getInterpolatedInsert(i).getInsert() } /** * Gets the text element at index `i` in this interpolated string, if any. diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme b/csharp/ql/lib/semmlecode.csharp.dbscheme index a2bda57dbc6e..66044cfa5bbf 100644 --- a/csharp/ql/lib/semmlecode.csharp.dbscheme +++ b/csharp/ql/lib/semmlecode.csharp.dbscheme @@ -1168,6 +1168,7 @@ case @expr.kind of /* C# 12.0 */ | 136 = @collection_expr | 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr /* Preprocessor */ | 999 = @define_symbol_expr ; From 2ca5ec00321f5cb2a17b1ffa1514c26dc917e65d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 15:43:03 +0100 Subject: [PATCH 025/409] C#: Add some string interpolation tests with alignment and formatting. --- .../StringInterpolation.cs | 17 +++++++++++++ .../library-tests/stringinterpolation/options | 2 ++ .../stringInterpolation.expected | 23 +++++++++++++++++ .../stringInterpolation.ql | 25 +++++++++++++++++++ 4 files changed, 67 insertions(+) create mode 100644 csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs create mode 100644 csharp/ql/test/library-tests/stringinterpolation/options create mode 100644 csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected create mode 100644 csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql diff --git a/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs b/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs new file mode 100644 index 000000000000..d14c3d75e465 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs @@ -0,0 +1,17 @@ +using System; + +public class MyStringInterpolationClass +{ + + public void M() + { + float i = 3.14159f; + const int align = 5; + var x1 = $"Hello, Pi {i}"; + var x2 = $"Hello, Pi {i:F1}"; + var x3 = $"Hello, Pi {i,6}"; + var x4 = $"Hello, Pi {i,6:F3}"; + var x5 = $"Hello, Pi {i,align}"; + var x6 = $"Hello, Pi {i,align:F2}"; + } +} diff --git a/csharp/ql/test/library-tests/stringinterpolation/options b/csharp/ql/test/library-tests/stringinterpolation/options new file mode 100644 index 000000000000..77b22963f5c8 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected new file mode 100644 index 000000000000..9ce88ad83c31 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected @@ -0,0 +1,23 @@ +inserts +| StringInterpolation.cs:10:18:10:33 | $"..." | StringInterpolation.cs:10:31:10:31 | access to local variable i | +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:31:11:31 | access to local variable i | +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:31:12:31 | access to local variable i | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:31:14:31 | access to local variable i | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | +texts +| StringInterpolation.cs:10:18:10:33 | $"..." | StringInterpolation.cs:10:20:10:29 | "Hello, Pi " | +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:20:11:29 | "Hello, Pi " | +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:20:12:29 | "Hello, Pi " | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:20:13:29 | "Hello, Pi " | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:20:14:29 | "Hello, Pi " | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:20:15:29 | "Hello, Pi " | +interpolationInsertsWithAlign +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:31:12:31 | access to local variable i | StringInterpolation.cs:12:33:12:33 | 6 | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | StringInterpolation.cs:13:33:13:33 | 6 | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:31:14:31 | access to local variable i | StringInterpolation.cs:14:33:14:37 | access to local variable align | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | StringInterpolation.cs:15:33:15:37 | access to local variable align | +interpolationInsertsWithFormat +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:31:11:31 | access to local variable i | StringInterpolation.cs:11:32:11:34 | "F1" | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | StringInterpolation.cs:13:34:13:36 | "F3" | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | StringInterpolation.cs:15:38:15:40 | "F2" | diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql new file mode 100644 index 000000000000..21b33b12b56d --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql @@ -0,0 +1,25 @@ +import csharp + +query predicate inserts(InterpolatedStringExpr expr, Expr e) { + expr.getAnInsert() = e // and inSpecificSource(expr) +} + +query predicate texts(InterpolatedStringExpr expr, StringLiteral literal) { + expr.getAText() = literal // and inSpecificSource(expr) +} + +query predicate interpolationInsertsWithAlign(InterpolatedStringExpr expr, Expr insert, Expr align) { + exists(InterpolatedStringInsertExpr e | expr.getInterpolatedInsert(_) = e | + insert = e.getInsert() and + align = e.getAlignment() + ) +} + +query predicate interpolationInsertsWithFormat( + InterpolatedStringExpr expr, Expr insert, StringLiteral format +) { + exists(InterpolatedStringInsertExpr e | expr.getInterpolatedInsert(_) = e | + insert = e.getInsert() and + format = e.getFormat() + ) +} From a73a61b8fa3916211950688690003867ba85f5c4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 12:35:49 +0100 Subject: [PATCH 026/409] C#: Add PrintAst test for string interpolation expressions. --- .../stringinterpolation/PrintAst.expected | 70 +++++++++++++++++++ .../stringinterpolation/PrintAst.qlref | 1 + 2 files changed, 71 insertions(+) create mode 100644 csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected create mode 100644 csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref diff --git a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected new file mode 100644 index 000000000000..6529f9feed5c --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected @@ -0,0 +1,70 @@ +StringInterpolation.cs: +# 3| [Class] MyStringInterpolationClass +# 6| 5: [Method] M +# 6| -1: [TypeMention] Void +# 7| 4: [BlockStmt] {...} +# 8| 0: [LocalVariableDeclStmt] ... ...; +# 8| 0: [LocalVariableDeclAndInitExpr] Single i = ... +# 8| -1: [TypeMention] float +# 8| 0: [LocalVariableAccess] access to local variable i +# 8| 1: [FloatLiteral] 3.14159 +# 9| 1: [LocalConstantDeclStmt] const ... ...; +# 9| 0: [LocalVariableDeclAndInitExpr] Int32 align = ... +# 9| -1: [TypeMention] int +# 9| 0: [LocalVariableAccess] access to local variable align +# 9| 1: [IntLiteral] 5 +# 10| 2: [LocalVariableDeclStmt] ... ...; +# 10| 0: [LocalVariableDeclAndInitExpr] String x1 = ... +# 10| -1: [TypeMention] string +# 10| 0: [LocalVariableAccess] access to local variable x1 +# 10| 1: [InterpolatedStringExpr] $"..." +# 10| 0: [StringLiteralUtf16] "Hello, Pi " +# 10| 1: [InterpolatedStringInsertExpr] {...} +# 10| 0: [LocalVariableAccess] access to local variable i +# 11| 3: [LocalVariableDeclStmt] ... ...; +# 11| 0: [LocalVariableDeclAndInitExpr] String x2 = ... +# 11| -1: [TypeMention] string +# 11| 0: [LocalVariableAccess] access to local variable x2 +# 11| 1: [InterpolatedStringExpr] $"..." +# 11| 0: [StringLiteralUtf16] "Hello, Pi " +# 11| 1: [InterpolatedStringInsertExpr] {...} +# 11| 0: [LocalVariableAccess] access to local variable i +# 11| 2: [StringLiteralUtf16] "F1" +# 12| 4: [LocalVariableDeclStmt] ... ...; +# 12| 0: [LocalVariableDeclAndInitExpr] String x3 = ... +# 12| -1: [TypeMention] string +# 12| 0: [LocalVariableAccess] access to local variable x3 +# 12| 1: [InterpolatedStringExpr] $"..." +# 12| 0: [StringLiteralUtf16] "Hello, Pi " +# 12| 1: [InterpolatedStringInsertExpr] {...} +# 12| 0: [LocalVariableAccess] access to local variable i +# 12| 1: [IntLiteral] 6 +# 13| 5: [LocalVariableDeclStmt] ... ...; +# 13| 0: [LocalVariableDeclAndInitExpr] String x4 = ... +# 13| -1: [TypeMention] string +# 13| 0: [LocalVariableAccess] access to local variable x4 +# 13| 1: [InterpolatedStringExpr] $"..." +# 13| 0: [StringLiteralUtf16] "Hello, Pi " +# 13| 1: [InterpolatedStringInsertExpr] {...} +# 13| 0: [LocalVariableAccess] access to local variable i +# 13| 1: [IntLiteral] 6 +# 13| 2: [StringLiteralUtf16] "F3" +# 14| 6: [LocalVariableDeclStmt] ... ...; +# 14| 0: [LocalVariableDeclAndInitExpr] String x5 = ... +# 14| -1: [TypeMention] string +# 14| 0: [LocalVariableAccess] access to local variable x5 +# 14| 1: [InterpolatedStringExpr] $"..." +# 14| 0: [StringLiteralUtf16] "Hello, Pi " +# 14| 1: [InterpolatedStringInsertExpr] {...} +# 14| 0: [LocalVariableAccess] access to local variable i +# 14| 1: [LocalVariableAccess] access to local variable align +# 15| 7: [LocalVariableDeclStmt] ... ...; +# 15| 0: [LocalVariableDeclAndInitExpr] String x6 = ... +# 15| -1: [TypeMention] string +# 15| 0: [LocalVariableAccess] access to local variable x6 +# 15| 1: [InterpolatedStringExpr] $"..." +# 15| 0: [StringLiteralUtf16] "Hello, Pi " +# 15| 1: [InterpolatedStringInsertExpr] {...} +# 15| 0: [LocalVariableAccess] access to local variable i +# 15| 1: [LocalVariableAccess] access to local variable align +# 15| 2: [StringLiteralUtf16] "F2" diff --git a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref new file mode 100644 index 000000000000..f867dd01f9f8 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref @@ -0,0 +1 @@ +shared/PrintAst.ql \ No newline at end of file From 5ae7e5ddb3890de6369a6be488d45fcee416d819 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 12:44:46 +0100 Subject: [PATCH 027/409] C#: Update other test expected output files. --- .../controlflow/graph/BasicBlock.expected | 18 +++---- .../controlflow/graph/Dominance.expected | 54 ++++++++++++------- .../graph/EnclosingCallable.expected | 9 ++++ .../controlflow/graph/EntryElement.expected | 9 ++++ .../controlflow/graph/ExitElement.expected | 9 ++++ .../controlflow/graph/NodeGraph.expected | 27 ++++++---- .../library-tests/csharp11/PrintAst.expected | 26 +++++---- .../csharp6/InterpolatedStringExpr.expected | 16 +++--- .../library-tests/csharp6/PrintAst.expected | 44 ++++++++------- .../library-tests/csharp7.3/PrintAst.expected | 3 +- .../library-tests/csharp7/IsFlow.expected | 12 +++-- .../csharp7/LocalTaintFlow.expected | 18 ++++--- .../library-tests/csharp7/PrintAst.expected | 18 ++++--- .../library-tests/csharp8/PrintAst.expected | 6 ++- .../library-tests/csharp9/PrintAst.expected | 5 +- .../implicittostring/PrintAst.expected | 10 ++-- .../dataflow/local/TaintTrackingStep.expected | 12 +++-- 17 files changed, 194 insertions(+), 102 deletions(-) diff --git a/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected b/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected index b3ea35fe7e4b..623b5404f781 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected @@ -377,8 +377,8 @@ | Conditions.cs:143:10:143:12 | exit M11 (normal) | Conditions.cs:143:10:143:12 | exit M11 | 2 | | Conditions.cs:145:21:145:23 | [b (line 143): true] "a" | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | 5 | | Conditions.cs:145:27:145:29 | [b (line 143): false] "b" | Conditions.cs:146:13:146:13 | [b (line 143): false] access to parameter b | 5 | -| Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | 5 | -| Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | 5 | +| Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | 6 | +| Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | 6 | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | exit ExitMethods | 5 | | ExitMethods.cs:8:10:8:11 | enter M1 | ExitMethods.cs:8:10:8:11 | exit M1 | 8 | | ExitMethods.cs:14:10:14:11 | enter M2 | ExitMethods.cs:14:10:14:11 | exit M2 | 8 | @@ -859,11 +859,11 @@ | Patterns.cs:5:10:5:11 | enter M1 | Patterns.cs:8:18:8:23 | Int32 i1 | 8 | | Patterns.cs:8:13:8:23 | [false] ... is ... | Patterns.cs:8:13:8:23 | [false] ... is ... | 1 | | Patterns.cs:8:13:8:23 | [true] ... is ... | Patterns.cs:8:13:8:23 | [true] ... is ... | 1 | -| Patterns.cs:9:9:11:9 | {...} | Patterns.cs:10:13:10:42 | call to method WriteLine | 6 | +| Patterns.cs:9:9:11:9 | {...} | Patterns.cs:10:13:10:42 | call to method WriteLine | 7 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:23:12:31 | String s1 | 3 | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:12:18:12:31 | [false] ... is ... | 1 | | Patterns.cs:12:18:12:31 | [true] ... is ... | Patterns.cs:12:18:12:31 | [true] ... is ... | 1 | -| Patterns.cs:13:9:15:9 | {...} | Patterns.cs:14:13:14:45 | call to method WriteLine | 6 | +| Patterns.cs:13:9:15:9 | {...} | Patterns.cs:14:13:14:45 | call to method WriteLine | 7 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:23:16:28 | Object v1 | 3 | | Patterns.cs:16:18:16:28 | [false] ... is ... | Patterns.cs:16:18:16:28 | [false] ... is ... | 1 | | Patterns.cs:16:18:16:28 | [true] ... is ... | Patterns.cs:16:18:16:28 | [true] ... is ... | 1 | @@ -872,11 +872,11 @@ | Patterns.cs:23:17:23:22 | break; | Patterns.cs:23:17:23:22 | break; | 1 | | Patterns.cs:24:13:24:36 | case ...: | Patterns.cs:24:18:24:23 | Int32 i2 | 2 | | Patterns.cs:24:30:24:31 | access to local variable i2 | Patterns.cs:24:30:24:35 | ... > ... | 3 | -| Patterns.cs:25:17:25:52 | ...; | Patterns.cs:26:17:26:22 | break; | 6 | +| Patterns.cs:25:17:25:52 | ...; | Patterns.cs:26:17:26:22 | break; | 7 | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | 2 | -| Patterns.cs:28:17:28:47 | ...; | Patterns.cs:29:17:29:22 | break; | 6 | +| Patterns.cs:28:17:28:47 | ...; | Patterns.cs:29:17:29:22 | break; | 7 | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | 2 | -| Patterns.cs:31:17:31:50 | ...; | Patterns.cs:32:17:32:22 | break; | 6 | +| Patterns.cs:31:17:31:50 | ...; | Patterns.cs:32:17:32:22 | break; | 7 | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | 2 | | Patterns.cs:34:17:34:22 | break; | Patterns.cs:34:17:34:22 | break; | 1 | | Patterns.cs:35:13:35:20 | default: | Patterns.cs:37:17:37:22 | break; | 5 | @@ -1076,8 +1076,8 @@ | Switch.cs:156:36:156:38 | "a" | Switch.cs:156:28:156:38 | ... => ... | 2 | | Switch.cs:156:41:156:45 | false | Switch.cs:156:41:156:45 | false | 1 | | Switch.cs:156:50:156:52 | "b" | Switch.cs:156:41:156:52 | ... => ... | 2 | -| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | 5 | -| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | 5 | +| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | 6 | +| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | 6 | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | 5 | | TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:18:7:22 | Int32 j | 13 | | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | 1 | diff --git a/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected b/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected index 7706539ad306..b2d700660689 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected @@ -1527,11 +1527,13 @@ dominance | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:13:147:48 | call to method WriteLine | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:45:147:45 | access to local variable s | -| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:38:147:47 | $"..." | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:38:147:47 | $"..." | +| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:44:147:46 | {...} | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:13:149:48 | call to method WriteLine | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:45:149:45 | access to local variable s | -| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:38:149:47 | $"..." | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:38:149:47 | $"..." | +| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:44:149:46 | {...} | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | {...} | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | call to constructor Object | | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | ExitMethods.cs:6:7:6:17 | exit ExitMethods | @@ -3147,7 +3149,8 @@ dominance | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:13:10:42 | call to method WriteLine | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:38:10:39 | access to local variable i1 | -| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:31:10:41 | $"..." | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:31:10:41 | $"..." | +| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:37:10:40 | {...} | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:18:12:18 | access to local variable o | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:23:12:31 | String s1 | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:16:14:18:9 | if (...) ... | @@ -3158,7 +3161,8 @@ dominance | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:13:14:45 | call to method WriteLine | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:41:14:42 | access to local variable s1 | -| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:31:14:44 | $"..." | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:31:14:44 | $"..." | +| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:40:14:43 | {...} | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:18 | access to local variable o | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:23:16:28 | Object v1 | | Patterns.cs:16:18:16:28 | [true] ... is ... | Patterns.cs:17:9:18:9 | {...} | @@ -3179,7 +3183,8 @@ dominance | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:17:25:51 | call to method WriteLine | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:47:25:48 | access to local variable i2 | -| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:35:25:50 | $"..." | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:35:25:50 | $"..." | +| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:46:25:49 | {...} | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:28:17:28:47 | ...; | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:30:13:30:27 | case ...: | @@ -3187,7 +3192,8 @@ dominance | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:17:28:46 | call to method WriteLine | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:42:28:43 | access to local variable i3 | -| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:35:28:45 | $"..." | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:35:28:45 | $"..." | +| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:41:28:44 | {...} | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:31:17:31:50 | ...; | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:33:13:33:24 | case ...: | @@ -3195,7 +3201,8 @@ dominance | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:17:31:49 | call to method WriteLine | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:45:31:46 | access to local variable s2 | -| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:35:31:48 | $"..." | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:35:31:48 | $"..." | +| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:44:31:47 | {...} | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:34:17:34:22 | break; | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:35:13:35:20 | default: | @@ -3664,11 +3671,13 @@ dominance | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:13:158:48 | call to method WriteLine | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:45:158:45 | access to local variable s | -| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:38:158:47 | $"..." | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:38:158:47 | $"..." | +| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:44:158:46 | {...} | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:13:160:48 | call to method WriteLine | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s | -| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:38:160:47 | $"..." | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." | +| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | @@ -5858,13 +5867,15 @@ postDominance | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | Conditions.cs:146:9:149:49 | [b (line 143): true] if (...) ... | | Conditions.cs:147:13:147:48 | call to method WriteLine | Conditions.cs:147:38:147:47 | $"..." | | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | -| Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:45:147:45 | access to local variable s | +| Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:44:147:46 | {...} | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:13:147:49 | ...; | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:38:149:47 | $"..." | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:146:13:146:13 | [b (line 143): false] access to parameter b | -| Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:45:149:45 | access to local variable s | +| Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:44:149:46 | {...} | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:13:149:49 | ...; | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:45:149:45 | access to local variable s | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:40:149:43 | "b = " | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | enter ExitMethods | | ExitMethods.cs:6:7:6:17 | exit ExitMethods | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | @@ -7341,8 +7352,9 @@ postDominance | Patterns.cs:9:9:11:9 | {...} | Patterns.cs:8:13:8:23 | [true] ... is ... | | Patterns.cs:10:13:10:42 | call to method WriteLine | Patterns.cs:10:31:10:41 | $"..." | | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:9:9:11:9 | {...} | -| Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:38:10:39 | access to local variable i1 | +| Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:37:10:40 | {...} | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:13:10:43 | ...; | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:8:13:8:23 | [false] ... is ... | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:14:18:9 | if (...) ... | @@ -7350,8 +7362,9 @@ postDominance | Patterns.cs:13:9:15:9 | {...} | Patterns.cs:12:18:12:31 | [true] ... is ... | | Patterns.cs:14:13:14:45 | call to method WriteLine | Patterns.cs:14:31:14:44 | $"..." | | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:13:9:15:9 | {...} | -| Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:41:14:42 | access to local variable s1 | +| Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:40:14:43 | {...} | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:13:14:46 | ...; | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:12:18:12:31 | [false] ... is ... | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:14:18:9 | if (...) ... | @@ -7368,20 +7381,23 @@ postDominance | Patterns.cs:24:30:24:35 | ... > ... | Patterns.cs:24:35:24:35 | 0 | | Patterns.cs:24:35:24:35 | 0 | Patterns.cs:24:30:24:31 | access to local variable i2 | | Patterns.cs:25:17:25:51 | call to method WriteLine | Patterns.cs:25:35:25:50 | $"..." | -| Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:47:25:48 | access to local variable i2 | +| Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:46:25:49 | {...} | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:17:25:52 | ...; | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:25:17:25:51 | call to method WriteLine | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:27:13:27:24 | case ...: | | Patterns.cs:28:17:28:46 | call to method WriteLine | Patterns.cs:28:35:28:45 | $"..." | -| Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:42:28:43 | access to local variable i3 | +| Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:41:28:44 | {...} | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:17:28:47 | ...; | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:28:17:28:46 | call to method WriteLine | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:30:13:30:27 | case ...: | | Patterns.cs:31:17:31:49 | call to method WriteLine | Patterns.cs:31:35:31:48 | $"..." | -| Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:45:31:46 | access to local variable s2 | +| Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:44:31:47 | {...} | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:17:31:50 | ...; | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:31:17:31:49 | call to method WriteLine | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:33:13:33:24 | case ...: | @@ -7829,12 +7845,14 @@ postDominance | Switch.cs:157:9:160:49 | if (...) ... | Switch.cs:156:13:156:54 | String s = ... | | Switch.cs:157:13:157:13 | access to parameter b | Switch.cs:157:9:160:49 | if (...) ... | | Switch.cs:158:13:158:48 | call to method WriteLine | Switch.cs:158:38:158:47 | $"..." | -| Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:45:158:45 | access to local variable s | +| Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:44:158:46 | {...} | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:13:158:49 | ...; | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:38:160:47 | $"..." | -| Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:45:160:45 | access to local variable s | +| Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:44:160:46 | {...} | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:13:160:49 | ...; | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:40:160:43 | "b = " | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | diff --git a/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected b/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected index 4f208361ea1a..57e393adc39a 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected @@ -1642,11 +1642,13 @@ nodeEnclosing | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:143:10:143:12 | M11 | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:143:10:143:12 | M11 | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:143:10:143:12 | M11 | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | ExitMethods | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | ExitMethods | @@ -3436,6 +3438,7 @@ nodeEnclosing | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:5:10:5:11 | M1 | @@ -3447,6 +3450,7 @@ nodeEnclosing | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:5:10:5:11 | M1 | @@ -3468,6 +3472,7 @@ nodeEnclosing | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -3476,6 +3481,7 @@ nodeEnclosing | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -3484,6 +3490,7 @@ nodeEnclosing | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -4014,11 +4021,13 @@ nodeEnclosing | Switch.cs:158:13:158:49 | ...; | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:154:10:154:12 | M15 | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:13:160:49 | ...; | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:154:10:154:12 | M15 | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:154:10:154:12 | M15 | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | TypeAccesses | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | TypeAccesses | diff --git a/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected b/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected index fddab21f2b62..cc26ecf7c8ed 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected @@ -1158,11 +1158,13 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:49 | ...; | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:40:147:43 | "a = " | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:49 | ...; | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:40:149:43 | "b = " | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:45:149:45 | access to local variable s | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:45:149:45 | access to local variable s | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | call to constructor Object | | ExitMethods.cs:6:7:6:17 | {...} | ExitMethods.cs:6:7:6:17 | {...} | @@ -2238,6 +2240,7 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:13:10:43 | ...; | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:33:10:36 | "int " | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:14:18:9 | if (...) ... | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:18:12:18 | access to local variable o | @@ -2248,6 +2251,7 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:13:14:46 | ...; | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:33:14:39 | "string " | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:14:18:9 | if (...) ... | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:18:16:18 | access to local variable o | @@ -2268,6 +2272,7 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:17:25:52 | ...; | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:37:25:45 | "positive " | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:26:17:26:22 | break; | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:13:27:24 | case ...: | @@ -2276,6 +2281,7 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:17:28:47 | ...; | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:37:28:40 | "int " | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:29:17:29:22 | break; | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:13:30:27 | case ...: | @@ -2284,6 +2290,7 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:17:31:50 | ...; | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:37:31:43 | "string " | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:32:17:32:22 | break; | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:13:33:24 | case ...: | @@ -2696,11 +2703,13 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:49 | ...; | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:40:158:43 | "a = " | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:49 | ...; | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} | diff --git a/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected b/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected index 81ee139f6a68..bc47b5b3fa26 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected @@ -1452,11 +1452,13 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | normal | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:38:147:47 | $"..." | normal | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:40:147:43 | "a = " | normal | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:44:147:46 | {...} | normal | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:45:147:45 | access to local variable s | normal | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:13:149:48 | call to method WriteLine | normal | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | normal | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:38:149:47 | $"..." | normal | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:40:149:43 | "b = " | normal | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:44:149:46 | {...} | normal | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:45:149:45 | access to local variable s | normal | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | call to constructor Object | normal | | ExitMethods.cs:6:7:6:17 | {...} | ExitMethods.cs:6:7:6:17 | {...} | normal | @@ -2911,6 +2913,7 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:13:10:42 | call to method WriteLine | normal | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:31:10:41 | $"..." | normal | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:33:10:36 | "int " | normal | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:37:10:40 | {...} | normal | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:38:10:39 | access to local variable i1 | normal | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:14:13:14:45 | call to method WriteLine | normal | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:16:18:16:28 | ... is ... | false | @@ -2925,6 +2928,7 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:13:14:45 | call to method WriteLine | normal | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:31:14:44 | $"..." | normal | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:33:14:39 | "string " | normal | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:40:14:43 | {...} | normal | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:41:14:42 | access to local variable s1 | normal | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:28 | ... is ... | false | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:17:9:18:9 | {...} | normal | @@ -2959,6 +2963,7 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:17:25:51 | call to method WriteLine | normal | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:35:25:50 | $"..." | normal | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:37:25:45 | "positive " | normal | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:46:25:49 | {...} | normal | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:47:25:48 | access to local variable i2 | normal | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:26:17:26:22 | break; | break | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | no-match | @@ -2969,6 +2974,7 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:17:28:46 | call to method WriteLine | normal | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:35:28:45 | $"..." | normal | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:37:28:40 | "int " | normal | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:41:28:44 | {...} | normal | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:42:28:43 | access to local variable i3 | normal | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:29:17:29:22 | break; | break | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | no-match | @@ -2979,6 +2985,7 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:17:31:49 | call to method WriteLine | normal | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:35:31:48 | $"..." | normal | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:37:31:43 | "string " | normal | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:44:31:47 | {...} | normal | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:45:31:46 | access to local variable s2 | normal | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:32:17:32:22 | break; | break | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | no-match | @@ -3566,11 +3573,13 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | normal | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:38:158:47 | $"..." | normal | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:40:158:43 | "a = " | normal | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:44:158:46 | {...} | normal | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:45:158:45 | access to local variable s | normal | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:13:160:48 | call to method WriteLine | normal | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | normal | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:38:160:47 | $"..." | normal | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " | normal | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:44:160:46 | {...} | normal | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s | normal | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object | normal | | TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} | normal | diff --git a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected index 0ae9a8a1e35c..5b3860e04ede 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected @@ -1679,12 +1679,14 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:40:147:43 | "a = " | | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:13:147:48 | call to method WriteLine | | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:45:147:45 | access to local variable s | | -| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:38:147:47 | $"..." | | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:38:147:47 | $"..." | | +| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:44:147:46 | {...} | | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:143:10:143:12 | exit M11 (normal) | | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:40:149:43 | "b = " | | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:13:149:48 | call to method WriteLine | | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:45:149:45 | access to local variable s | | -| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:38:149:47 | $"..." | | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:38:149:47 | $"..." | | +| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:44:149:46 | {...} | | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | {...} | | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | call to constructor Object | | | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | ExitMethods.cs:6:7:6:17 | exit ExitMethods | | @@ -3528,7 +3530,8 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:33:10:36 | "int " | | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:13:10:42 | call to method WriteLine | | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:38:10:39 | access to local variable i1 | | -| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:31:10:41 | $"..." | | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:31:10:41 | $"..." | | +| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:37:10:40 | {...} | | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:18:12:18 | access to local variable o | | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:23:12:31 | String s1 | | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:16:14:18:9 | if (...) ... | false | @@ -3540,7 +3543,8 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:33:14:39 | "string " | | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:13:14:45 | call to method WriteLine | | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:41:14:42 | access to local variable s1 | | -| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:31:14:44 | $"..." | | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:31:14:44 | $"..." | | +| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:40:14:43 | {...} | | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:18 | access to local variable o | | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:23:16:28 | Object v1 | | | Patterns.cs:16:18:16:28 | [false] ... is ... | Patterns.cs:20:9:38:9 | switch (...) {...} | false | @@ -3565,7 +3569,8 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:37:25:45 | "positive " | | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:17:25:51 | call to method WriteLine | | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:47:25:48 | access to local variable i2 | | -| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:35:25:50 | $"..." | | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:35:25:50 | $"..." | | +| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:46:25:49 | {...} | | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:28:17:28:47 | ...; | match | @@ -3574,7 +3579,8 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:37:28:40 | "int " | | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:17:28:46 | call to method WriteLine | | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:42:28:43 | access to local variable i3 | | -| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:35:28:45 | $"..." | | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:35:28:45 | $"..." | | +| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:41:28:44 | {...} | | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:31:17:31:50 | ...; | match | @@ -3583,7 +3589,8 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:37:31:43 | "string " | | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:17:31:49 | call to method WriteLine | | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:45:31:46 | access to local variable s2 | | -| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:35:31:48 | $"..." | | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:35:31:48 | $"..." | | +| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:44:31:47 | {...} | | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:34:17:34:22 | break; | match | @@ -4130,12 +4137,14 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:40:158:43 | "a = " | | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:13:158:48 | call to method WriteLine | | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:45:158:45 | access to local variable s | | -| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:38:158:47 | $"..." | | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:38:158:47 | $"..." | | +| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:44:158:46 | {...} | | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:154:10:154:12 | exit M15 (normal) | | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:40:160:43 | "b = " | | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:13:160:48 | call to method WriteLine | | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s | | -| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:38:160:47 | $"..." | | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." | | +| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} | | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} | | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | | diff --git a/csharp/ql/test/library-tests/csharp11/PrintAst.expected b/csharp/ql/test/library-tests/csharp11/PrintAst.expected index b10e2096489b..3a3f44974231 100644 --- a/csharp/ql/test/library-tests/csharp11/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp11/PrintAst.expected @@ -1332,14 +1332,15 @@ Strings.cs: # 8| 0: [ReturnStmt] return ...; # 8| 0: [InterpolatedStringExpr] $"..." # 8| 0: [StringLiteralUtf16] "This is my int " -# 8| 1: [SwitchExpr] ... switch { ... } -# 8| -1: [ParameterAccess] access to parameter x -# 10| 0: [SwitchCaseExpr] ... => ... -# 10| 0: [ConstantPatternExpr,IntLiteral] 42 -# 10| 2: [StringLiteralUtf16] "forty two" -# 11| 1: [SwitchCaseExpr] ... => ... -# 11| 0: [DiscardPatternExpr] _ -# 11| 2: [StringLiteralUtf16] "something else" +# 8| 1: [InterpolatedStringInsertExpr] {...} +# 8| 0: [SwitchExpr] ... switch { ... } +# 8| -1: [ParameterAccess] access to parameter x +# 10| 0: [SwitchCaseExpr] ... => ... +# 10| 0: [ConstantPatternExpr,IntLiteral] 42 +# 10| 2: [StringLiteralUtf16] "forty two" +# 11| 1: [SwitchCaseExpr] ... => ... +# 11| 0: [DiscardPatternExpr] _ +# 11| 2: [StringLiteralUtf16] "something else" # 12| 2: [StringLiteralUtf16] "." # 15| 6: [Method] M2 # 15| -1: [TypeMention] Void @@ -1359,7 +1360,8 @@ Strings.cs: # 26| 1: [InterpolatedStringExpr] $"..." # 27| 0: [StringLiteralUtf16] "The nested message # 27| is \"" -# 28| 1: [LocalVariableAccess] access to local variable message1 +# 28| 1: [InterpolatedStringInsertExpr] {...} +# 28| 0: [LocalVariableAccess] access to local variable message1 # 28| 2: [StringLiteralUtf16] "\" and everything # 28| spans multiple lines." # 33| 2: [LocalVariableDeclStmt] ... ...; @@ -1368,10 +1370,12 @@ Strings.cs: # 33| 0: [LocalVariableAccess] access to local variable message3 # 33| 1: [InterpolatedStringExpr] $"..." # 34| 0: [StringLiteralUtf16] "Show no curly braces: " -# 34| 1: [LocalVariableAccess] access to local variable message1 +# 34| 1: [InterpolatedStringInsertExpr] {...} +# 34| 0: [LocalVariableAccess] access to local variable message1 # 34| 2: [StringLiteralUtf16] " # 34| Show matching set of curly braces: {" -# 35| 3: [LocalVariableAccess] access to local variable message2 +# 35| 3: [InterpolatedStringInsertExpr] {...} +# 35| 0: [LocalVariableAccess] access to local variable message2 # 35| 4: [StringLiteralUtf16] "}" # 40| 7: [Method] M3 # 40| -1: [TypeMention] Void diff --git a/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected b/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected index d10365546bd9..a7c904f56867 100644 --- a/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected +++ b/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected @@ -1,14 +1,14 @@ -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:26:25:36 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:25:25:37 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:38:25:41 | " is " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:43:25:45 | access to local variable foo | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:42:25:46 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:47:25:52 | ", and " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:54:25:64 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:53:25:65 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:66:25:77 | " has length " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:79:25:94 | ... ?? ... | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:20:27:30 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:78:25:95 | {...} | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:19:27:31 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:32:27:35 | " is " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:37:27:39 | access to local variable foo | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:36:27:40 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:41:27:46 | ", and " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:48:27:58 | nameof(...) | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:47:27:59 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:60:27:71 | " has length " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:73:27:88 | ... ?? ... | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:72:27:89 | {...} | diff --git a/csharp/ql/test/library-tests/csharp6/PrintAst.expected b/csharp/ql/test/library-tests/csharp6/PrintAst.expected index 892ad6dd4b15..424a18bcb023 100644 --- a/csharp/ql/test/library-tests/csharp6/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp6/PrintAst.expected @@ -30,33 +30,41 @@ csharp6.cs: # 25| 1: [ExprStmt] ...; # 25| 0: [MethodCall] call to method WriteLine # 25| 0: [InterpolatedStringExpr] $"..." -# 25| 0: [NameOfExpr] nameof(...) -# 25| 0: [LocalVariableAccess] access to local variable foo +# 25| 0: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NameOfExpr] nameof(...) +# 25| 0: [LocalVariableAccess] access to local variable foo # 25| 1: [StringLiteralUtf16] " is " -# 25| 2: [LocalVariableAccess] access to local variable foo +# 25| 2: [InterpolatedStringInsertExpr] {...} +# 25| 0: [LocalVariableAccess] access to local variable foo # 25| 3: [StringLiteralUtf16] ", and " -# 25| 4: [NameOfExpr] nameof(...) -# 25| 0: [LocalVariableAccess] access to local variable bar +# 25| 4: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NameOfExpr] nameof(...) +# 25| 0: [LocalVariableAccess] access to local variable bar # 25| 5: [StringLiteralUtf16] " has length " -# 25| 6: [NullCoalescingExpr] ... ?? ... -# 25| 0: [PropertyCall] access to property Length -# 25| -1: [LocalVariableAccess] access to local variable bar -# 25| 1: [IntLiteral] 0 +# 25| 6: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NullCoalescingExpr] ... ?? ... +# 25| 0: [PropertyCall] access to property Length +# 25| -1: [LocalVariableAccess] access to local variable bar +# 25| 1: [IntLiteral] 0 # 27| 2: [ExprStmt] ...; # 27| 0: [MethodCall] call to method Fn # 27| 0: [InterpolatedStringExpr] $"..." -# 27| 0: [NameOfExpr] nameof(...) -# 27| 0: [LocalVariableAccess] access to local variable foo +# 27| 0: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NameOfExpr] nameof(...) +# 27| 0: [LocalVariableAccess] access to local variable foo # 27| 1: [StringLiteralUtf16] " is " -# 27| 2: [LocalVariableAccess] access to local variable foo +# 27| 2: [InterpolatedStringInsertExpr] {...} +# 27| 0: [LocalVariableAccess] access to local variable foo # 27| 3: [StringLiteralUtf16] ", and " -# 27| 4: [NameOfExpr] nameof(...) -# 27| 0: [LocalVariableAccess] access to local variable bar +# 27| 4: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NameOfExpr] nameof(...) +# 27| 0: [LocalVariableAccess] access to local variable bar # 27| 5: [StringLiteralUtf16] " has length " -# 27| 6: [NullCoalescingExpr] ... ?? ... -# 27| 0: [PropertyCall] access to property Length -# 27| -1: [LocalVariableAccess] access to local variable bar -# 27| 1: [IntLiteral] 0 +# 27| 6: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NullCoalescingExpr] ... ?? ... +# 27| 0: [PropertyCall] access to property Length +# 27| -1: [LocalVariableAccess] access to local variable bar +# 27| 1: [IntLiteral] 0 # 29| 3: [LocalVariableDeclStmt] ... ...; # 29| 0: [LocalVariableDeclAndInitExpr] Nullable anythingInBar = ... # 29| -1: [TypeMention] bool? diff --git a/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected b/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected index d55d5d279ada..70bfee85c04b 100644 --- a/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected @@ -110,4 +110,5 @@ csharp73.cs: # 51| 0: [TypeMention] Console # 51| 0: [InterpolatedStringExpr] $"..." # 51| 0: [StringLiteralUtf16] "x is " -# 51| 1: [LocalVariableAccess] access to local variable x +# 51| 1: [InterpolatedStringInsertExpr] {...} +# 51| 0: [LocalVariableAccess] access to local variable x diff --git a/csharp/ql/test/library-tests/csharp7/IsFlow.expected b/csharp/ql/test/library-tests/csharp7/IsFlow.expected index b3e283528457..ce37b655bb85 100644 --- a/csharp/ql/test/library-tests/csharp7/IsFlow.expected +++ b/csharp/ql/test/library-tests/csharp7/IsFlow.expected @@ -24,7 +24,8 @@ | CSharp7.cs:255:17:255:45 | ...; | CSharp7.cs:255:37:255:38 | "x " | semmle.label | successor | | CSharp7.cs:255:35:255:43 | $"..." | CSharp7.cs:255:17:255:44 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:255:37:255:38 | "x " | CSharp7.cs:255:40:255:41 | access to local variable s4 | semmle.label | successor | -| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:35:255:43 | $"..." | semmle.label | successor | +| CSharp7.cs:255:39:255:42 | {...} | CSharp7.cs:255:35:255:43 | $"..." | semmle.label | successor | +| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:39:255:42 | {...} | semmle.label | successor | | CSharp7.cs:256:17:256:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:257:13:257:36 | case ...: | CSharp7.cs:257:18:257:23 | Int32 i2 | semmle.label | successor | | CSharp7.cs:257:18:257:23 | Int32 i2 | CSharp7.cs:257:30:257:31 | access to local variable i2 | semmle.label | match | @@ -37,7 +38,8 @@ | CSharp7.cs:258:17:258:52 | ...; | CSharp7.cs:258:37:258:45 | "positive " | semmle.label | successor | | CSharp7.cs:258:35:258:50 | $"..." | CSharp7.cs:258:17:258:51 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:258:37:258:45 | "positive " | CSharp7.cs:258:47:258:48 | access to local variable i2 | semmle.label | successor | -| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:35:258:50 | $"..." | semmle.label | successor | +| CSharp7.cs:258:46:258:49 | {...} | CSharp7.cs:258:35:258:50 | $"..." | semmle.label | successor | +| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:46:258:49 | {...} | semmle.label | successor | | CSharp7.cs:259:17:259:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:260:13:260:24 | case ...: | CSharp7.cs:260:18:260:23 | Int32 i3 | semmle.label | successor | | CSharp7.cs:260:18:260:23 | Int32 i3 | CSharp7.cs:261:17:261:47 | ...; | semmle.label | match | @@ -46,7 +48,8 @@ | CSharp7.cs:261:17:261:47 | ...; | CSharp7.cs:261:37:261:40 | "int " | semmle.label | successor | | CSharp7.cs:261:35:261:45 | $"..." | CSharp7.cs:261:17:261:46 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:261:37:261:40 | "int " | CSharp7.cs:261:42:261:43 | access to local variable i3 | semmle.label | successor | -| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:35:261:45 | $"..." | semmle.label | successor | +| CSharp7.cs:261:41:261:44 | {...} | CSharp7.cs:261:35:261:45 | $"..." | semmle.label | successor | +| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:41:261:44 | {...} | semmle.label | successor | | CSharp7.cs:262:17:262:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:263:13:263:27 | case ...: | CSharp7.cs:263:18:263:26 | String s2 | semmle.label | successor | | CSharp7.cs:263:18:263:26 | String s2 | CSharp7.cs:264:17:264:50 | ...; | semmle.label | match | @@ -55,7 +58,8 @@ | CSharp7.cs:264:17:264:50 | ...; | CSharp7.cs:264:37:264:43 | "string " | semmle.label | successor | | CSharp7.cs:264:35:264:48 | $"..." | CSharp7.cs:264:17:264:49 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:264:37:264:43 | "string " | CSharp7.cs:264:45:264:46 | access to local variable s2 | semmle.label | successor | -| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:35:264:48 | $"..." | semmle.label | successor | +| CSharp7.cs:264:44:264:47 | {...} | CSharp7.cs:264:35:264:48 | $"..." | semmle.label | successor | +| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:44:264:47 | {...} | semmle.label | successor | | CSharp7.cs:265:17:265:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:266:13:266:26 | case ...: | CSharp7.cs:266:18:266:23 | access to type Double | semmle.label | successor | | CSharp7.cs:266:18:266:23 | access to type Double | CSharp7.cs:267:17:267:44 | ...; | semmle.label | match | diff --git a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected index 4a16e2491dfe..1bba9f6dd8ba 100644 --- a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected +++ b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected @@ -254,7 +254,8 @@ | CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [true] ... && ... | | CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | | CSharp7.cs:235:33:235:36 | "int " | CSharp7.cs:235:31:235:41 | $"..." | -| CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:31:235:41 | $"..." | +| CSharp7.cs:235:37:235:40 | {...} | CSharp7.cs:235:31:235:41 | $"..." | +| CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:37:235:40 | {...} | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:237:23:237:31 | String s1 | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:241:18:241:18 | access to local variable o | @@ -262,7 +263,8 @@ | CSharp7.cs:237:23:237:31 | String s1 | CSharp7.cs:237:23:237:31 | SSA def(s1) | | CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | | CSharp7.cs:239:33:239:39 | "string " | CSharp7.cs:239:31:239:44 | $"..." | -| CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:31:239:44 | $"..." | +| CSharp7.cs:239:40:239:43 | {...} | CSharp7.cs:239:31:239:44 | $"..." | +| CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:40:239:43 | {...} | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:244:18:244:18 | access to local variable o | | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | @@ -283,21 +285,25 @@ | CSharp7.cs:254:32:254:40 | SSA def(s4) | CSharp7.cs:255:40:255:41 | access to local variable s4 | | CSharp7.cs:254:32:254:40 | String s4 | CSharp7.cs:254:32:254:40 | SSA def(s4) | | CSharp7.cs:255:37:255:38 | "x " | CSharp7.cs:255:35:255:43 | $"..." | -| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:35:255:43 | $"..." | +| CSharp7.cs:255:39:255:42 | {...} | CSharp7.cs:255:35:255:43 | $"..." | +| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:39:255:42 | {...} | | CSharp7.cs:257:18:257:23 | Int32 i2 | CSharp7.cs:257:18:257:23 | SSA def(i2) | | CSharp7.cs:257:18:257:23 | SSA def(i2) | CSharp7.cs:257:30:257:31 | access to local variable i2 | | CSharp7.cs:257:30:257:31 | access to local variable i2 | CSharp7.cs:257:30:257:35 | ... > ... | | CSharp7.cs:257:30:257:31 | access to local variable i2 | CSharp7.cs:258:47:258:48 | access to local variable i2 | | CSharp7.cs:258:37:258:45 | "positive " | CSharp7.cs:258:35:258:50 | $"..." | -| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:35:258:50 | $"..." | +| CSharp7.cs:258:46:258:49 | {...} | CSharp7.cs:258:35:258:50 | $"..." | +| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:46:258:49 | {...} | | CSharp7.cs:260:18:260:23 | Int32 i3 | CSharp7.cs:260:18:260:23 | SSA def(i3) | | CSharp7.cs:260:18:260:23 | SSA def(i3) | CSharp7.cs:261:42:261:43 | access to local variable i3 | | CSharp7.cs:261:37:261:40 | "int " | CSharp7.cs:261:35:261:45 | $"..." | -| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:35:261:45 | $"..." | +| CSharp7.cs:261:41:261:44 | {...} | CSharp7.cs:261:35:261:45 | $"..." | +| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:41:261:44 | {...} | | CSharp7.cs:263:18:263:26 | SSA def(s2) | CSharp7.cs:264:45:264:46 | access to local variable s2 | | CSharp7.cs:263:18:263:26 | String s2 | CSharp7.cs:263:18:263:26 | SSA def(s2) | | CSharp7.cs:264:37:264:43 | "string " | CSharp7.cs:264:35:264:48 | $"..." | -| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:35:264:48 | $"..." | +| CSharp7.cs:264:44:264:47 | {...} | CSharp7.cs:264:35:264:48 | $"..." | +| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:44:264:47 | {...} | | CSharp7.cs:282:13:282:16 | access to local variable dict | CSharp7.cs:282:13:282:48 | SSA def(dict) | | CSharp7.cs:282:13:282:48 | SSA def(dict) | CSharp7.cs:283:20:283:23 | access to local variable dict | | CSharp7.cs:282:20:282:48 | object creation of type Dictionary | CSharp7.cs:282:13:282:16 | access to local variable dict | diff --git a/csharp/ql/test/library-tests/csharp7/PrintAst.expected b/csharp/ql/test/library-tests/csharp7/PrintAst.expected index e5d009e0df63..bf0b07abbeb8 100644 --- a/csharp/ql/test/library-tests/csharp7/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp7/PrintAst.expected @@ -727,7 +727,8 @@ CSharp7.cs: # 235| 0: [TypeMention] Console # 235| 0: [InterpolatedStringExpr] $"..." # 235| 0: [StringLiteralUtf16] "int " -# 235| 1: [LocalVariableAccess] access to local variable i1 +# 235| 1: [InterpolatedStringInsertExpr] {...} +# 235| 0: [LocalVariableAccess] access to local variable i1 # 237| 2: [IfStmt] if (...) ... # 237| 0: [IsExpr] ... is ... # 237| 0: [LocalVariableAccess] access to local variable o @@ -740,7 +741,8 @@ CSharp7.cs: # 239| 0: [TypeMention] Console # 239| 0: [InterpolatedStringExpr] $"..." # 239| 0: [StringLiteralUtf16] "string " -# 239| 1: [LocalVariableAccess] access to local variable s1 +# 239| 1: [InterpolatedStringInsertExpr] {...} +# 239| 0: [LocalVariableAccess] access to local variable s1 # 241| 2: [IfStmt] if (...) ... # 241| 0: [IsExpr] ... is ... # 241| 0: [LocalVariableAccess] access to local variable o @@ -775,7 +777,8 @@ CSharp7.cs: # 255| 0: [TypeMention] Console # 255| 0: [InterpolatedStringExpr] $"..." # 255| 0: [StringLiteralUtf16] "x " -# 255| 1: [LocalVariableAccess] access to local variable s4 +# 255| 1: [InterpolatedStringInsertExpr] {...} +# 255| 0: [LocalVariableAccess] access to local variable s4 # 256| 6: [BreakStmt] break; # 257| 7: [CaseStmt] case ...: # 257| 0: [VariablePatternExpr] Int32 i2 @@ -789,7 +792,8 @@ CSharp7.cs: # 258| 0: [TypeMention] Console # 258| 0: [InterpolatedStringExpr] $"..." # 258| 0: [StringLiteralUtf16] "positive " -# 258| 1: [LocalVariableAccess] access to local variable i2 +# 258| 1: [InterpolatedStringInsertExpr] {...} +# 258| 0: [LocalVariableAccess] access to local variable i2 # 259| 9: [BreakStmt] break; # 260| 10: [CaseStmt] case ...: # 260| 0: [VariablePatternExpr] Int32 i3 @@ -800,7 +804,8 @@ CSharp7.cs: # 261| 0: [TypeMention] Console # 261| 0: [InterpolatedStringExpr] $"..." # 261| 0: [StringLiteralUtf16] "int " -# 261| 1: [LocalVariableAccess] access to local variable i3 +# 261| 1: [InterpolatedStringInsertExpr] {...} +# 261| 0: [LocalVariableAccess] access to local variable i3 # 262| 12: [BreakStmt] break; # 263| 13: [CaseStmt] case ...: # 263| 0: [VariablePatternExpr] String s2 @@ -811,7 +816,8 @@ CSharp7.cs: # 264| 0: [TypeMention] Console # 264| 0: [InterpolatedStringExpr] $"..." # 264| 0: [StringLiteralUtf16] "string " -# 264| 1: [LocalVariableAccess] access to local variable s2 +# 264| 1: [InterpolatedStringInsertExpr] {...} +# 264| 0: [LocalVariableAccess] access to local variable s2 # 265| 15: [BreakStmt] break; # 266| 16: [CaseStmt] case ...: # 266| 0: [TypeAccessPatternExpr] access to type Double diff --git a/csharp/ql/test/library-tests/csharp8/PrintAst.expected b/csharp/ql/test/library-tests/csharp8/PrintAst.expected index c33374e4761d..4ec30c915b3a 100644 --- a/csharp/ql/test/library-tests/csharp8/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp8/PrintAst.expected @@ -4,12 +4,14 @@ AlternateInterpolatedStrings.cs: # 5| -1: [TypeMention] string # 5| 1: [InterpolatedStringExpr] $"..." # 5| 0: [StringLiteralUtf16] "C:" -# 5| 1: [IntLiteral] 12 +# 5| 1: [InterpolatedStringInsertExpr] {...} +# 5| 0: [IntLiteral] 12 # 6| 6: [Field] s2 # 6| -1: [TypeMention] string # 6| 1: [InterpolatedStringExpr] $"..." # 6| 0: [StringLiteralUtf16] "C:" -# 6| 1: [IntLiteral] 12 +# 6| 1: [InterpolatedStringInsertExpr] {...} +# 6| 0: [IntLiteral] 12 AsyncStreams.cs: # 6| [Class] AsyncStreams # 8| 5: [Method] Items diff --git a/csharp/ql/test/library-tests/csharp9/PrintAst.expected b/csharp/ql/test/library-tests/csharp9/PrintAst.expected index a1ecbd0a2123..e3b89de20096 100644 --- a/csharp/ql/test/library-tests/csharp9/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp9/PrintAst.expected @@ -1008,8 +1008,9 @@ Record.cs: # 49| 0: [LocalVariableAccess] access to local variable s # 50| 2: [ReturnStmt] return ...; # 50| 0: [InterpolatedStringExpr] $"..." -# 50| 0: [MethodCall] call to method ToString -# 50| -1: [LocalVariableAccess] access to local variable s +# 50| 0: [InterpolatedStringInsertExpr] {...} +# 50| 0: [MethodCall] call to method ToString +# 50| -1: [LocalVariableAccess] access to local variable s # 50| 1: [StringLiteralUtf16] " is a dog" # 54| [RecordClass] R1 # 54| 12: [NEOperator] != diff --git a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected index bf2a515a8895..cd7658f6f5e9 100644 --- a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected +++ b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected @@ -68,8 +68,9 @@ implicitToString.cs: # 32| 0: [LocalVariableAccess] access to local variable x2 # 32| 1: [InterpolatedStringExpr] $"..." # 32| 0: [StringLiteralUtf16] "Hello " -# 32| 1: [MethodCall] call to method ToString -# 32| -1: [LocalVariableAccess] access to local variable x1 +# 32| 1: [InterpolatedStringInsertExpr] {...} +# 32| 0: [MethodCall] call to method ToString +# 32| -1: [LocalVariableAccess] access to local variable x1 # 33| 2: [ExprStmt] ...; # 33| 0: [MethodCall] call to method Sink # 33| 0: [LocalVariableAccess] access to local variable x2 @@ -88,8 +89,9 @@ implicitToString.cs: # 39| 0: [LocalVariableAccess] access to local variable x2 # 39| 1: [InterpolatedStringExpr] $"..." # 39| 0: [StringLiteralUtf16] "Hello " -# 39| 1: [MethodCall] call to method ToString -# 39| -1: [LocalVariableAccess] access to local variable x1 +# 39| 1: [InterpolatedStringInsertExpr] {...} +# 39| 0: [MethodCall] call to method ToString +# 39| -1: [LocalVariableAccess] access to local variable x1 # 40| 2: [ExprStmt] ...; # 40| 0: [MethodCall] call to method Sink # 40| 0: [LocalVariableAccess] access to local variable x2 diff --git a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected index ea0ae7f9da73..7187280f7555 100644 --- a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected +++ b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected @@ -547,12 +547,14 @@ | LocalDataFlow.cs:273:13:273:36 | SSA def(sink69) | LocalDataFlow.cs:274:15:274:20 | access to local variable sink69 | | LocalDataFlow.cs:273:22:273:36 | $"..." | LocalDataFlow.cs:273:13:273:18 | access to local variable sink69 | | LocalDataFlow.cs:273:24:273:28 | "test " | LocalDataFlow.cs:273:22:273:36 | $"..." | -| LocalDataFlow.cs:273:30:273:34 | access to local variable sink1 | LocalDataFlow.cs:273:22:273:36 | $"..." | +| LocalDataFlow.cs:273:29:273:35 | {...} | LocalDataFlow.cs:273:22:273:36 | $"..." | +| LocalDataFlow.cs:273:30:273:34 | access to local variable sink1 | LocalDataFlow.cs:273:29:273:35 | {...} | | LocalDataFlow.cs:277:9:277:16 | access to local variable nonSink0 | LocalDataFlow.cs:277:9:277:37 | SSA def(nonSink0) | | LocalDataFlow.cs:277:9:277:37 | SSA def(nonSink0) | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | | LocalDataFlow.cs:277:20:277:37 | $"..." | LocalDataFlow.cs:277:9:277:16 | access to local variable nonSink0 | | LocalDataFlow.cs:277:22:277:26 | "test " | LocalDataFlow.cs:277:20:277:37 | $"..." | -| LocalDataFlow.cs:277:28:277:35 | access to local variable nonSink0 | LocalDataFlow.cs:277:20:277:37 | $"..." | +| LocalDataFlow.cs:277:27:277:36 | {...} | LocalDataFlow.cs:277:20:277:37 | $"..." | +| LocalDataFlow.cs:277:28:277:35 | access to local variable nonSink0 | LocalDataFlow.cs:277:27:277:36 | {...} | | LocalDataFlow.cs:278:15:278:22 | [post] access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 | | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 | | LocalDataFlow.cs:281:13:281:18 | access to local variable sink70 | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) | @@ -1237,8 +1239,10 @@ | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | Splitting.cs:56:9:56:9 | access to local variable x | | Splitting.cs:56:15:56:15 | [b (line 46): false] "c" | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | | Splitting.cs:56:15:56:15 | [b (line 46): true] "c" | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | -| Splitting.cs:56:17:56:17 | [b (line 46): false] access to local variable x | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | -| Splitting.cs:56:17:56:17 | [b (line 46): true] access to local variable x | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | +| Splitting.cs:56:16:56:18 | [b (line 46): false] {...} | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | +| Splitting.cs:56:16:56:18 | [b (line 46): true] {...} | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | +| Splitting.cs:56:17:56:17 | [b (line 46): false] access to local variable x | Splitting.cs:56:16:56:18 | [b (line 46): false] {...} | +| Splitting.cs:56:17:56:17 | [b (line 46): true] access to local variable x | Splitting.cs:56:16:56:18 | [b (line 46): true] {...} | | Splitting.cs:57:13:57:24 | [b (line 46): false] access to field Item1 | Splitting.cs:57:9:57:9 | access to local variable x | | Splitting.cs:57:13:57:24 | [b (line 46): true] access to field Item1 | Splitting.cs:57:9:57:9 | access to local variable x | | Splitting.cs:57:17:57:17 | [b (line 46): false] access to local variable y | Splitting.cs:58:27:58:27 | [b (line 46): false] access to local variable y | From acec97db94fe79f3928f5d58b62045436be58f88 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 13:32:44 +0100 Subject: [PATCH 028/409] C#: Add change-note. --- csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md diff --git a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md new file mode 100644 index 000000000000..3507d35b5135 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. From d1ef2b50fbedf90d1c3a1c8c0a157f0eb97fe002 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 12 Feb 2025 15:46:16 +0000 Subject: [PATCH 029/409] Rust: Model futures::executor::block_on. --- rust/ql/lib/codeql/rust/frameworks/futures.model.yml | 6 ++++++ .../dataflow/global/inline-flow.expected | 12 ++++++++++++ rust/ql/test/library-tests/dataflow/global/main.rs | 2 +- .../dataflow/global/viableCallable.expected | 2 ++ .../dataflow/local/DataFlowStep.expected | 1 + .../security/CWE-020/RegexInjection.expected | 8 ++++---- 6 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/futures.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml new file mode 100644 index 000000000000..1361ff9aeb2e --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["repo:https://github.com/rust-lang/futures-rs:futures-executor", "crate::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected index 54b70e0ac128..4a095c7142f5 100644 --- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected @@ -1,4 +1,5 @@ models +| 1 | Summary: repo:https://github.com/rust-lang/futures-rs:futures-executor; crate::local_pool::block_on; Argument[0]; ReturnValue; value | edges | main.rs:12:28:14:1 | { ... } | main.rs:17:13:17:23 | get_data(...) | provenance | | | main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance | | @@ -71,10 +72,15 @@ edges | main.rs:161:9:161:9 | d [MyInt] | main.rs:162:10:162:10 | d [MyInt] | provenance | | | main.rs:161:13:161:20 | a.add(...) [MyInt] | main.rs:161:9:161:9 | d [MyInt] | provenance | | | main.rs:162:10:162:10 | d [MyInt] | main.rs:162:10:162:16 | d.value | provenance | | +| main.rs:200:32:204:1 | { ... } | main.rs:219:41:219:54 | async_source(...) | provenance | | +| main.rs:201:9:201:9 | a | main.rs:200:32:204:1 | { ... } | provenance | | | main.rs:201:9:201:9 | a | main.rs:202:10:202:10 | a | provenance | | | main.rs:201:13:201:21 | source(...) | main.rs:201:9:201:9 | a | provenance | | | main.rs:211:13:211:13 | c | main.rs:212:14:212:14 | c | provenance | | | main.rs:211:17:211:25 | source(...) | main.rs:211:13:211:13 | c | provenance | | +| main.rs:219:9:219:9 | a | main.rs:220:10:220:10 | a | provenance | | +| main.rs:219:13:219:55 | ...::block_on(...) | main.rs:219:9:219:9 | a | provenance | | +| main.rs:219:41:219:54 | async_source(...) | main.rs:219:13:219:55 | ...::block_on(...) | provenance | MaD:1 | nodes | main.rs:12:28:14:1 | { ... } | semmle.label | { ... } | | main.rs:13:5:13:13 | source(...) | semmle.label | source(...) | @@ -156,12 +162,17 @@ nodes | main.rs:161:13:161:20 | a.add(...) [MyInt] | semmle.label | a.add(...) [MyInt] | | main.rs:162:10:162:10 | d [MyInt] | semmle.label | d [MyInt] | | main.rs:162:10:162:16 | d.value | semmle.label | d.value | +| main.rs:200:32:204:1 | { ... } | semmle.label | { ... } | | main.rs:201:9:201:9 | a | semmle.label | a | | main.rs:201:13:201:21 | source(...) | semmle.label | source(...) | | main.rs:202:10:202:10 | a | semmle.label | a | | main.rs:211:13:211:13 | c | semmle.label | c | | main.rs:211:17:211:25 | source(...) | semmle.label | source(...) | | main.rs:212:14:212:14 | c | semmle.label | c | +| main.rs:219:9:219:9 | a | semmle.label | a | +| main.rs:219:13:219:55 | ...::block_on(...) | semmle.label | ...::block_on(...) | +| main.rs:219:41:219:54 | async_source(...) | semmle.label | async_source(...) | +| main.rs:220:10:220:10 | a | semmle.label | a | subpaths | main.rs:36:26:36:26 | a | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:36:13:36:27 | pass_through(...) | | main.rs:41:26:44:5 | { ... } | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:41:13:44:6 | pass_through(...) | @@ -186,3 +197,4 @@ testFailures | main.rs:162:10:162:16 | d.value | main.rs:159:28:159:36 | source(...) | main.rs:162:10:162:16 | d.value | $@ | main.rs:159:28:159:36 | source(...) | source(...) | | main.rs:202:10:202:10 | a | main.rs:201:13:201:21 | source(...) | main.rs:202:10:202:10 | a | $@ | main.rs:201:13:201:21 | source(...) | source(...) | | main.rs:212:14:212:14 | c | main.rs:211:17:211:25 | source(...) | main.rs:212:14:212:14 | c | $@ | main.rs:211:17:211:25 | source(...) | source(...) | +| main.rs:220:10:220:10 | a | main.rs:201:13:201:21 | source(...) | main.rs:220:10:220:10 | a | $@ | main.rs:201:13:201:21 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/global/main.rs b/rust/ql/test/library-tests/dataflow/global/main.rs index c1e3ee4e8387..15a48ba9b78e 100644 --- a/rust/ql/test/library-tests/dataflow/global/main.rs +++ b/rust/ql/test/library-tests/dataflow/global/main.rs @@ -217,7 +217,7 @@ async fn test_async_await_async_part() { fn test_async_await() { let a = futures::executor::block_on(async_source()); - sink(a); // $ MISSING: hasValueFlow=1 + sink(a); // $ hasValueFlow=1 futures::executor::block_on(test_async_await_async_part()); } diff --git a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected index 2bbff8e33c3f..aa3ae0af0219 100644 --- a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected +++ b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected @@ -50,8 +50,10 @@ | main.rs:211:17:211:25 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:212:9:212:15 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:215:5:215:17 | sink(...) | main.rs:5:1:7:1 | fn sink | +| main.rs:219:13:219:55 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on | | main.rs:219:41:219:54 | async_source(...) | main.rs:200:1:204:1 | fn async_source | | main.rs:220:5:220:11 | sink(...) | main.rs:5:1:7:1 | fn sink | +| main.rs:222:5:222:62 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on | | main.rs:222:33:222:61 | test_async_await_async_part(...) | main.rs:206:1:216:1 | fn test_async_await_async_part | | main.rs:226:5:226:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call | | main.rs:227:5:227:21 | data_in_to_call(...) | main.rs:25:1:28:1 | fn data_in_to_call | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 23270af042a6..9c7be9664332 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -1909,6 +1909,7 @@ models | 1058 | Summary: lang:std; crate::thread::current::set_current; Argument[0]; ReturnValue.Field[crate::result::Result::Err(0)]; value | | 1059 | Summary: lang:std; crate::thread::current::try_with_current; Argument[0].ReturnValue; ReturnValue; value | | 1060 | Summary: lang:std; crate::thread::with_current_name; Argument[0].ReturnValue; ReturnValue; value | +| 1061 | Summary: repo:https://github.com/rust-lang/futures-rs:futures-executor; crate::local_pool::block_on; Argument[0]; ReturnValue; value | storeStep | file://:0:0:0:0 | [summary] to write: Argument[0].Field[crate::option::Option::Some(0)] in lang:core::_::::zip_with | Some | file://:0:0:0:0 | [post] [summary param] 0 in lang:core::_::::zip_with | | file://:0:0:0:0 | [summary] to write: Argument[0].Parameter[0].Reference in lang:alloc::_::::retain | &ref | file://:0:0:0:0 | [summary] to write: Argument[0].Parameter[0] in lang:alloc::_::::retain | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index e204b5a39264..5fc4c55e0032 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:62 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1593 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1594 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:66 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3016 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3017 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | From d9fb13790994686a480cdf824b53901bbdf4acd3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 24 Mar 2025 11:56:00 +0100 Subject: [PATCH 030/409] C#: Add upgrade- and downgrade scripts. --- .../expressions.ql | 13 + .../old.dbscheme | 1460 +++++++++++++++++ .../semmlecode.csharp.dbscheme | 1459 ++++++++++++++++ .../upgrade.properties | 3 + .../old.dbscheme | 1459 ++++++++++++++++ .../semmlecode.csharp.dbscheme | 1460 +++++++++++++++++ .../upgrade.properties | 2 + 7 files changed, 5856 insertions(+) create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql new file mode 100644 index 000000000000..4f516d1d5cba --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql @@ -0,0 +1,13 @@ +class Expression extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +from Expression e, int k, int kind, TypeOrRef t +where + expressions(e, k, t) and + if k = 138 then kind = 106 else kind = k +select e, kind, t diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme new file mode 100644 index 000000000000..66044cfa5bbf --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme @@ -0,0 +1,1460 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme new file mode 100644 index 000000000000..a2bda57dbc6e --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme @@ -0,0 +1,1459 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties new file mode 100644 index 000000000000..9e9a659b10a3 --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties @@ -0,0 +1,3 @@ +description: Remove `interpolated_string_insert_expr` kind. +compatibility: partial +expressions.rel: run expressions.qlo diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme new file mode 100644 index 000000000000..a2bda57dbc6e --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme @@ -0,0 +1,1459 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme new file mode 100644 index 000000000000..66044cfa5bbf --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme @@ -0,0 +1,1460 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties new file mode 100644 index 000000000000..1989c9c8847b --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties @@ -0,0 +1,2 @@ +description: Add `interpolated_string_insert_expr` kind. +compatibility: partial From f582054ca4425b0013fa285d40126ce10bda8307 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 09:17:56 +0000 Subject: [PATCH 031/409] Rust: Refactor the tests that have multiple control flow paths. --- .../CWE-825/AccessInvalidPointer.expected | 142 +++++++++--------- .../security/CWE-825/deallocation.rs | 97 ++++++++---- .../query-tests/security/CWE-825/lifetime.rs | 99 ++++++++---- .../test/query-tests/security/CWE-825/main.rs | 45 +++--- 4 files changed, 225 insertions(+), 158 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 0067fcc17daa..919bd2245199 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,45 +1,44 @@ #select -| deallocation.rs:23:13:23:14 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:57:14:57:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:58:14:58:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:63:6:63:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:64:6:64:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:66:4:66:30 | ...::write::<...> | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:84:13:84:18 | my_ptr | deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:81:14:81:19 | my_ptr | invalid | -| deallocation.rs:99:14:99:15 | p1 | deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:99:14:99:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:40 | ...::dangling | invalid | -| deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | -| deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | -| deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | -| deallocation.rs:179:18:179:20 | ptr | deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:173:27:173:29 | ptr | invalid | +| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:14:33:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:40:6:40:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:45:5:45:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:72:16:72:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:77:16:77:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:82:7:82:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:91:5:91:31 | ...::write::<...> | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:111:13:111:18 | my_ptr | deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:108:14:108:19 | my_ptr | invalid | +| deallocation.rs:126:14:126:15 | p1 | deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:126:14:126:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:119:23:119:40 | ...::dangling | invalid | +| deallocation.rs:127:14:127:15 | p2 | deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:127:14:127:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:120:21:120:42 | ...::dangling_mut | invalid | +| deallocation.rs:128:14:128:15 | p3 | deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:128:14:128:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:121:23:121:36 | ...::null | invalid | +| deallocation.rs:176:15:176:16 | p1 | deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:172:27:172:28 | p1 | invalid | +| deallocation.rs:210:18:210:20 | ptr | deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:204:27:204:29 | ptr | invalid | edges -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | -| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | -| deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:32:66:33 | m2 | provenance | | -| deallocation.rs:66:32:66:33 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | provenance | | -| deallocation.rs:92:6:92:7 | p1 | deallocation.rs:99:14:99:15 | p1 | provenance | | -| deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:92:23:92:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:92:23:92:42 | ...::dangling(...) | deallocation.rs:92:6:92:7 | p1 | provenance | | -| deallocation.rs:93:6:93:7 | p2 | deallocation.rs:100:14:100:15 | p2 | provenance | | -| deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | deallocation.rs:93:6:93:7 | p2 | provenance | | -| deallocation.rs:94:6:94:7 | p3 | deallocation.rs:101:14:101:15 | p3 | provenance | | -| deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | -| deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | -| deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:35:33:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:27:45:28 | m1 | provenance | | +| deallocation.rs:33:35:33:36 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:45:27:45:28 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:33:91:34 | m2 | provenance | | +| deallocation.rs:91:33:91:34 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | provenance | | +| deallocation.rs:119:6:119:7 | p1 | deallocation.rs:126:14:126:15 | p1 | provenance | | +| deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:119:23:119:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:119:23:119:42 | ...::dangling(...) | deallocation.rs:119:6:119:7 | p1 | provenance | | +| deallocation.rs:120:6:120:7 | p2 | deallocation.rs:127:14:127:15 | p2 | provenance | | +| deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | deallocation.rs:120:6:120:7 | p2 | provenance | | +| deallocation.rs:121:6:121:7 | p3 | deallocation.rs:128:14:128:15 | p3 | provenance | | +| deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:121:23:121:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:121:23:121:38 | ...::null(...) | deallocation.rs:121:6:121:7 | p3 | provenance | | +| deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | provenance | | +| deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -48,36 +47,35 @@ models | 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | -| deallocation.rs:23:13:23:14 | m1 | semmle.label | m1 | -| deallocation.rs:25:12:25:31 | ...::read::<...> | semmle.label | ...::read::<...> | -| deallocation.rs:25:33:25:34 | m1 | semmle.label | m1 | -| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | -| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | -| deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | -| deallocation.rs:54:23:54:24 | m2 | semmle.label | m2 | -| deallocation.rs:57:14:57:15 | m2 | semmle.label | m2 | -| deallocation.rs:58:14:58:15 | m2 | semmle.label | m2 | -| deallocation.rs:63:6:63:7 | m2 | semmle.label | m2 | -| deallocation.rs:64:6:64:7 | m2 | semmle.label | m2 | -| deallocation.rs:66:4:66:30 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:66:32:66:33 | m2 | semmle.label | m2 | -| deallocation.rs:81:14:81:19 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:84:13:84:18 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:92:6:92:7 | p1 | semmle.label | p1 | -| deallocation.rs:92:23:92:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:92:23:92:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:93:6:93:7 | p2 | semmle.label | p2 | -| deallocation.rs:93:21:93:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:94:6:94:7 | p3 | semmle.label | p3 | -| deallocation.rs:94:23:94:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:94:23:94:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:99:14:99:15 | p1 | semmle.label | p1 | -| deallocation.rs:100:14:100:15 | p2 | semmle.label | p2 | -| deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | -| deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | -| deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | -| deallocation.rs:173:27:173:29 | ptr | semmle.label | ptr | -| deallocation.rs:179:18:179:20 | ptr | semmle.label | ptr | +| deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | +| deallocation.rs:33:14:33:33 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:33:35:33:36 | m1 | semmle.label | m1 | +| deallocation.rs:40:6:40:7 | m1 | semmle.label | m1 | +| deallocation.rs:45:5:45:25 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:45:27:45:28 | m1 | semmle.label | m1 | +| deallocation.rs:66:23:66:24 | m2 | semmle.label | m2 | +| deallocation.rs:72:16:72:17 | m2 | semmle.label | m2 | +| deallocation.rs:77:16:77:17 | m2 | semmle.label | m2 | +| deallocation.rs:82:7:82:8 | m2 | semmle.label | m2 | +| deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | +| deallocation.rs:91:5:91:31 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:91:33:91:34 | m2 | semmle.label | m2 | +| deallocation.rs:108:14:108:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:111:13:111:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:119:6:119:7 | p1 | semmle.label | p1 | +| deallocation.rs:119:23:119:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:119:23:119:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:120:6:120:7 | p2 | semmle.label | p2 | +| deallocation.rs:120:21:120:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:121:6:121:7 | p3 | semmle.label | p3 | +| deallocation.rs:121:23:121:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:121:23:121:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:126:14:126:15 | p1 | semmle.label | p1 | +| deallocation.rs:127:14:127:15 | p2 | semmle.label | p2 | +| deallocation.rs:128:14:128:15 | p3 | semmle.label | p3 | +| deallocation.rs:172:27:172:28 | p1 | semmle.label | p1 | +| deallocation.rs:176:15:176:16 | p1 | semmle.label | p1 | +| deallocation.rs:204:27:204:29 | ptr | semmle.label | ptr | +| deallocation.rs:210:18:210:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 30677ddc07cc..738abe774035 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -1,7 +1,7 @@ // --- std::alloc --- -pub fn test_alloc(do_dangerous_writes: bool) { +pub fn test_alloc(mode: i32) { let layout = std::alloc::Layout::new::(); unsafe { let m1 = std::alloc::alloc(layout); // *mut u8 @@ -20,25 +20,37 @@ pub fn test_alloc(do_dangerous_writes: bool) { std::alloc::dealloc(m1, layout); // $ Source=dealloc // (m1, m2 are now dangling) - let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc - let v6 = *m2; // $ MISSING: Alert - let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc - let v8 = std::ptr::read::(m2); // $ MISSING: Alert - println!(" v5 = {v5} (!)"); // corrupt in practice - println!(" v6 = {v6} (!)"); // corrupt in practice - println!(" v7 = {v7} (!)"); // corrupt in practice - println!(" v8 = {v8} (!)"); // corrupt in practice - - if do_dangerous_writes { - *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc - *m2 = 3; // $ MISSING: Alert - std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc - std::ptr::write::(m2, 5); // $ MISSING: Alert + match mode { + 0 => { + // reads + let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v6 = *m2; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + }, + 100 => { + // more reads + let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc + let v8 = std::ptr::read::(m2); // $ MISSING: Alert + println!(" v7 = {v7} (!)"); // corrupt in practice + println!(" v8 = {v8} (!)"); // corrupt in practice + }, + 101 => { + // writes + *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc + *m2 = 3; // $ MISSING: Alert + }, + 102 => { + // more writes + std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc + std::ptr::write::(m2, 5); // $ MISSING: Alert + }, + _ => {} } } } -pub fn test_alloc_array(do_dangerous_writes: bool) { +pub fn test_alloc_array(mode: i32) { let layout = std::alloc::Layout::new::<[u8; 10]>(); unsafe { let m1 = std::alloc::alloc(layout); @@ -54,16 +66,31 @@ pub fn test_alloc_array(do_dangerous_writes: bool) { std::alloc::dealloc(m2 as *mut u8, layout); // $ Source=dealloc_array // m1, m2 are now dangling - let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array - let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array - println!(" v3 = {v3} (!)"); // corrupt in practice - println!(" v4 = {v4} (!)"); // corrupt in practice - - if do_dangerous_writes { - (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array - (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array - std::ptr::write::(m1, 5); // $ MISSING: Alert - std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array + match mode { + 0 => { + // read + let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + println!(" v3 = {v3} (!)"); // corrupt in practice + }, + 110 => { + // another read + let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + println!(" v4 = {v4} (!)"); // corrupt in practice + }, + 111 => { + // write + (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + 112 => { + // another write + (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + 113 => { + // more writes + std::ptr::write::(m1, 5); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + _ => {} } } } @@ -88,12 +115,12 @@ pub fn test_libc() { // --- std::ptr --- -pub fn test_ptr_invalid(do_dangerous_accesses: bool) { +pub fn test_ptr_invalid(mode: i32) { let p1: *const i64 = std::ptr::dangling(); // $ Source=dangling let p2: *mut i64 = std::ptr::dangling_mut(); // $ Source=dangling_mut let p3: *const i64 = std::ptr::null(); // $ Source=null - if do_dangerous_accesses { + if mode == 120 { unsafe { // (a segmentation fault occurs in the code below) let v1 = *p1; // $ Alert[rust/access-invalid-pointer]=dangling @@ -129,7 +156,7 @@ pub fn test_drop() { } } -pub fn test_ptr_drop() { +pub fn test_ptr_drop(mode: i32) { let layout = std::alloc::Layout::new::>(); unsafe { let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 @@ -145,10 +172,14 @@ pub fn test_ptr_drop() { std::ptr::drop_in_place(p1); // $ Source=drop_in_place // explicitly destructs the pointed-to `m2` - let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place - let v4 = (*p2)[0]; // $ MISSING: Alert - println!(" v3 = {v3} (!)"); // corrupt in practice - println!(" v4 = {v4} (!)"); // corrupt in practice + if mode == 1 { + let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place + println!(" v3 = {v3} (!)"); // corrupt in practice + } + if mode == 130 { + let v4 = (*p2)[0]; // $ MISSING: Alert + println!(" v4 = {v4} (!)"); // corrupt in practice + } } } diff --git a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs index 49b0678b0359..d7fd8204993a 100644 --- a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs +++ b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs @@ -88,7 +88,7 @@ pub fn test_local_dangling() { // --- local in scope --- -fn use_pointers(p1: *const i64, p2: *mut i64) { +fn use_pointers(p1: *const i64, p2: *mut i64, mode: i32) { let p3: *const i64; let my_local1 = 1; p3 = &my_local1; @@ -96,21 +96,27 @@ fn use_pointers(p1: *const i64, p2: *mut i64) { use_the_stack(); unsafe { - let v1 = *p1; // GOOD - let v2 = *p2; // GOOD - let v3 = *p3; // GOOD - *p2 = 2; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); - println!(" v3 = {v3}"); + if (mode == 0) { + // reads + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } + if (mode == 200) { + // writes + *p2 = 2; // GOOD + } } } -pub fn test_local_in_scope() { +pub fn test_local_in_scope(mode: i32) { let my_local3: i64 = 3; let mut my_local_mut4: i64 = 4; - use_pointers(&my_local3, &mut my_local_mut4); + use_pointers(&my_local3, &mut my_local_mut4, mode); } // --- static lifetime --- @@ -129,18 +135,24 @@ fn get_static_mut() -> *mut i64 { } } -pub fn test_static() { +pub fn test_static(mode: i32) { let p1 = get_const(); let p2 = get_static_mut(); use_the_stack(); unsafe { - let v1 = *p1; // GOOD - let v2 = *p2; // GOOD - *p2 = 3; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); + if (mode == 0) { + // reads + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } + if (mode == 210) { + // writes + *p2 = 3; // GOOD + } } } @@ -299,7 +311,7 @@ impl Drop for MyPair { } } -pub fn test_ptr_to_struct() { +pub fn test_ptr_to_struct(mode: i32) { let p1: *mut MyPair; let p2: *const i64; let p3: *mut i64; @@ -312,33 +324,54 @@ pub fn test_ptr_to_struct() { unsafe { let v1 = (*p1).a; // GOOD + println!(" v1 = {v1}"); + let v2 = (*p1).b; // GOOD + println!(" v2 = {v2}"); + let v3 = *p2; // GOOD let v4 = *p3; // GOOD - (*p1).a = 3; // GOOD - (*p1).b = 4; // GOOD - *p3 = 5; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); println!(" v3 = {v3}"); println!(" v4 = {v4}"); + + (*p1).a = 3; // GOOD + *p3 = 4; // GOOD + (*p1).b = 5; // GOOD } }; // my_pair goes out of scope, thus p1, p2, p3 are dangling use_the_stack(); unsafe { - let v5 = (*p1).a; // $ MISSING: Alert - let v6 = (*p1).b; // $ MISSING: Alert - let v7 = *p2; // $ MISSING: Alert - let v8 = *p3; // $ MISSING: Alert - (*p1).a = 6; // $ MISSING: Alert - (*p1).b = 7; // $ MISSING: Alert - *p3 = 8; // $ MISSING: Alert - println!(" v5 = {v5} (!)"); // dropped in practice - println!(" v6 = {v6} (!)"); // dropped in practice - println!(" v7 = {v7} (!)"); // dropped in practice - println!(" v8 = {v8} (!)"); // dropped in practice + match mode { + 0 => { + // read + let v5 = (*p1).a; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // dropped in practice + }, + 220 => { + // another read + let v6 = (*p1).b; // $ MISSING: Alert + println!(" v6 = {v6} (!)"); // dropped in practice + }, + 221 => { + // more reads + let v7 = *p2; // $ MISSING: Alert + let v8 = *p3; // $ MISSING: Alert + println!(" v7 = {v7} (!)"); // dropped in practice + println!(" v8 = {v8} (!)"); // dropped in practice + }, + 222 => { + // writes + (*p1).a = 6; // $ MISSING: Alert + *p3 = 7; // $ MISSING: Alert + }, + 223 => { + // another write + (*p1).b = 8; // $ MISSING: Alert + }, + _ => {} + } } } diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 9a3dfcd2889c..0b3fc423de12 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -31,7 +31,7 @@ pub fn test_boxes_into() { } } -pub fn test_boxes_1(do_dangerous_writes: bool) { +pub fn test_boxes_1(mode: i32) { let p1: *const i64; let p2: *const i64; let p3: *mut i64; @@ -50,27 +50,28 @@ pub fn test_boxes_1(do_dangerous_writes: bool) { let v1 = *p1; // GOOD let v2 = *p2; // GOOD let v3 = *p3; // GOOD - *p3 = 4; - println!(" v1 = {v1}"); println!(" v2 = {v2}"); println!(" v3 = {v3}"); + *p3 = 4; } } // (b2, b3 go out of scope, thus p2, p3 are dangling) unsafe { - let v4 = *p1; // GOOD - let v5 = *p2; // $ MISSING: Alert - let v6 = *p3; // $ MISSING: Alert - - if do_dangerous_writes { + if mode == 0 { + // reads + let v4 = *p1; // GOOD + let v5 = *p2; // $ MISSING: Alert + let v6 = *p3; // $ MISSING: Alert + println!(" v4 = {v4}"); + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } + if mode == 10 { + // write *p3 = 5; // $ MISSING: Alert use_the_heap(); // "malloc: Heap corruption detected" } - - println!(" v4 = {v4}"); - println!(" v5 = {v5} (!)"); // corrupt in practice - println!(" v6 = {v6} (!)"); // corrupt in practice } } @@ -94,11 +95,15 @@ pub fn test_boxes_2() { // --- main --- fn main() { + let mode = std::env::args().nth(1).unwrap_or("0".to_string()).parse::().unwrap_or(0); + // mode = which test cases to explore (0 should be safe; some will crash / segfault). + println!("mode = {mode}"); + println!("test_boxes_into:"); test_boxes_into(); println!("test_boxes_1:"); - test_boxes_1(false); + test_boxes_1(mode); println!("test_boxes_2:"); test_boxes_2(); @@ -106,22 +111,22 @@ fn main() { // --- println!("test_alloc:"); - test_alloc(false); + test_alloc(mode); println!("test_alloc_array:"); - test_alloc_array(false); + test_alloc_array(mode); println!("test_libc:"); test_libc(); println!("test_ptr_invalid:"); - test_ptr_invalid(false); + test_ptr_invalid(mode); println!("test_drop:"); test_drop(); println!("test_ptr_drop:"); - test_ptr_drop(); + test_ptr_drop(mode); println!("test_qhelp_tests:"); test_qhelp_tests(); @@ -135,10 +140,10 @@ fn main() { test_local_dangling(); println!("test_local_in_scope:"); - test_local_in_scope(); + test_local_in_scope(mode); println!("test_static:"); - test_static(); + test_static(mode); println!("test_call_contexts:"); test_call_contexts(); @@ -153,7 +158,7 @@ fn main() { test_enum(); println!("test_ptr_to_struct:"); - test_ptr_to_struct(); + test_ptr_to_struct(mode); println!("test_ptr_from_ref:"); test_ptr_from_ref(); From b7044bdcde3f7445148a1bc1953f1de9f92dc1e7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:21:02 +0000 Subject: [PATCH 032/409] Rust: Add a test of repeat sinks. --- .../CWE-825/AccessInvalidPointer.expected | 138 +++++++++--------- .../security/CWE-825/deallocation.rs | 4 + 2 files changed, 76 insertions(+), 66 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 919bd2245199..910252a4aca0 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,44 +1,48 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:14:33:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:40:6:40:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:45:5:45:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:72:16:72:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:77:16:77:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:82:7:82:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:91:5:91:31 | ...::write::<...> | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:111:13:111:18 | my_ptr | deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:108:14:108:19 | my_ptr | invalid | -| deallocation.rs:126:14:126:15 | p1 | deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:126:14:126:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:119:23:119:40 | ...::dangling | invalid | -| deallocation.rs:127:14:127:15 | p2 | deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:127:14:127:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:120:21:120:42 | ...::dangling_mut | invalid | -| deallocation.rs:128:14:128:15 | p3 | deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:128:14:128:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:121:23:121:36 | ...::null | invalid | -| deallocation.rs:176:15:176:16 | p1 | deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:172:27:172:28 | p1 | invalid | -| deallocation.rs:210:18:210:20 | ptr | deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:204:27:204:29 | ptr | invalid | +| deallocation.rs:32:16:32:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:16:33:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:14:112:19 | my_ptr | invalid | +| deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | +| deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | +| deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | +| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | +| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:35:33:36 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:27:45:28 | m1 | provenance | | -| deallocation.rs:33:35:33:36 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | -| deallocation.rs:45:27:45:28 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:33:91:34 | m2 | provenance | | -| deallocation.rs:91:33:91:34 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | provenance | | -| deallocation.rs:119:6:119:7 | p1 | deallocation.rs:126:14:126:15 | p1 | provenance | | -| deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:119:23:119:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:119:23:119:42 | ...::dangling(...) | deallocation.rs:119:6:119:7 | p1 | provenance | | -| deallocation.rs:120:6:120:7 | p2 | deallocation.rs:127:14:127:15 | p2 | provenance | | -| deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | deallocation.rs:120:6:120:7 | p2 | provenance | | -| deallocation.rs:121:6:121:7 | p3 | deallocation.rs:128:14:128:15 | p3 | provenance | | -| deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:121:23:121:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:121:23:121:38 | ...::null(...) | deallocation.rs:121:6:121:7 | p3 | provenance | | -| deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | provenance | | -| deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | +| deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:33:95:34 | m2 | provenance | | +| deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | +| deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | +| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | +| deallocation.rs:124:6:124:7 | p2 | deallocation.rs:131:14:131:15 | p2 | provenance | | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | deallocation.rs:124:6:124:7 | p2 | provenance | | +| deallocation.rs:125:6:125:7 | p3 | deallocation.rs:132:14:132:15 | p3 | provenance | | +| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | +| deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | +| deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -48,34 +52,36 @@ models nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | -| deallocation.rs:33:14:33:33 | ...::read::<...> | semmle.label | ...::read::<...> | -| deallocation.rs:33:35:33:36 | m1 | semmle.label | m1 | -| deallocation.rs:40:6:40:7 | m1 | semmle.label | m1 | -| deallocation.rs:45:5:45:25 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:45:27:45:28 | m1 | semmle.label | m1 | -| deallocation.rs:66:23:66:24 | m2 | semmle.label | m2 | -| deallocation.rs:72:16:72:17 | m2 | semmle.label | m2 | -| deallocation.rs:77:16:77:17 | m2 | semmle.label | m2 | -| deallocation.rs:82:7:82:8 | m2 | semmle.label | m2 | +| deallocation.rs:32:16:32:17 | m1 | semmle.label | m1 | +| deallocation.rs:33:16:33:17 | m1 | semmle.label | m1 | +| deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | +| deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | +| deallocation.rs:49:5:49:25 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:49:27:49:28 | m1 | semmle.label | m1 | +| deallocation.rs:70:23:70:24 | m2 | semmle.label | m2 | +| deallocation.rs:76:16:76:17 | m2 | semmle.label | m2 | +| deallocation.rs:81:16:81:17 | m2 | semmle.label | m2 | | deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | -| deallocation.rs:91:5:91:31 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:91:33:91:34 | m2 | semmle.label | m2 | -| deallocation.rs:108:14:108:19 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:111:13:111:18 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:119:6:119:7 | p1 | semmle.label | p1 | -| deallocation.rs:119:23:119:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:119:23:119:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:120:6:120:7 | p2 | semmle.label | p2 | -| deallocation.rs:120:21:120:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:121:6:121:7 | p3 | semmle.label | p3 | -| deallocation.rs:121:23:121:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:121:23:121:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:126:14:126:15 | p1 | semmle.label | p1 | -| deallocation.rs:127:14:127:15 | p2 | semmle.label | p2 | -| deallocation.rs:128:14:128:15 | p3 | semmle.label | p3 | -| deallocation.rs:172:27:172:28 | p1 | semmle.label | p1 | -| deallocation.rs:176:15:176:16 | p1 | semmle.label | p1 | -| deallocation.rs:204:27:204:29 | ptr | semmle.label | ptr | -| deallocation.rs:210:18:210:20 | ptr | semmle.label | ptr | +| deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 | +| deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 | +| deallocation.rs:112:14:112:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 | +| deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:123:23:123:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:124:6:124:7 | p2 | semmle.label | p2 | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:125:6:125:7 | p3 | semmle.label | p3 | +| deallocation.rs:125:23:125:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:125:23:125:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:130:14:130:15 | p1 | semmle.label | p1 | +| deallocation.rs:131:14:131:15 | p2 | semmle.label | p2 | +| deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | +| deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | +| deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | +| deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | +| deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 738abe774035..a1e3676b8601 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -27,6 +27,10 @@ pub fn test_alloc(mode: i32) { let v6 = *m2; // $ MISSING: Alert println!(" v5 = {v5} (!)"); // corrupt in practice println!(" v6 = {v6} (!)"); // corrupt in practice + + // test repeat reads (we don't want lots of very similar results for the same dealloc) + let v5b = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v5c = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc }, 100 => { // more reads From e4cadf09ce49753261f0854336438a17705618c8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:01:47 +0000 Subject: [PATCH 033/409] Rust: Don't report excessive results for the same source. --- .../ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 5 +++++ .../security/CWE-825/AccessInvalidPointer.expected | 6 ------ rust/ql/test/query-tests/security/CWE-825/deallocation.rs | 4 ++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index cb474d0bb0fb..15d13dcc4790 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -26,6 +26,11 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { node instanceof AccessInvalidPointer::Sink } predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessInvalidPointer::Barrier } + + predicate isBarrierOut(DataFlow::Node node) { + // make sinks barriers so that we only report the closest instance + isSink(node) + } } module AccessInvalidPointerFlow = DataFlow::Global; diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 910252a4aca0..abab63199175 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,7 +1,5 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:32:16:32:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:16:33:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | @@ -18,8 +16,6 @@ | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | @@ -52,8 +48,6 @@ models nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | -| deallocation.rs:32:16:32:17 | m1 | semmle.label | m1 | -| deallocation.rs:33:16:33:17 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | | deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | | deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index a1e3676b8601..77f687b5ae28 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -29,8 +29,8 @@ pub fn test_alloc(mode: i32) { println!(" v6 = {v6} (!)"); // corrupt in practice // test repeat reads (we don't want lots of very similar results for the same dealloc) - let v5b = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc - let v5c = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v5b = *m1; + let v5c = *m1; }, 100 => { // more reads From 363128f4ecfa63084c4a7be819fc52e78fc015b4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 12:21:51 +0000 Subject: [PATCH 034/409] Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 6 +++--- .../ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 2981564b9eec..2aa2b8abef8d 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -5,7 +5,7 @@

    -Dereferencing an invalid or dangling pointer is undefined behavior. Memory may be corrupted +Dereferencing an invalid or dangling pointer may cause undefined behavior. Memory may be corrupted causing the program to crash or behave incorrectly, in some cases exposing the program to potential attacks.

    @@ -17,7 +17,7 @@ potential attacks. When dereferencing a pointer in unsafe code, take care that the pointer is valid and points to the intended data. Code may need to be rearranged or additional checks added to ensure safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this -class of problems altogether. +kind of problems altogether.

    @@ -32,7 +32,7 @@ undefined behavior:

    -In this case undefined behavior can be avoided by rearranging the code so that the dereference +In this case, undefined behavior can be avoided by rearranging the code so that the dereferencing comes before the call to std::ptr::drop_in_place:

    diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index 15d13dcc4790..1d84fffe1ee0 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -1,6 +1,6 @@ /** * @name Access of invalid pointer - * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. + * @description Dereferencing an invalid or dangling pointer causes undefined behavior and may result in memory corruption. * @kind path-problem * @problem.severity error * @security-severity 7.5 From 82068a262d1463fcbb912419727a323780b6ec6c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 12:23:48 +0000 Subject: [PATCH 035/409] Rust: Further rephrasing. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 2aa2b8abef8d..1c6a0452c53b 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -17,7 +17,7 @@ potential attacks. When dereferencing a pointer in unsafe code, take care that the pointer is valid and points to the intended data. Code may need to be rearranged or additional checks added to ensure safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this -kind of problems altogether. +kind of problem altogether.

    From 29a23a3d20deddbceb7c85db87ac42260c9b928a Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 13:28:34 +0100 Subject: [PATCH 036/409] Update UseOfKnownVulnerableAction.ql Name should not end in a `.` --- actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql b/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql index 497a3b9feb9b..05603dae68bb 100644 --- a/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql +++ b/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql @@ -1,5 +1,5 @@ /** - * @name Use of a known vulnerable action. + * @name Use of a known vulnerable action * @description The workflow is using an action with known vulnerabilities. * @kind problem * @problem.severity error From b1737858fa07cdcde9513bac72f738fee9a81dbf Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 12:49:48 +0000 Subject: [PATCH 037/409] UntrustedCheckout: Try and differentiate between two versions of the rule --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index c1d3729701d1..b004b26c603b 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in trusted context + * @name Checkout of untrusted code in trusted context with poisonable step * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 288fcb60928710b975adaa61a034968955b60e2c Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 15:53:20 +0100 Subject: [PATCH 038/409] Update CWE-829 description for clarity --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index b004b26c603b..90feab533a47 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in trusted context with poisonable step + * @name Checkout of untrusted code in priviledged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 0a04191a6173d403c5ea6fc6bcad5a97a27ca77d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 26 Mar 2025 15:06:03 +0000 Subject: [PATCH 039/409] Rust: Effect of merging main (duplicate results). --- .../CWE-825/AccessInvalidPointer.expected | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index abab63199175..78c94169f195 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,7 +1,11 @@ #select +| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | @@ -12,9 +16,16 @@ | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | +| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | +| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges +| deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | @@ -29,23 +40,31 @@ edges | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | -| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:4 MaD:4 | | deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | | deallocation.rs:124:6:124:7 | p2 | deallocation.rs:131:14:131:15 | p2 | provenance | | -| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:5 MaD:5 | | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | deallocation.rs:124:6:124:7 | p2 | provenance | | | deallocation.rs:125:6:125:7 | p3 | deallocation.rs:132:14:132:15 | p3 | provenance | | -| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:7 MaD:7 | | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | +| deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | +| deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | -| 3 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | -| 4 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | -| 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 3 | Source: lang:alloc; crate::alloc::dealloc; pointer-invalidate; Argument[0] | +| 4 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 5 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 6 | Source: lang:core; crate::ptr::drop_in_place; pointer-invalidate; Argument[0] | +| 7 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes +| deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | +| deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | @@ -74,8 +93,12 @@ nodes | deallocation.rs:130:14:130:15 | p1 | semmle.label | p1 | | deallocation.rs:131:14:131:15 | p2 | semmle.label | p2 | | deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | +| deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | +| deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | | deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths From c84e2cd7cb5467a38e603714c13ea617796c3d85 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 26 Mar 2025 15:35:44 +0000 Subject: [PATCH 040/409] Rust: Reduce the workaround (fixes duplicate results). --- .../security/AccessInvalidPointerExtensions.qll | 2 +- .../CWE-825/AccessInvalidPointer.expected | 15 --------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 9f895ef6f87e..c20a4966edd8 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,7 +50,7 @@ module AccessInvalidPointer { sourceNode(n, "pointer-invalidate") and n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr().getParentNode*() = arg + this.asExpr().getExpr().getParentNode+() = arg ) } } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 78c94169f195..ca5982fdb2d7 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,12 +1,8 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | @@ -17,19 +13,13 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | -| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | | deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | @@ -50,10 +40,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | -| deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -65,7 +53,6 @@ models nodes | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | -| deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | | deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | @@ -95,10 +82,8 @@ nodes | deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | -| deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | | deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | | deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths From d1a0237e87cf1f7fe780bba86b413e535d57d87c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:20:25 +0000 Subject: [PATCH 041/409] Rust: Correct a few details in the test. --- .../security/CWE-825/AccessInvalidPointer.expected | 12 ++++++------ .../query-tests/security/CWE-825/deallocation.rs | 14 +++++++++----- rust/ql/test/query-tests/security/CWE-825/main.rs | 2 +- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ca5982fdb2d7..05fb54775121 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,7 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | +| deallocation.rs:216:18:216:20 | ptr | deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:216:18:216:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:210:3:210:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +40,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | +| deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:210:27:210:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:210:27:210:29 | [post] ptr | deallocation.rs:216:18:216:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +83,7 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | +| deallocation.rs:210:3:210:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:210:27:210:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:216:18:216:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 77f687b5ae28..de3b7cbc16c3 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -187,11 +187,13 @@ pub fn test_ptr_drop(mode: i32) { } } +// --- qhelp examples --- + fn do_something(s: &String) { println!(" s = {}", s); } -fn test_qhelp_test_good(ptr: *mut String) { +fn test_qhelp_example_good(ptr: *mut String) { unsafe { do_something(&*ptr); } @@ -203,7 +205,7 @@ fn test_qhelp_test_good(ptr: *mut String) { } } -fn test_qhelp_test_bad(ptr: *mut String) { +fn test_qhelp_example_bad(ptr: *mut String) { unsafe { std::ptr::drop_in_place(ptr); // $ Source=drop_in_place } @@ -215,7 +217,7 @@ fn test_qhelp_test_bad(ptr: *mut String) { } } -pub fn test_qhelp_tests() { +pub fn test_qhelp_examples() { let layout = std::alloc::Layout::new::<[String; 2]>(); unsafe { let ptr = std::alloc::alloc(layout); @@ -226,14 +228,16 @@ pub fn test_qhelp_tests() { *ptr1 = String::from("123"); *ptr2 = String::from("456"); - test_qhelp_test_good(ptr1); + test_qhelp_example_good(ptr1); - test_qhelp_test_bad(ptr2); + test_qhelp_example_bad(ptr2); std::alloc::dealloc(ptr, layout); } } +// --- Vec --- + pub fn test_vec_reserve() { let mut vec1 = Vec::::new(); vec1.push(100); diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 0b3fc423de12..ec135011f705 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -129,7 +129,7 @@ fn main() { test_ptr_drop(mode); println!("test_qhelp_tests:"); - test_qhelp_tests(); + test_qhelp_examples(); println!("test_vec_reserve:"); test_vec_reserve(); From 8598d619f231a19db8734712019668ce3c368437 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:39:25 +0000 Subject: [PATCH 042/409] Rust: Add a test case involving a Drop method. --- .../CWE-825/AccessInvalidPointer.expected | 14 +++++---- .../security/CWE-825/deallocation.rs | 29 +++++++++++++++++++ 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 05fb54775121..479a53ba823d 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,8 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:216:18:216:20 | ptr | deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:216:18:216:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:210:3:210:25 | ...::drop_in_place | invalid | +| deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:212:10:212:17 | self.ptr | invalid | +| deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +41,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:210:27:210:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:210:27:210:29 | [post] ptr | deallocation.rs:216:18:216:20 | ptr | provenance | | +| deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:239:27:239:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:239:27:239:29 | [post] ptr | deallocation.rs:245:18:245:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +84,8 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:210:3:210:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:210:27:210:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:216:18:216:20 | ptr | semmle.label | ptr | +| deallocation.rs:212:10:212:17 | self.ptr | semmle.label | self.ptr | +| deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index de3b7cbc16c3..ed507fee408e 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -187,6 +187,35 @@ pub fn test_ptr_drop(mode: i32) { } } +struct MyDropBuffer { + ptr: *mut u8, +} + +impl MyDropBuffer { + unsafe fn new() -> MyDropBuffer { + let layout = std::alloc::Layout::from_size_align(1024, 1).unwrap(); + + MyDropBuffer { + ptr: std::alloc::alloc(layout), + } + + // ... + } +} + +impl Drop for MyDropBuffer { + fn drop(&mut self) { + let layout = std::alloc::Layout::from_size_align(1024, 1).unwrap(); + + unsafe { + _ = *self.ptr; + drop(*self.ptr); // $ MISSING: Source=drop SPURIOUS: Alert[rust/access-invalid-pointer]=drop + _ = *self.ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=drop + std::alloc::dealloc(self.ptr, layout); + } + } +} + // --- qhelp examples --- fn do_something(s: &String) { From 4e496fe7b2d7229610c63bc7f3f438bf98dc42c8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:48:53 +0000 Subject: [PATCH 043/409] Rust: Lets just not model 'drop' incorrectly, for now. --- .../ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml | 2 -- .../codeql/rust/security/AccessInvalidPointerExtensions.qll | 5 +++++ .../security/CWE-825/AccessInvalidPointer.expected | 2 -- rust/ql/test/query-tests/security/CWE-825/deallocation.rs | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index 0960dd9c541a..69c5a1f3ba49 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -30,8 +30,6 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - # Mem - - ["lang:core", "crate::mem::drop", "Argument[0]", "pointer-invalidate", "manual"] # Ptr - ["lang:core", "crate::ptr::drop_in_place", "Argument[0]", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index c20a4966edd8..360a66e402c0 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -36,6 +36,11 @@ module AccessInvalidPointer { /** * A pointer invalidation from model data. + * + * Note: we don't currently support invalidation via the object itself rather than via a pointer, such as: + * ``` + * drop(obj) + * ``` */ private class ModelsAsDataSource extends Source { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 479a53ba823d..19dabe2fe8be 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,6 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:212:10:212:17 | self.ptr | invalid | | deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | @@ -84,7 +83,6 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:212:10:212:17 | self.ptr | semmle.label | self.ptr | | deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index ed507fee408e..9ddb011c4b27 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -209,7 +209,7 @@ impl Drop for MyDropBuffer { unsafe { _ = *self.ptr; - drop(*self.ptr); // $ MISSING: Source=drop SPURIOUS: Alert[rust/access-invalid-pointer]=drop + drop(*self.ptr); // $ MISSING: Source=drop _ = *self.ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=drop std::alloc::dealloc(self.ptr, layout); } From 9ae271a7d14c688de98d7dc3d0e4e1d0ec76e10b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 12:55:36 +0000 Subject: [PATCH 044/409] Rust: Fix incidentally affected test merge conflict. --- .../test/query-tests/security/CWE-020/RegexInjection.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 0e1ea0fb063a..2902f9a4f51e 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -3,14 +3,14 @@ edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | | main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1607 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1606 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | | main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3030 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3029 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | From f6ac82aff04c09471f36281abe46225c121ab156 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 27 Mar 2025 15:10:14 +0100 Subject: [PATCH 045/409] Rust: Add more path resolution tests --- .../library-tests/path-resolution/main.rs | 22 ++++ .../test/library-tests/path-resolution/my.rs | 6 + .../path-resolution/my/my4/my5/mod.rs | 3 + .../path-resolution/path-resolution.expected | 124 ++++++++++-------- 4 files changed, 101 insertions(+), 54 deletions(-) create mode 100644 rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 7857ddc6cf5f..6b2052a1b3c9 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -473,6 +473,26 @@ mod m17 { } // I99 } +mod m18 { + fn f() { + println!("m18::f"); + } // I101 + + pub mod m19 { + fn f() { + println!("m18::m19::f"); + } // I102 + + pub mod m20 { + pub fn g() { + println!("m18::m19::m20::g"); + super::f(); // $ item=I102 + super::super::f(); // $ item=I101 + } // I103 + } + } +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 @@ -498,4 +518,6 @@ fn main() { nested6::f(); // $ item=I116 nested8::f(); // $ item=I119 my3::f(); // $ item=I200 + nested_f(); // $ MISSING: item=I201 + m18::m19::m20::g(); // $ item=I103 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index fd9511a21181..487b0e78769c 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -10,3 +10,9 @@ pub fn h() { println!("my.rs::h"); g(); // $ item=I7 } // I39 + +mod my4 { + pub mod my5; +} + +pub use my4::my5::f as nested_f; // $ MISSING: item=I201 diff --git a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs new file mode 100644 index 000000000000..25a94fee7c14 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs @@ -0,0 +1,3 @@ +pub fn f() { + println!("my/my4/my5/mod.rs::f"); +} // I201 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 51dcc55b9e2d..6bf3f6567346 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -21,6 +21,9 @@ mod | main.rs:294:1:348:1 | mod m15 | | main.rs:350:1:442:1 | mod m16 | | main.rs:444:1:474:1 | mod m17 | +| main.rs:476:1:494:1 | mod m18 | +| main.rs:481:5:493:5 | mod m19 | +| main.rs:486:9:492:9 | mod m20 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -30,6 +33,8 @@ mod | my2/nested2.rs:21:1:27:1 | mod nested7 | | my2/nested2.rs:22:5:26:5 | mod nested8 | | my.rs:1:1:1:15 | mod nested | +| my.rs:14:1:16:1 | mod my4 | +| my.rs:15:5:15:16 | mod my5 | | my/nested.rs:1:1:17:1 | mod nested1 | | my/nested.rs:2:5:11:5 | mod nested2 | resolvePath @@ -51,7 +56,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:501:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:523:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -63,7 +68,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:501:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:523:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -77,7 +82,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:501:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:523:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -210,56 +215,65 @@ resolvePath | main.rs:465:9:465:18 | ...::f | main.rs:446:9:446:20 | fn f | | main.rs:470:9:470:9 | g | main.rs:459:5:466:5 | fn g | | main.rs:471:11:471:11 | S | main.rs:449:5:449:13 | struct S | -| main.rs:477:5:477:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:477:5:477:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:477:5:477:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:477:5:477:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:477:5:477:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:478:5:478:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:478:5:478:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:479:5:479:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:479:5:479:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:479:5:479:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:479:5:479:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:480:5:480:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:481:5:481:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:482:5:482:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:482:5:482:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:483:5:483:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:483:5:483:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:483:5:483:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:484:5:484:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:484:5:484:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:484:5:484:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:484:5:484:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:485:5:485:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:485:5:485:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:486:5:486:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:487:5:487:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:488:5:488:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:489:5:489:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:490:5:490:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:490:5:490:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:491:5:491:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:491:5:491:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:492:5:492:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:492:5:492:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:493:5:493:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:493:5:493:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:494:5:494:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:494:5:494:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:495:5:495:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:495:5:495:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:496:5:496:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:496:5:496:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:497:5:497:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:497:5:497:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:498:5:498:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:498:5:498:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:499:5:499:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:499:5:499:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:500:5:500:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:500:5:500:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:489:17:489:21 | super | main.rs:481:5:493:5 | mod m19 | +| main.rs:489:17:489:24 | ...::f | main.rs:482:9:484:9 | fn f | +| main.rs:490:17:490:21 | super | main.rs:481:5:493:5 | mod m19 | +| main.rs:490:17:490:28 | ...::super | main.rs:476:1:494:1 | mod m18 | +| main.rs:490:17:490:31 | ...::f | main.rs:477:5:479:5 | fn f | +| main.rs:497:5:497:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:497:5:497:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:497:5:497:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:497:5:497:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:497:5:497:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:498:5:498:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:498:5:498:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:499:5:499:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:499:5:499:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:499:5:499:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:499:5:499:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:500:5:500:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:501:5:501:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:502:5:502:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:502:5:502:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:503:5:503:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:503:5:503:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:503:5:503:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:504:5:504:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:504:5:504:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:504:5:504:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:504:5:504:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:505:5:505:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:505:5:505:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:506:5:506:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:507:5:507:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:508:5:508:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:509:5:509:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:510:5:510:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:510:5:510:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:511:5:511:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:511:5:511:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:512:5:512:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:512:5:512:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:513:5:513:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:513:5:513:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:514:5:514:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:514:5:514:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:515:5:515:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:515:5:515:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:516:5:516:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:516:5:516:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:517:5:517:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:517:5:517:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:518:5:518:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:518:5:518:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:519:5:519:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:522:5:522:20 | ...::g | main.rs:487:13:491:13 | fn g | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -273,13 +287,15 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:501:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:523:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | +| my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | +| my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | From 2dcd7895ec963ce8379bb89b3923922a03b620b9 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:27:42 +0000 Subject: [PATCH 046/409] Python: Modernise `py/mixed-tuple-returns` Removes the dependence on points-to in favour of an approach based on (local) data-flow. I first tried a version that used type tracking, as this more accurately mimics the behaviour of the old query. However, I soon discovered that there were _many_ false positives in this setup. The main bad pattern I saw was a helper function somewhere deep inside the code that both receives and returns an argument that can be tuples with different sizes and origins. In this case, global flow produces something akin to a cartesian product of "n-tuples that flow into the function" and "m-tuples that flow into the function" where m < n. To combat this, I decided to instead focus on only flow _within_ a given function (and so local data-flow was sufficient). Additionally, another class of false positives I saw was cases where the return type actually witnessed that the function in question could return tuples of varying sizes. In this case it seems reasonable to not flag these instances, since they are already (presumably) being checked by a type checker. More generally, if you've annotated the return type of the function with anything (not just `Tuple[...]`), then there's probably little need to flag it. --- .../src/Functions/ReturnConsistentTupleSizes.ql | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/python/ql/src/Functions/ReturnConsistentTupleSizes.ql b/python/ql/src/Functions/ReturnConsistentTupleSizes.ql index 9046f52cecbd..f0cb83067e0f 100644 --- a/python/ql/src/Functions/ReturnConsistentTupleSizes.ql +++ b/python/ql/src/Functions/ReturnConsistentTupleSizes.ql @@ -4,6 +4,7 @@ * @kind problem * @tags reliability * maintainability + * quality * @problem.severity recommendation * @sub-severity high * @precision high @@ -11,13 +12,15 @@ */ import python +import semmle.python.ApiGraphs -predicate returns_tuple_of_size(Function func, int size, AstNode origin) { - exists(Return return, TupleValue val | +predicate returns_tuple_of_size(Function func, int size, Tuple tuple) { + exists(Return return, DataFlow::Node value | + value.asExpr() = return.getValue() and return.getScope() = func and - return.getValue().pointsTo(val, origin) + any(DataFlow::LocalSourceNode n | n.asExpr() = tuple).flowsTo(value) | - size = val.length() + size = count(int n | exists(tuple.getElt(n))) ) } @@ -25,6 +28,8 @@ from Function func, int s1, int s2, AstNode t1, AstNode t2 where returns_tuple_of_size(func, s1, t1) and returns_tuple_of_size(func, s2, t2) and - s1 < s2 + s1 < s2 and + // Don't report on functions that have a return type annotation + not exists(func.getDefinition().(FunctionExpr).getReturns()) select func, func.getQualifiedName() + " returns $@ and $@.", t1, "tuple of size " + s1, t2, "tuple of size " + s2 From f601f4ad9ba2a5d56365ef7692b7f7b6bb8e1ee9 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:31:28 +0000 Subject: [PATCH 047/409] Python: Update test expectations As we're no longer tracking tuples across function boundaries, we lose the result that related to this setup (which, as the preceding commit explains, lead to a lot of false positives). --- .../Functions/return_values/ReturnConsistentTupleSizes.expected | 1 - 1 file changed, 1 deletion(-) diff --git a/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected b/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected index fd4f1ee2dd70..2733ae8c26ac 100644 --- a/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected +++ b/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected @@ -1,2 +1 @@ | functions_test.py:306:1:306:39 | Function returning_different_tuple_sizes | returning_different_tuple_sizes returns $@ and $@. | functions_test.py:308:16:308:18 | Tuple | tuple of size 2 | functions_test.py:310:16:310:20 | Tuple | tuple of size 3 | -| functions_test.py:324:1:324:50 | Function indirectly_returning_different_tuple_sizes | indirectly_returning_different_tuple_sizes returns $@ and $@. | functions_test.py:319:12:319:14 | Tuple | tuple of size 2 | functions_test.py:322:12:322:16 | Tuple | tuple of size 3 | From 980c7d83dac91f6dae11d352a5603a45d23b52ca Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:33:00 +0000 Subject: [PATCH 048/409] Python: Add change note --- .../2025-03-27-modernize-mixed-tuple-returns-query.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md new file mode 100644 index 000000000000..9f527b6b5a3e --- /dev/null +++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- + +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this lead to too many false positives. From 68668b8e224a95591342610812b07e1f6489b113 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 23:23:29 +0100 Subject: [PATCH 049/409] Python: Fix grammar in change note --- .../2025-03-27-modernize-mixed-tuple-returns-query.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md index 9f527b6b5a3e..57cf5c69a139 100644 --- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md +++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md @@ -2,4 +2,4 @@ category: minorAnalysis --- -- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this lead to too many false positives. +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. From ff99d5c6880c347171183712a909bac3ec9bee85 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 24 Mar 2025 12:36:52 +0100 Subject: [PATCH 050/409] JS: Add test for API graph through spread args --- .../ql/test/ApiGraphs/spread/VerifyAssertions.expected | 2 ++ javascript/ql/test/ApiGraphs/spread/tst.js | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected index e69de29bb2d1..366c66f07636 100644 --- a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected @@ -0,0 +1,2 @@ +| tst.js:15:14:15:101 | /* def= ... r(0) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(0); it does have outgoing edges labelled getReceiver(), getReturn(). | +| tst.js:16:14:16:101 | /* def= ... r(1) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(1); it does have outgoing edges labelled getReceiver(), getReturn(). | diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index cece4692043e..ebacd48d1f30 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -9,3 +9,12 @@ function f() { lib.m1({ ...f() }) + +function getArgs() { + return [ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(0) */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(1) */ + ] +} + +lib.m2(...getArgs()); From 1ad471cb32559d8c6ff7505ff70aa199405ca5c9 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 24 Mar 2025 13:33:58 +0100 Subject: [PATCH 051/409] JS: Track through spread/rest params in API graphs --- .../ql/lib/semmle/javascript/ApiGraphs.qll | 50 +++++++++++++++++++ .../semmle/javascript/dataflow/Sources.qll | 6 +++ .../spread/VerifyAssertions.expected | 2 - javascript/ql/test/ApiGraphs/spread/tst.js | 4 +- .../Security/CWE-918/RequestForgery.expected | 12 +++++ .../Security/CWE-918/apollo.serverSide.ts | 4 +- 6 files changed, 72 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 4ef187de4d89..c53d7e4279c9 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -318,6 +318,11 @@ module API { Node getParameter(int i) { Stages::ApiStage::ref() and result = this.getASuccessor(Label::parameter(i)) + or + exists(int spreadIndex, string arrayProp | + result = this.getASuccessor(Label::spreadArgument(spreadIndex)).getMember(arrayProp) and + i = spreadIndex + arrayProp.toInt() + ) } /** @@ -860,6 +865,15 @@ module API { .getStaticMember(name, DataFlow::MemberKind::getter()) .getAReturn() ) + or + exists(Function fun, DataFlow::InvokeNode invoke, int argIndex, Parameter rest | + fun.getRestParameter() = rest and + rest.flow() = pred and + invoke.getACallee() = fun and + invoke.getArgument(argIndex) = rhs and + argIndex >= rest.getIndex() and + lbl = Label::member((argIndex - rest.getIndex()).toString()) + ) ) or exists(DataFlow::ClassNode cls, string name | @@ -888,6 +902,11 @@ module API { i = -1 and lbl = Label::receiver() ) or + exists(int i | + spreadArgumentPassing(base, i, rhs) and + lbl = Label::spreadArgument(i) + ) + or exists(DataFlow::SourceNode src, DataFlow::PropWrite pw | use(base, src) and pw = trackUseNode(src).getAPropertyWrite() and rhs = pw.getRhs() | @@ -931,6 +950,21 @@ module API { ) } + pragma[nomagic] + private int firstSpreadIndex(InvokeExpr expr) { + result = min(int i | expr.getArgument(i) instanceof SpreadElement) + } + + private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { + exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | + use(base, use) and + pred = trackUseNode(use, _, bound, "") and + invoke = pred.getAnInvocation().asExpr() and + i = firstSpreadIndex(invoke) and + spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() + ) + } + /** * Holds if `rhs` is the right-hand side of a definition of node `nd`. */ @@ -1579,6 +1613,9 @@ module API { /** Gets the edge label for the receiver. */ LabelReceiver receiver() { any() } + /** Gets the edge label for a spread argument passed at index `i`. */ + LabelSpreadArgument spreadArgument(int i) { result.getIndex() = i } + /** Gets the `return` edge label. */ LabelReturn return() { any() } @@ -1628,6 +1665,7 @@ module API { } or MkLabelReceiver() or MkLabelReturn() or + MkLabelSpreadArgument(int index) { index = [0 .. 10] } or MkLabelDecoratedClass() or MkLabelDecoratedMember() or MkLabelDecoratedParameter() or @@ -1743,6 +1781,18 @@ module API { override string toString() { result = "getReceiver()" } } + /** A label representing an array passed as a spread argument at a given index. */ + class LabelSpreadArgument extends ApiLabel, MkLabelSpreadArgument { + private int index; + + LabelSpreadArgument() { this = MkLabelSpreadArgument(index) } + + /** The argument index at which the spread argument appears. */ + int getIndex() { result = index } + + override string toString() { result = "getSpreadArgument(" + index + ")" } + } + /** A label for a function that is a wrapper around another function. */ class LabelForwardingFunction extends ApiLabel, MkLabelForwardingFunction { override string toString() { result = "getForwardingFunction()" } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll index de103ef1c903..06729815e9a4 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll @@ -254,6 +254,12 @@ private module Cached { cached predicate invocation(DataFlow::SourceNode func, DataFlow::InvokeNode invoke) { hasLocalSource(invoke.getCalleeNode(), func) + or + exists(ClassDefinition cls, SuperCall call | + hasLocalSource(cls.getSuperClass().flow(), func) and + call.getBinder() = cls.getConstructor().getBody() and + invoke = call.flow() + ) } /** diff --git a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected index 366c66f07636..e69de29bb2d1 100644 --- a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected @@ -1,2 +0,0 @@ -| tst.js:15:14:15:101 | /* def= ... r(0) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(0); it does have outgoing edges labelled getReceiver(), getReturn(). | -| tst.js:16:14:16:101 | /* def= ... r(1) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(1); it does have outgoing edges labelled getReceiver(), getReturn(). | diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index ebacd48d1f30..67fed3ef13e1 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -12,8 +12,8 @@ lib.m1({ function getArgs() { return [ - 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(0) */ - 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(1) */ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getSpreadArgument(0).getArrayElement() */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getSpreadArgument(0).getArrayElement() */ ] } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 6b33506d502f..78b02c5f7db4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,5 +1,6 @@ #select | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | +| apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | | serverSide.js:18:5:18:20 | request(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:18:13:18:19 | tainted | The $@ of this request depends on a $@. | serverSide.js:18:13:18:19 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | | serverSide.js:20:5:20:24 | request.get(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:20:17:20:23 | tainted | The $@ of this request depends on a $@. | serverSide.js:20:17:20:23 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | @@ -31,6 +32,11 @@ edges | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | | apollo.serverSide.ts:8:28:8:31 | file | apollo.serverSide.ts:8:43:8:46 | file | provenance | | | apollo.serverSide.ts:8:43:8:46 | file | apollo.serverSide.ts:8:43:8:50 | file.url | provenance | | +| apollo.serverSide.ts:17:34:17:42 | files | apollo.serverSide.ts:18:11:18:15 | files | provenance | | +| apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:17:34:17:42 | files | provenance | | +| apollo.serverSide.ts:18:11:18:15 | files | apollo.serverSide.ts:18:26:18:29 | file | provenance | | +| apollo.serverSide.ts:18:26:18:29 | file | apollo.serverSide.ts:18:41:18:44 | file | provenance | | +| apollo.serverSide.ts:18:41:18:44 | file | apollo.serverSide.ts:18:41:18:48 | file.url | provenance | | | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | axiosInterceptors.serverSide.js:19:11:19:28 | url | provenance | | | axiosInterceptors.serverSide.js:19:11:19:28 | url | axiosInterceptors.serverSide.js:20:23:20:25 | url | provenance | | | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | provenance | | @@ -91,6 +97,12 @@ nodes | apollo.serverSide.ts:8:28:8:31 | file | semmle.label | file | | apollo.serverSide.ts:8:43:8:46 | file | semmle.label | file | | apollo.serverSide.ts:8:43:8:50 | file.url | semmle.label | file.url | +| apollo.serverSide.ts:17:34:17:42 | files | semmle.label | files | +| apollo.serverSide.ts:17:34:17:42 | { files } | semmle.label | { files } | +| apollo.serverSide.ts:18:11:18:15 | files | semmle.label | files | +| apollo.serverSide.ts:18:26:18:29 | file | semmle.label | file | +| apollo.serverSide.ts:18:41:18:44 | file | semmle.label | file | +| apollo.serverSide.ts:18:41:18:48 | file.url | semmle.label | file.url | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | semmle.label | userProvidedUrl | | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | semmle.label | { url } | | axiosInterceptors.serverSide.js:19:11:19:28 | url | semmle.label | url | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts index 1d6aabd87fa5..0f1c4afa554c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts @@ -14,8 +14,8 @@ function createApolloServer(typeDefs) { const resolvers2 = { Mutation: { - downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery] - files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + downloadFiles: async (_, { files }) => { // $ Source[js/request-forgery] + files.forEach((file) => { get(file.url, (res) => {}); }); // $ Alert[js/request-forgery] Sink[js/request-forgery] return true; }, }, From b834ffe246afb01eff645c0049063a68204da6cc Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Mar 2025 20:53:32 +0100 Subject: [PATCH 052/409] JS: Fix a bad join order --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index c53d7e4279c9..f7b7a3e96d48 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -955,12 +955,17 @@ module API { result = min(int i | expr.getArgument(i) instanceof SpreadElement) } + pragma[nomagic] + private InvokeExpr getAnInvocationWithSpread(DataFlow::SourceNode node, int i) { + result = node.getAnInvocation().asExpr() and + i = firstSpreadIndex(result) + } + private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | use(base, use) and pred = trackUseNode(use, _, bound, "") and - invoke = pred.getAnInvocation().asExpr() and - i = firstSpreadIndex(invoke) and + invoke = getAnInvocationWithSpread(pred, i) and spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() ) } From ce7a0fd094e5b1b131aa85daefff69014dd3f2fe Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 10:45:54 +0000 Subject: [PATCH 053/409] Rust: Test for sinks inside sources. --- .../security/CWE-825/AccessInvalidPointer.expected | 14 ++++++++------ .../query-tests/security/CWE-825/deallocation.rs | 5 ++++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 19dabe2fe8be..9479cffc7f5e 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,8 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | +| deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:189:29:189:30 | p3 | invalid | +| deallocation.rs:248:18:248:20 | ptr | deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:248:18:248:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:242:3:242:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +41,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:239:27:239:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:239:27:239:29 | [post] ptr | deallocation.rs:245:18:245:20 | ptr | provenance | | +| deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:242:27:242:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:242:27:242:29 | [post] ptr | deallocation.rs:248:18:248:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +84,8 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | +| deallocation.rs:189:29:189:30 | p3 | semmle.label | p3 | +| deallocation.rs:242:3:242:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:242:27:242:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:248:18:248:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 9ddb011c4b27..dde42aa9414b 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -163,7 +163,7 @@ pub fn test_drop() { pub fn test_ptr_drop(mode: i32) { let layout = std::alloc::Layout::new::>(); unsafe { - let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 + let p1 = std::alloc::alloc(layout) as *mut Vec; let p2 = p1; *p1 = vec!(1, 2, 3); @@ -184,6 +184,9 @@ pub fn test_ptr_drop(mode: i32) { let v4 = (*p2)[0]; // $ MISSING: Alert println!(" v4 = {v4} (!)"); // corrupt in practice } + + let p3 = std::alloc::alloc(layout) as *mut Vec; + std::ptr::drop_in_place((*p3).as_mut_ptr()); // $ SPURIOUS: Alert[rust/access-invalid-pointer] } } From 00753a1fe40a8de525d54e77163ba904166f4b9c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 28 Mar 2025 14:41:59 +0100 Subject: [PATCH 054/409] C#: Address review comments. --- .../stringinterpolation/stringInterpolation.ql | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql index 21b33b12b56d..f4d683858105 100644 --- a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql @@ -1,11 +1,9 @@ import csharp -query predicate inserts(InterpolatedStringExpr expr, Expr e) { - expr.getAnInsert() = e // and inSpecificSource(expr) -} +query predicate inserts(InterpolatedStringExpr expr, Expr e) { expr.getAnInsert() = e } query predicate texts(InterpolatedStringExpr expr, StringLiteral literal) { - expr.getAText() = literal // and inSpecificSource(expr) + expr.getAText() = literal } query predicate interpolationInsertsWithAlign(InterpolatedStringExpr expr, Expr insert, Expr align) { From 605cf359706695f0dbba46c411a393861297d9bf Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 27 Mar 2025 15:10:25 +0100 Subject: [PATCH 055/409] Rust: More path resolution improvements --- .../codeql/rust/internal/PathResolution.qll | 101 ++++++++++++++---- .../library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/my.rs | 2 +- .../path-resolution/path-resolution.expected | 2 + 4 files changed, 84 insertions(+), 23 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 2128bb8e7a82..ae4ed9cf7265 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -116,7 +116,7 @@ abstract class ItemNode extends Locatable { } pragma[nomagic] - private ItemNode getASuccessorRec(string name) { + ItemNode getASuccessorRec(string name) { sourceFileEdge(this, name, result) or this = result.getImmediateParent() and @@ -613,11 +613,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { } /** - * Holds if `m` is a `mod name;` module declaration happening in a file named - * `fileName.rs`, inside the folder `parent`. + * Holds if `m` is a `mod name;` module declaration, where the corresponding + * module file needs to be looked up in `lookup` or one of its descandants. */ -private predicate modImport(Module m, string fileName, string name, Folder parent) { - exists(File f | +private predicate modImport0(Module m, string name, Folder lookup) { + exists(File f, Folder parent, string fileName | f = m.getFile() and not m.hasItemList() and // TODO: handle @@ -629,17 +629,63 @@ private predicate modImport(Module m, string fileName, string name, Folder paren name = m.getName().getText() and parent = f.getParentContainer() and fileName = f.getStem() + | + // sibling import + lookup = parent and + ( + m.getFile() = any(CrateItemNode c).getModuleNode().(SourceFileItemNode).getFile() + or + m.getFile().getBaseName() = "mod.rs" + ) + or + // child import + lookup = parent.getFolder(fileName) + ) +} + +/** + * Holds if `m` is a `mod name;` module declaration, which happens inside a + * nested module, and `pred -> succ` is a module edge leading to `m`. + */ +private predicate modImportNested(ModuleItemNode m, ModuleItemNode pred, ModuleItemNode succ) { + pred.getAnItemInScope() = succ and + ( + modImport0(m, _, _) and + succ = m + or + modImportNested(m, succ, _) + ) +} + +/** + * Holds if `m` is a `mod name;` module declaration, which happens inside a + * nested module, where `ancestor` is a reflexive transitive ancestor module + * of `m` with corresponding lookup folder `lookup`. + */ +private predicate modImportNestedLookup(Module m, ModuleItemNode ancestor, Folder lookup) { + modImport0(m, _, lookup) and + modImportNested(m, ancestor, _) and + not modImportNested(m, _, ancestor) + or + exists(ModuleItemNode m1, Folder mid | + modImportNestedLookup(m, m1, mid) and + modImportNested(m, m1, ancestor) and + lookup = mid.getFolder(m1.getName()) ) } /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { - exists(string fileName, string name, Folder parent | modImport(m, fileName, name, parent) | - // sibling import + exists(string name, Folder parent | + modImport0(m, name, _) and fileModule(f, name, parent) + | + // `m` is not inside a nested module + modImport0(m, name, parent) and + not modImportNested(m, _, _) or - // child import - fileModule(f, name, parent.getFolder(fileName)) + // `m` is inside a nested module + modImportNestedLookup(m, m, parent) ) } @@ -651,7 +697,7 @@ pragma[nomagic] private predicate fileImportEdge(Module mod, string name, ItemNode item) { exists(SourceFileItemNode f | fileImport(mod, f) and - item = f.getASuccessor(name) + item = f.getASuccessorRec(name) ) } @@ -660,7 +706,7 @@ private predicate fileImportEdge(Module mod, string name, ItemNode item) { */ pragma[nomagic] private predicate crateDefEdge(CrateItemNode c, string name, ItemNode i) { - i = c.getModuleNode().getASuccessor(name) and + i = c.getModuleNode().getASuccessorRec(name) and not i instanceof Crate } @@ -742,7 +788,16 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | unqualifiedPathLookup(p, name, ns, mid) and - not declares(mid, ns, name) + not declares(mid, ns, name) and + not name = ["super", "self"] and + not ( + name = "Self" and + mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() + ) and + not ( + name = "crate" and + mid = any(CrateItemNode i).getASourceFile() + ) | // nested modules do not have unqualified access to items from outer modules, // except for items declared at top-level in the source file @@ -943,15 +998,19 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { encl.getADescendant() = use and item = getASuccessor(used, name, ns) and // glob imports can be shadowed - not declares(encl, ns, name) + not declares(encl, ns, name) and + not name = ["super", "self", "Self", "crate"] ) - else item = used - | - not tree.hasRename() and - name = item.getName() - or - name = tree.getRename().getName().getText() and - name != "_" + else ( + item = used and + ( + not tree.hasRename() and + name = item.getName() + or + name = tree.getRename().getName().getText() and + name != "_" + ) + ) ) } @@ -961,7 +1020,7 @@ private module Debug { exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and filepath.matches("%/main.rs") and - startline = 1 + startline = [1, 3] ) } diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 6b2052a1b3c9..374f290b00e1 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -518,6 +518,6 @@ fn main() { nested6::f(); // $ item=I116 nested8::f(); // $ item=I119 my3::f(); // $ item=I200 - nested_f(); // $ MISSING: item=I201 + nested_f(); // $ item=I201 m18::m19::m20::g(); // $ item=I103 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index 487b0e78769c..2dcb1c76aebc 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -15,4 +15,4 @@ mod my4 { pub mod my5; } -pub use my4::my5::f as nested_f; // $ MISSING: item=I201 +pub use my4::my5::f as nested_f; // $ item=I201 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 6bf3f6567346..235ad7451c56 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -270,6 +270,7 @@ resolvePath | main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | | main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | | main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:521:5:521:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | | main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | | main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | | main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | @@ -296,6 +297,7 @@ resolvePath | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | | my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | | my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | +| my.rs:18:9:18:19 | ...::f | my/my4/my5/mod.rs:1:1:3:1 | fn f | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | From 52b889f008c310ac3bc03f56d4310559f6d5a342 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:16:22 -0500 Subject: [PATCH 056/409] Support when a property is specified by a string literal instead of a `nameof` expression In earlier versions of the Razor generator, a string literal was used instead of a `nameof` expression in order to indicate the name of the property being modified. This means we need to look up the property by name instead of using a more explicit access. --- .../csharp/frameworks/microsoft/aspnetcore/Components.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index be937661b477..5fb79418c27e 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -159,7 +159,13 @@ private module JumpNodes { */ Property getParameterProperty() { result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and - exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) + ( + exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) + or + exists(string propertyName | propertyName = this.getArgument(1).(StringLiteral).getValue() | + result.hasName(propertyName) + ) + ) } /** From 3d0a85b3cd5a608e964e865dffe27d16a0f636c8 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:18:15 -0500 Subject: [PATCH 057/409] Add test case using string literal in property name --- .../microsoft/aspnetcore/blazor/NameList2.cs | 50 +++++++++++++++++++ .../microsoft/aspnetcore/blazor/Xss.expected | 3 ++ .../blazor/remoteFlowSource.expected | 3 ++ 3 files changed, 56 insertions(+) create mode 100644 csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs new file mode 100644 index 000000000000..d27d6f2dcde9 --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs @@ -0,0 +1,50 @@ +namespace VulnerableBlazorApp.Components +{ + using System.Collections.Generic; + using Microsoft.AspNetCore.Components; + + [RouteAttribute("/names2/{name?}")] + public partial class NameList2 : Microsoft.AspNetCore.Components.ComponentBase + { + protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder) + { + if (Names is not null) + { + builder.OpenElement(0, "div"); + builder.OpenElement(1, "ul"); + foreach (var name in Names) + { + builder.OpenElement(2, "li"); + builder.OpenComponent(3); + builder.AddComponentParameter(4, "TheName", name); + builder.CloseComponent(); + builder.CloseElement(); + } + builder.CloseElement(); + builder.CloseElement(); + } + + builder.OpenElement(5, "div"); + builder.OpenElement(6, "p"); + builder.AddContent(7, "Name: "); + builder.OpenComponent(8); + builder.AddComponentParameter(9, "TheName", Name); + builder.CloseComponent(); + builder.CloseElement(); + } + + [Parameter] + public string Name { get; set; } + + protected override void OnParametersSet() + { + if (Name is not null) + { + Names.Add(Name); + } + } + + + public List Names { get; set; } = new List(); + } +} \ No newline at end of file diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected index 951269f2b580..3b9a54fafb3d 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected @@ -1,12 +1,15 @@ edges +| NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 | | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 | nodes | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam | | Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName | +| NameList2.cs:31:57:31:60 | access to property Name : String | semmle.label | access to property Name : String | | NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String | subpaths #select | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value | +| Name.cs:13:53:13:59 | access to property TheName | NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList2.cs:31:57:31:60 | access to property Name : String | User-provided value | | Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value | diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected index 2a9268cf01e3..e1b3724f44d6 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected @@ -2,6 +2,9 @@ | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter | | Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external | +| NameList2.cs:31:57:31:60 | access to property Name | ASP.NET Core component route parameter | +| NameList2.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter | +| NameList2.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter | From d601c26355f27c2079fa38fbec99199cdbc20e77 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:24:49 -0500 Subject: [PATCH 058/409] [change-note] Blazor parameter passing string literal --- .../2025-03-08-blazor-parameter-passing-string-literal.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md diff --git a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md new file mode 100644 index 000000000000..66ebd26f653d --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. \ No newline at end of file From 72fb6ed078c3de87871a87a9fe8315f9eb10b4d9 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 28 Mar 2025 11:52:52 +0100 Subject: [PATCH 059/409] Restrict name based property lookup to opened component types --- .../microsoft/aspnetcore/Components.qll | 75 ++++++++++++++++++- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 5fb79418c27e..8cf5ce659e43 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -122,6 +122,38 @@ private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends M } } +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent` method. + */ +private class MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod extends Method { + MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "OpenComponent`1") and + this.getNumberOfParameters() = 1 + } +} + +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent` method. + */ +private class MicrosoftAspNetCoreComponentsOpenComponentMethod extends Method { + MicrosoftAspNetCoreComponentsOpenComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "OpenComponent") and + this.getNumberOfParameters() = 2 + } +} + +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::CloseComponent` method. + */ +private class MicrosoftAspNetCoreComponentsCloseComponentMethod extends Method { + MicrosoftAspNetCoreComponentsCloseComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "CloseComponent") + } +} + private module Sources { private import semmle.code.csharp.security.dataflow.flowsources.Remote @@ -144,6 +176,38 @@ private module Sources { } } +/** + * Holds for matching `RenderTreeBuilder.OpenComponent` and `RenderTreeBuilder.CloseComponent` calls with index `openCallIndex` and `closeCallIndex` respectively + * within the `enclosing` enclosing callabale. The `componentType` is the type of the component that is being opened and closed. + */ +private predicate matchingOpenCloseComponentCalls( + MethodCall openCall, int openCallIndex, MethodCall closeCall, int closeCallIndex, + Callable enclosing, Type componentType +) { + ( + openCall.getTarget().getUnboundDeclaration() instanceof + MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod and + openCall.getTarget().(ConstructedGeneric).getTypeArgument(0) = componentType + or + openCall.getTarget() instanceof MicrosoftAspNetCoreComponentsOpenComponentMethod and + openCall.getArgument(1).(TypeofExpr).getTypeAccess().getTarget() = componentType + ) and + openCall.getEnclosingCallable() = enclosing and + closeCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and + closeCall.getEnclosingCallable() = enclosing and + closeCall.getParent().getParent() = openCall.getParent().getParent() and + openCall.getParent().getIndex() = openCallIndex and + closeCall.getParent().getIndex() = closeCallIndex and + closeCallIndex > openCallIndex and + not exists(int k, MethodCall otherCloseCall | + k in [openCallIndex + 1 .. closeCallIndex - 1] and + otherCloseCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and + otherCloseCall.getEnclosingCallable() = enclosing and + otherCloseCall.getParent().getParent() = openCall.getParent().getParent() and + otherCloseCall.getParent().getIndex() = k + ) +} + private module JumpNodes { /** * A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which @@ -162,8 +226,15 @@ private module JumpNodes { ( exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) or - exists(string propertyName | propertyName = this.getArgument(1).(StringLiteral).getValue() | - result.hasName(propertyName) + exists( + string propertyName, MethodCall openComponent, int i, MethodCall closeComponent, int j + | + propertyName = this.getArgument(1).(StringLiteral).getValue() and + result.hasName(propertyName) and + matchingOpenCloseComponentCalls(openComponent, i, closeComponent, j, + this.getEnclosingCallable(), result.getDeclaringType()) and + this.getParent().getParent() = openComponent.getParent().getParent() and + this.getParent().getIndex() in [i + 1 .. j - 1] ) ) } From 32448c14bd9253f55afc9d0e92370b598f5dc2d7 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 28 Mar 2025 13:06:36 +0100 Subject: [PATCH 060/409] Adjust expected test file --- .../all-platforms/blazor_net_8/XSS.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected index 204c31945956..dbf056053b30 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected @@ -1,8 +1,18 @@ #select +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value | | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value | | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value | edges +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | provenance | Src:MaD:2 MaD:3 | +| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 | +models +| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual | +| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual | +| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck; (T); ; Argument[0]; ReturnValue; value; manual | nodes +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value | | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam | | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam | +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String | +| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | semmle.label | call to method TypeCheck : String | subpaths From 6674288fd2bdb9425e3e64ae4eb83711b096b6c8 Mon Sep 17 00:00:00 2001 From: Taus Date: Fri, 28 Mar 2025 15:12:39 +0000 Subject: [PATCH 061/409] Python: Update test cases Adds a comment explaining why we no longer flag the indirect tuple example. Also adds a test case which _would_ be flagged if not for the type annotation. --- .../query-tests/Functions/return_values/functions_test.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/python/ql/test/query-tests/Functions/return_values/functions_test.py b/python/ql/test/query-tests/Functions/return_values/functions_test.py index 24b1943feeb5..9f72a7fec600 100644 --- a/python/ql/test/query-tests/Functions/return_values/functions_test.py +++ b/python/ql/test/query-tests/Functions/return_values/functions_test.py @@ -321,7 +321,7 @@ def function_returning_2_tuple(): def function_returning_3_tuple(): return 1,2,3 -def indirectly_returning_different_tuple_sizes(x): +def indirectly_returning_different_tuple_sizes(x): # OK, since we only look at local tuple returns if x: return function_returning_2_tuple() else: @@ -347,3 +347,9 @@ def ok_match2(x): # FP return 0 case _: return 1 + +def ok_tuple_returns_captured_in_type(x: bool) -> tuple[int, ...]: # OK because there is a type annotation present + if x: + return 1, 2 + else: + return 1, 2, 3 From 4a76b5b3db817b90b82d97a4b049ef456dbf046f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 15:40:18 +0000 Subject: [PATCH 062/409] Rust: Accept consistency check failures. --- .../CWE-825/CONSISTENCY/DataFlowConsistency.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..f518ed81ffab --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,10 @@ +postWithInFlow +| deallocation.rs:20:23:20:24 | [post] m1 | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:176:27:176:28 | [post] p1 | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:189:27:189:44 | [post] ... .as_mut_ptr(...) | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:217:24:217:31 | [post] self.ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:236:27:236:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:242:27:242:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:267:23:267:25 | [post] ptr | PostUpdateNode should not be the target of local flow. | From ca6444ce98faae024d48b36915a4661449ff10f6 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 27 Mar 2025 11:02:46 +0100 Subject: [PATCH 063/409] VariableCapture: Replace phi-read reference with SSA data flow integration module. --- .../codeql/dataflow/VariableCapture.qll | 148 ++++++++++-------- 1 file changed, 83 insertions(+), 65 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/VariableCapture.qll b/shared/dataflow/codeql/dataflow/VariableCapture.qll index 3077739338ec..c76e1320a37e 100644 --- a/shared/dataflow/codeql/dataflow/VariableCapture.qll +++ b/shared/dataflow/codeql/dataflow/VariableCapture.qll @@ -699,6 +699,7 @@ module Flow Input> implements OutputSig class SourceVariable = CaptureContainer; predicate variableWrite(BasicBlock bb, int i, SourceVariable cc, boolean certain) { + Cached::ref() and ( exists(CapturedVariable v | cc = TVariable(v) and captureWrite(v, bb, i, true, _)) or @@ -721,23 +722,55 @@ module Flow Input> implements OutputSig private module CaptureSsa = Ssa::Make; - private newtype TClosureNode = - TSynthRead(CapturedVariable v, BasicBlock bb, int i, Boolean isPost) { - synthRead(v, bb, i, _, _) - } or - TSynthThisQualifier(BasicBlock bb, int i, Boolean isPost) { synthThisQualifier(bb, i) } or - TSynthPhi(CaptureSsa::DefinitionExt phi) { - phi instanceof CaptureSsa::PhiNode or phi instanceof CaptureSsa::PhiReadNode - } or - TExprNode(Expr expr, Boolean isPost) { - expr instanceof VariableRead - or - synthRead(_, _, _, _, expr) - } or - TParamNode(CapturedParameter p) or - TThisParamNode(Callable c) { captureAccess(_, c) } or - TMallocNode(ClosureExpr ce) { hasConstructorCapture(ce, _) } or - TVariableWriteSourceNode(VariableWrite write) + private module DataFlowIntegrationInput implements CaptureSsa::DataFlowIntegrationInputSig { + private import codeql.util.Void + + class Expr instanceof Input::ControlFlowNode { + string toString() { result = super.toString() } + + predicate hasCfgNode(BasicBlock bb, int i) { bb.getNode(i) = this } + } + + class Guard extends Void { + predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch) { none() } + } + + predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) { none() } + + predicate includeWriteDefsInFlowStep() { none() } + + predicate supportBarrierGuardsOnPhiEdges() { none() } + } + + private module SsaFlow = CaptureSsa::DataFlowIntegration; + + cached + private module Cached { + cached + predicate ref() { any() } + + cached + predicate backref() { localFlowStep(_, _) implies any() } + + cached + newtype TClosureNode = + TSynthRead(CapturedVariable v, BasicBlock bb, int i, Boolean isPost) { + synthRead(v, bb, i, _, _) + } or + TSynthThisQualifier(BasicBlock bb, int i, Boolean isPost) { synthThisQualifier(bb, i) } or + TSynthSsa(SsaFlow::SsaNode n) or + TExprNode(Expr expr, Boolean isPost) { + expr instanceof VariableRead + or + synthRead(_, _, _, _, expr) + } or + TParamNode(CapturedParameter p) or + TThisParamNode(Callable c) { captureAccess(_, c) } or + TMallocNode(ClosureExpr ce) { hasConstructorCapture(ce, _) } or + TVariableWriteSourceNode(VariableWrite write) + } + + private import Cached class ClosureNode extends TClosureNode { /** Gets a textual representation of this node. */ @@ -746,11 +779,7 @@ module Flow Input> implements OutputSig or result = "this" and this = TSynthThisQualifier(_, _, _) or - exists(CaptureSsa::DefinitionExt phi, CaptureContainer cc | - this = TSynthPhi(phi) and - phi.definesAt(cc, _, _, _) and - result = "phi(" + cc.toString() + ")" - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and result = n.toString()) or exists(Expr expr, boolean isPost | this = TExprNode(expr, isPost) | isPost = false and result = expr.toString() @@ -784,9 +813,7 @@ module Flow Input> implements OutputSig captureWrite(_, bb, i, false, any(VariableWrite vw | result = vw.getLocation())) ) or - exists(CaptureSsa::DefinitionExt phi, BasicBlock bb | - this = TSynthPhi(phi) and phi.definesAt(_, bb, _, _) and result = bb.getLocation() - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and result = n.getLocation()) or exists(Expr expr | this = TExprNode(expr, _) and result = expr.getLocation()) or @@ -802,7 +829,7 @@ module Flow Input> implements OutputSig } } - private class TSynthesizedCaptureNode = TSynthRead or TSynthThisQualifier or TSynthPhi; + private class TSynthesizedCaptureNode = TSynthRead or TSynthThisQualifier or TSynthSsa; class SynthesizedCaptureNode extends ClosureNode, TSynthesizedCaptureNode { BasicBlock getBasicBlock() { @@ -810,9 +837,7 @@ module Flow Input> implements OutputSig or this = TSynthThisQualifier(result, _, _) or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(_, result, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getBasicBlock() = result) } Callable getEnclosingCallable() { result = this.getBasicBlock().getEnclosingCallable() } @@ -820,17 +845,13 @@ module Flow Input> implements OutputSig predicate isVariableAccess(CapturedVariable v) { this = TSynthRead(v, _, _, _) or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(TVariable(v), _, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getSourceVariable() = TVariable(v)) } predicate isInstanceAccess() { this instanceof TSynthThisQualifier or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(TThis(_), _, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getSourceVariable() = TThis(_)) } } @@ -872,18 +893,7 @@ module Flow Input> implements OutputSig ) } - private predicate step(CaptureContainer cc, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { - CaptureSsa::adjacentDefReadExt(_, cc, bb1, i1, bb2, i2) - } - - private predicate stepToPhi(CaptureContainer cc, BasicBlock bb, int i, TSynthPhi phi) { - exists(CaptureSsa::DefinitionExt next | - CaptureSsa::lastRefRedefExt(_, cc, bb, i, next) and - phi = TSynthPhi(next) - ) - } - - private predicate ssaAccessAt( + private predicate ssaReadAt( ClosureNode n, CaptureContainer cc, boolean isPost, BasicBlock bb, int i ) { exists(CapturedVariable v | @@ -894,49 +904,57 @@ module Flow Input> implements OutputSig or n = TSynthThisQualifier(bb, i, isPost) and cc = TThis(bb.getEnclosingCallable()) or - exists(CaptureSsa::DefinitionExt phi | - n = TSynthPhi(phi) and phi.definesAt(cc, bb, i, _) and isPost = false - ) - or exists(VariableRead vr, CapturedVariable v | captureRead(v, bb, i, true, vr) and n = TExprNode(vr, isPost) and cc = TVariable(v) ) - or + } + + private predicate ssaWriteAt(ClosureNode n, CaptureContainer cc, BasicBlock bb, int i) { exists(VariableWrite vw, CapturedVariable v | captureWrite(v, bb, i, true, vw) and n = TVariableWriteSourceNode(vw) and - isPost = false and cc = TVariable(v) ) or exists(CapturedParameter p | entryDef(cc, bb, i) and cc = TVariable(p) and - n = TParamNode(p) and - isPost = false + n = TParamNode(p) ) or exists(Callable c | entryDef(cc, bb, i) and cc = TThis(c) and - n = TThisParamNode(c) and - isPost = false + n = TThisParamNode(c) ) } - predicate localFlowStep(ClosureNode node1, ClosureNode node2) { - exists(CaptureContainer cc, BasicBlock bb1, int i1, BasicBlock bb2, int i2 | - step(cc, bb1, i1, bb2, i2) and - ssaAccessAt(node1, pragma[only_bind_into](cc), _, bb1, i1) and - ssaAccessAt(node2, pragma[only_bind_into](cc), false, bb2, i2) + bindingset[result, cc] + pragma[inline_late] + private SsaFlow::Node asNode(CaptureContainer cc, ClosureNode n) { + n = TSynthSsa(result) + or + exists(BasicBlock bb, int i | + result.(SsaFlow::ExprNode).getExpr().hasCfgNode(bb, i) and + ssaReadAt(n, cc, false, bb, i) ) or - exists(CaptureContainer cc, BasicBlock bb, int i | - stepToPhi(cc, bb, i, node2) and - ssaAccessAt(node1, cc, _, bb, i) + exists(BasicBlock bb, int i | + result.(SsaFlow::ExprPostUpdateNode).getExpr().hasCfgNode(bb, i) and + ssaReadAt(n, cc, true, bb, i) ) + or + exists(BasicBlock bb, int i | + result.(SsaFlow::WriteDefSourceNode).getDefinition().definesAt(cc, bb, i) and + ssaWriteAt(n, cc, bb, i) + ) + } + + cached + predicate localFlowStep(ClosureNode n1, ClosureNode n2) { + exists(CaptureContainer cc | SsaFlow::localFlowStep(cc, asNode(cc, n1), asNode(cc, n2), _)) } private predicate storeStepClosure( From 70e53c2f8b3cca70fa272516f709d4b53fe41a8f Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 28 Mar 2025 16:28:12 +0100 Subject: [PATCH 064/409] SSA: Push includeWriteDefsInFlowStep constraint into newtype. --- shared/ssa/codeql/ssa/Ssa.qll | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 2bbdb6e2a478..fcaa1eb6a9f2 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1661,7 +1661,16 @@ module Make Input> { private newtype TNode = TWriteDefSource(WriteDefinition def) { DfInput::ssaDefHasSource(def) } or TExprNode(DfInput::Expr e, Boolean isPost) { e = DfInput::getARead(_) } or - TSsaDefinitionNode(DefinitionExt def) { not phiHasUniqNextNode(def) } or + TSsaDefinitionNode(DefinitionExt def) { + not phiHasUniqNextNode(def) and + if DfInput::includeWriteDefsInFlowStep() + then any() + else ( + def instanceof PhiNode or + def instanceof PhiReadNode or + DfInput::allowFlowIntoUncertainDef(def) + ) + } or TSsaInputNode(SsaPhiExt phi, BasicBlock input) { relevantPhiInputNode(phi, input) } /** @@ -1904,14 +1913,7 @@ module Make Input> { exists(DefinitionExt def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and def.definesAt(v, bb, i, _) and - isUseStep = false and - if DfInput::includeWriteDefsInFlowStep() - then any() - else ( - def instanceof PhiNode or - def instanceof PhiReadNode or - DfInput::allowFlowIntoUncertainDef(def) - ) + isUseStep = false ) or [nodeFrom, nodeFrom.(ExprPostUpdateNode).getPreUpdateNode()].(ReadNode).readsAt(bb, i, v) and From b4daba30a5eb7500945740a9647f3956695588dc Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 10:42:50 +0200 Subject: [PATCH 065/409] SSA: Remove dead code. --- shared/ssa/codeql/ssa/Ssa.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index fcaa1eb6a9f2..7e48feb42dc8 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1757,8 +1757,6 @@ module Make Input> { this.getExpr().hasCfgNode(bb_, i_) } - SourceVariable getVariable() { result = v_ } - pragma[nomagic] predicate readsAt(BasicBlock bb, int i, SourceVariable v) { bb = bb_ and From 133f08784fa738aa4ddf3711d505f8bd132ab80c Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 20 Mar 2025 13:12:48 +0100 Subject: [PATCH 066/409] C++: Eliminate dead code, uncertain is always false. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 44 ++++--------------- 1 file changed, 9 insertions(+), 35 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index f6371e5b696c..e3e07c1522ce 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1879,15 +1879,6 @@ module IteratorFlow { phi.definesAt(sv, bb2, i2, _) ) } - - cached - Node getAPriorDefinition(IteratorSsa::DefinitionExt next) { - exists(IRBlock bb, int i, SourceVariable sv, IteratorSsa::DefinitionExt def | - IteratorSsa::lastRefRedefExt(pragma[only_bind_into](def), pragma[only_bind_into](sv), - pragma[only_bind_into](bb), pragma[only_bind_into](i), next) and - nodeToDefOrUse(result, sv, bb, i, _) - ) - } } /** The set of nodes necessary for iterator flow. */ @@ -1912,25 +1903,19 @@ module IteratorFlow { private import IteratorSsaCached - private predicate defToNode(Node node, Def def, boolean uncertain) { - ( - nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) - or - nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) - ) and - uncertain = false + private predicate defToNode(Node node, Def def) { + nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) + or + nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) } - private predicate nodeToDefOrUse( - Node node, SourceVariable sv, IRBlock bb, int i, boolean uncertain - ) { + private predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i) { exists(Def def | def.hasIndexInBlock(bb, i, sv) and - defToNode(node, def, uncertain) + defToNode(node, def) ) or - useToNode(bb, i, sv, node) and - uncertain = false + useToNode(bb, i, sv, node) } private predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) { @@ -1949,21 +1934,10 @@ module IteratorFlow { * Holds if `nodeFrom` flows to `nodeTo` in a single step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - exists( - Node nFrom, SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2, boolean uncertain - | + exists(SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2 | adjacentDefRead(bb1, i1, sv, bb2, i2) and - nodeToDefOrUse(nFrom, sv, bb1, i1, uncertain) and + nodeToDefOrUse(nodeFrom, sv, bb1, i1) and useToNode(bb2, i2, sv, nodeTo) - | - if uncertain = true - then - nodeFrom = - [ - nFrom, - getAPriorDefinition(any(IteratorSsa::DefinitionExt next | next.definesAt(sv, bb1, i1, _))) - ] - else nFrom = nodeFrom ) } } From aaa7e4cf95f00fcad879e187a96ef1f7ef3a5405 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 26 Mar 2025 13:58:58 +0100 Subject: [PATCH 067/409] C++: Def is only used in defToNode, which doesn't include phi reads nodes. --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index e3e07c1522ce..13243f2b22ea 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1834,7 +1834,7 @@ module IteratorFlow { private module IteratorSsa = SsaImpl::Make; - private class Def extends IteratorSsa::DefinitionExt { + private class Def extends IteratorSsa::Definition { final override Location getLocation() { result = this.getImpl().getLocation() } /** @@ -1842,7 +1842,7 @@ module IteratorFlow { * and is a definition (or use) of the variable `sv`. */ predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) { - super.definesAt(sv, block, index, _) + super.definesAt(sv, block, index) } private Ssa::DefImpl getImpl() { From a6a694dec65b2e086cebc3676ddbadaab9a2ad92 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 20 Mar 2025 14:36:17 +0100 Subject: [PATCH 068/409] C++: Use DataFlowIntegration in IteratorFlow. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 100 ++++++++++-------- .../cpp/ir/dataflow/internal/SsaInternals.qll | 2 +- 2 files changed, 55 insertions(+), 47 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 13243f2b22ea..8a5155239304 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1834,6 +1834,46 @@ module IteratorFlow { private module IteratorSsa = SsaImpl::Make; + private module DataFlowIntegrationInput implements IteratorSsa::DataFlowIntegrationInputSig { + private import codeql.util.Void + + class Expr extends Instruction { + Expr() { + exists(IRBlock bb, int i | + SsaInput::variableRead(bb, i, _, true) and + this = bb.getInstruction(i) + ) + } + + predicate hasCfgNode(SsaInput::BasicBlock bb, int i) { bb.getInstruction(i) = this } + } + + predicate ssaDefHasSource(IteratorSsa::WriteDefinition def) { none() } + + predicate allowFlowIntoUncertainDef(IteratorSsa::UncertainWriteDefinition def) { any() } + + class Guard extends Void { + predicate controlsBranchEdge( + SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch + ) { + none() + } + } + + predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) { + none() + } + + predicate supportBarrierGuardsOnPhiEdges() { none() } + } + + private module DataFlowIntegrationImpl = + IteratorSsa::DataFlowIntegration; + + private class IteratorSynthNode extends DataFlowIntegrationImpl::SsaNode { + IteratorSynthNode() { not this.asDefinition() instanceof IteratorSsa::WriteDefinition } + } + private class Def extends IteratorSsa::Definition { final override Location getLocation() { result = this.getImpl().getLocation() } @@ -1859,37 +1899,15 @@ module IteratorFlow { int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() } } - private class PhiNode extends IteratorSsa::DefinitionExt { - PhiNode() { - this instanceof IteratorSsa::PhiNode or - this instanceof IteratorSsa::PhiReadNode - } - - SsaIteratorNode getNode() { result.getIteratorFlowNode() = this } - } - - cached - private module IteratorSsaCached { - cached - predicate adjacentDefRead(IRBlock bb1, int i1, SourceVariable sv, IRBlock bb2, int i2) { - IteratorSsa::adjacentDefReadExt(_, sv, bb1, i1, bb2, i2) - or - exists(PhiNode phi | - IteratorSsa::lastRefRedefExt(_, sv, bb1, i1, phi) and - phi.definesAt(sv, bb2, i2, _) - ) - } - } - /** The set of nodes necessary for iterator flow. */ - class IteratorFlowNode instanceof PhiNode { + class IteratorFlowNode instanceof IteratorSynthNode { /** Gets a textual representation of this node. */ string toString() { result = super.toString() } /** Gets the type of this node. */ DataFlowType getType() { exists(Ssa::SourceVariable sv | - super.definesAt(sv, _, _, _) and + super.getSourceVariable() = sv and result = sv.getType() ) } @@ -1901,43 +1919,33 @@ module IteratorFlow { Location getLocation() { result = super.getBasicBlock().getLocation() } } - private import IteratorSsaCached - private predicate defToNode(Node node, Def def) { nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) or nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) } - private predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i) { - exists(Def def | - def.hasIndexInBlock(bb, i, sv) and - defToNode(node, def) - ) + bindingset[result, v] + pragma[inline_late] + private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { + result = n.(SsaIteratorNode).getIteratorFlowNode() or - useToNode(bb, i, sv, node) - } - - private predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) { - exists(PhiNode phi | - phi.definesAt(sv, bb, i, _) and - nodeTo = phi.getNode() + exists(Ssa::UseImpl use, IRBlock bb, int i | + result.(DataFlowIntegrationImpl::ExprNode).getExpr().hasCfgNode(bb, i) and + use.hasIndexInBlock(bb, i, v) and + use.getNode() = n ) or - exists(Ssa::UseImpl use | - use.hasIndexInBlock(bb, i, sv) and - nodeTo = use.getNode() - ) + defToNode(n, result.(DataFlowIntegrationImpl::SsaDefinitionNode).getDefinition()) } /** * Holds if `nodeFrom` flows to `nodeTo` in a single step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - exists(SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2 | - adjacentDefRead(bb1, i1, sv, bb2, i2) and - nodeToDefOrUse(nodeFrom, sv, bb1, i1) and - useToNode(bb2, i2, sv, nodeTo) + exists(SourceVariable v | + nodeFrom != nodeTo and + DataFlowIntegrationImpl::localFlowStep(v, fromDfNode(nodeFrom, v), fromDfNode(nodeTo, v), _) ) } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 202d3fa32c80..51829f13df51 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -1069,7 +1069,7 @@ module BarrierGuard { bindingset[result, v] pragma[inline_late] -DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { +private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { result = n.(SsaSynthNode).getSynthNode() or exists(UseImpl use, IRBlock bb, int i | From 8a67e4fddcb9e4ad5ae5aa93be573d1fd6a38785 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:20:40 +0200 Subject: [PATCH 069/409] Misc: Add stage overlap script --- misc/scripts/stageoverlap.py | 81 ++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100755 misc/scripts/stageoverlap.py diff --git a/misc/scripts/stageoverlap.py b/misc/scripts/stageoverlap.py new file mode 100755 index 000000000000..42b3d8db0b22 --- /dev/null +++ b/misc/scripts/stageoverlap.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python3 + +import sys +import os +import re + +# read first argument +if len(sys.argv) < 2: + print("Usage: stagestats.py ") + sys.exit(1) + +dilfile = sys.argv[1] + +seen_stages = set() +computed_predicates = {} +stage_number = 0 + +def process_stage(stage, cached): + global stage_number + stage_key = ' '.join(cached) + # skip repeated stages (in case we're looking at DIL for several queries, e.g. from a .qls) + if stage_key in seen_stages: + return + # don't count the query-stage as seen, since we don't want to skip those + if not '#select' in cached: + seen_stages.add(stage_key) + stage_number += 1 + print('STAGE ' + str(stage_number) + ':') + print(str(len(cached)) + ' cached predicate(s)') + print(' '.join(cached)) + for predicate in stage: + # strip trailing characters matching the regex '#[bf]+', i.e. disregard magic + predicate = re.sub('#[bf]+$', '', predicate) + # TODO: maybe also strip the hash? + # predicate = re.sub('#[a-f0-9]+$', '', predicate) + if predicate in computed_predicates.keys(): + # skip db-relations and some generated predicates + if predicate.startswith('@') or predicate.startswith('project#'): + continue + prior_stage = computed_predicates[predicate] + print('Recompute from ' + str(prior_stage) + ': ' + predicate) + else: + computed_predicates[predicate] = stage_number + print() + +with open(dilfile, 'r') as f: + stage = [] + cached = [] + query = False + for line in f: + # skip lines starting with a space, i.e. predicate bodies + if line.startswith(' '): continue + # get the part of the line containing no spaces occuring before the first '(' + # this is the predicate name + parenpos = line.find('(') + if parenpos != -1: + start = line.rfind(' ', 0, parenpos) + predicate = line[start+1:parenpos] + if predicate.startswith('`'): + # remove the leading and trailing backticks + predicate = predicate[1:-1] + stage.append(predicate) + continue + # query predicates, aka cached predicates, are written either as + # 'query = ...' on one line, or split across 2+ lines + if line.startswith('query '): + predicate = line.split(' ')[1] + cached.append(predicate) + continue + if line == 'query\n': + query = True + continue + if query: + predicate = line.split(' ')[0] + cached.append(predicate) + query = False + continue + if line == '/* ---------- END STAGE ---------- */\n': + process_stage(stage, cached) + stage = [] + cached = [] From 9a8ab2d45b2d0ea46c56075357dbde4a4777eb5b Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:28:29 +0200 Subject: [PATCH 070/409] Update misc/scripts/stageoverlap.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- misc/scripts/stageoverlap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/scripts/stageoverlap.py b/misc/scripts/stageoverlap.py index 42b3d8db0b22..979fc61571e5 100755 --- a/misc/scripts/stageoverlap.py +++ b/misc/scripts/stageoverlap.py @@ -6,7 +6,7 @@ # read first argument if len(sys.argv) < 2: - print("Usage: stagestats.py ") + print("Usage: stageoverlap.py ") sys.exit(1) dilfile = sys.argv[1] From 56c46d74f91a17c6f0e25577ab32b46ffb4a85c0 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:44:37 +0200 Subject: [PATCH 071/409] Java/Rust/Swift: Accept qltest changes. --- .../test/library-tests/dataflow/capture/test.expected | 2 -- .../local/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../library-tests/dataflow/local/DataFlowStep.expected | 9 ++++----- .../library-tests/dataflow/dataflow/LocalFlow.expected | 10 +++++----- 4 files changed, 9 insertions(+), 14 deletions(-) delete mode 100644 rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected diff --git a/java/ql/test/library-tests/dataflow/capture/test.expected b/java/ql/test/library-tests/dataflow/capture/test.expected index 1e8a2d7d3349..a744f468fbe9 100644 --- a/java/ql/test/library-tests/dataflow/capture/test.expected +++ b/java/ql/test/library-tests/dataflow/capture/test.expected @@ -18,7 +18,6 @@ | A.java:21:11:21:13 | "B" : String | A.java:15:16:15:22 | get(...) : String | | A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | ...=... : String | | A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | SSA phi(s) : String | -| A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | phi(String s) : String | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | String s : String | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | @@ -35,7 +34,6 @@ | A.java:23:11:23:13 | "C" : String | A.java:15:16:15:22 | get(...) : String | | A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | ...=... : String | | A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | SSA phi(s) : String | -| A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | phi(String s) : String | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | String s : String | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | diff --git a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e20ac1da53f6..000000000000 --- a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| main.rs:442:9:442:20 | phi(default_name) | Node steps to itself | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 2766d8c0fd8c..7fd8c3fe8a8e 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -647,10 +647,9 @@ localStep | main.rs:441:24:441:33 | [post] receiver for source(...) | main.rs:441:24:441:33 | [post] source(...) | | main.rs:441:24:441:33 | source(...) | main.rs:441:24:441:33 | receiver for source(...) | | main.rs:441:24:441:45 | ... .to_string(...) | main.rs:441:9:441:20 | default_name | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:442:5:448:5 | for ... in ... { ... } | main.rs:440:75:449:1 | { ... } | -| main.rs:442:9:442:20 | phi(default_name) | main.rs:442:9:442:20 | phi(default_name) | -| main.rs:442:9:442:20 | phi(default_name) | main.rs:444:41:444:67 | default_name | +| main.rs:442:9:442:20 | SSA phi read(default_name) | main.rs:444:41:444:67 | default_name | | main.rs:442:10:442:13 | [SSA] cond | main.rs:443:12:443:15 | cond | | main.rs:442:10:442:13 | cond | main.rs:442:10:442:13 | [SSA] cond | | main.rs:442:10:442:13 | cond | main.rs:442:10:442:13 | cond | @@ -664,9 +663,9 @@ localStep | main.rs:444:21:444:24 | [post] receiver for name | main.rs:444:21:444:24 | [post] name | | main.rs:444:21:444:24 | name | main.rs:444:21:444:24 | receiver for name | | main.rs:444:21:444:68 | name.unwrap_or_else(...) | main.rs:444:17:444:17 | n | -| main.rs:444:41:444:67 | [post] default_name | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:444:41:444:67 | [post] default_name | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:444:41:444:67 | closure self in \|...\| ... | main.rs:444:44:444:55 | this | -| main.rs:444:41:444:67 | default_name | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:444:41:444:67 | default_name | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:444:44:444:55 | [post] receiver for default_name | main.rs:444:44:444:55 | [post] default_name | | main.rs:444:44:444:55 | default_name | main.rs:444:44:444:55 | receiver for default_name | | main.rs:445:18:445:18 | [post] receiver for n | main.rs:445:18:445:18 | [post] n | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected index 7ec3f1a5aa48..b3dca8680670 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected @@ -1378,17 +1378,17 @@ | test.swift:888:9:888:9 | stream | test.swift:888:9:888:9 | SSA def(stream) | | test.swift:888:18:896:6 | call to AsyncStream.init(_:bufferingPolicy:_:) | test.swift:888:9:888:9 | stream | | test.swift:889:9:889:9 | continuation | test.swift:890:27:895:13 | continuation | -| test.swift:890:27:895:13 | closure self parameter | test.swift:891:17:891:17 | phi(this) | +| test.swift:890:27:895:13 | closure self parameter | test.swift:891:17:891:17 | SSA phi read(this) | | test.swift:891:17:891:17 | $generator | test.swift:891:17:891:17 | &... | | test.swift:891:17:891:17 | &... | test.swift:891:17:891:17 | $generator | +| test.swift:891:17:891:17 | SSA phi read(this) | test.swift:892:21:892:21 | this | +| test.swift:891:17:891:17 | SSA phi read(this) | test.swift:894:17:894:17 | this | | test.swift:891:17:891:17 | [post] $generator | test.swift:891:17:891:17 | &... | -| test.swift:891:17:891:17 | phi(this) | test.swift:892:21:892:21 | this | -| test.swift:891:17:891:17 | phi(this) | test.swift:894:17:894:17 | this | | test.swift:891:26:891:26 | $generator | test.swift:891:26:891:26 | SSA def($generator) | | test.swift:891:26:891:26 | SSA def($generator) | test.swift:891:17:891:17 | $generator | | test.swift:891:26:891:30 | call to makeIterator() | test.swift:891:26:891:26 | $generator | -| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | phi(this) | -| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | phi(this) | +| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | SSA phi read(this) | +| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | SSA phi read(this) | | test.swift:898:5:898:5 | $i$generator | test.swift:898:5:898:5 | &... | | test.swift:898:5:898:5 | &... | test.swift:898:5:898:5 | $i$generator | | test.swift:898:5:898:5 | [post] $i$generator | test.swift:898:5:898:5 | &... | From e30fed6eecf67a28bdc5ca06939d0cc68cee6b73 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 31 Mar 2025 11:30:40 +0200 Subject: [PATCH 072/409] C#: Improve upgrade script. --- .../string_interpol_insert.ql | 57 +++++++++++++++++++ .../upgrade.properties | 4 +- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql new file mode 100644 index 000000000000..2df164b2842e --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql @@ -0,0 +1,57 @@ +class Expr extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +class StringLiteral extends Expr, @string_literal_expr { } + +class InterpolatedStringExpr extends Expr, @interpolated_string_expr { } + +class StringInterpolationInsert extends Expr, @element { + StringInterpolationInsert() { + expressions(this, _, _) and + expr_parent(this, _, any(InterpolatedStringExpr x)) and + not this instanceof StringLiteral + } +} + +newtype TAddedElement = TInsert(StringInterpolationInsert e) + +module Fresh = QlBuiltins::NewEntity; + +class TNewExpr = @expr or Fresh::EntityId; + +class NewExpr extends TNewExpr { + string toString() { none() } +} + +query predicate new_expressions(NewExpr id, int kind, TypeOrRef t) { + expressions(id, kind, t) + or + exists(StringInterpolationInsert e | + // The type of `e` is just copied even though a null type would be preferred. + expressions(e, _, t) and + Fresh::map(TInsert(e)) = id and + kind = 138 + ) +} + +query predicate new_expr_parent(NewExpr id, int child, NewExpr parent) { + // Keep all parent child relationships except for string interpolation inserts + expr_parent(id, child, parent) and not id instanceof StringInterpolationInsert + or + exists(StringInterpolationInsert e, int child0, NewExpr p0, NewExpr new_id | + expr_parent(e, child0, p0) and new_id = Fresh::map(TInsert(e)) + | + id = new_id and + child = child0 and + parent = p0 + or + id = e and + child = 0 and + parent = new_id + ) +} diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties index 1989c9c8847b..ef7a5cbf3436 100644 --- a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties @@ -1,2 +1,4 @@ description: Add `interpolated_string_insert_expr` kind. -compatibility: partial +compatibility: backwards +expressions.rel: run string_interpol_insert.qlo new_expressions +expr_parent.rel: run string_interpol_insert.qlo new_expr_parent From 8e1282bfde17e8a35194edf9e6adc90d2ff259ec Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 31 Mar 2025 13:39:03 +0200 Subject: [PATCH 073/409] C#: Improve downgrade script. --- .../expressions.ql | 13 ------- .../string_interpol_insert.ql | 39 +++++++++++++++++++ .../upgrade.properties | 5 ++- 3 files changed, 42 insertions(+), 15 deletions(-) delete mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql deleted file mode 100644 index 4f516d1d5cba..000000000000 --- a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql +++ /dev/null @@ -1,13 +0,0 @@ -class Expression extends @expr { - string toString() { none() } -} - -class TypeOrRef extends @type_or_ref { - string toString() { none() } -} - -from Expression e, int k, int kind, TypeOrRef t -where - expressions(e, k, t) and - if k = 138 then kind = 106 else kind = k -select e, kind, t diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql new file mode 100644 index 000000000000..3f83b1ea3cce --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql @@ -0,0 +1,39 @@ +class Expr extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +class InterpolatedStringInsertExpr extends Expr, @interpolated_string_insert_expr { } + +private predicate remove_expr(Expr e) { + exists(InterpolatedStringInsertExpr ie | + e = ie + or + // Alignment + expr_parent(e, 1, ie) + or + // Format + expr_parent(e, 2, ie) + ) +} + +query predicate new_expressions(Expr e, int kind, TypeOrRef t) { + expressions(e, kind, t) and + // Remove the syntheetic intert expression and previously un-extracted children + not remove_expr(e) +} + +query predicate new_expr_parent(Expr e, int child, Expr parent) { + expr_parent(e, child, parent) and + not remove_expr(e) and + not remove_expr(parent) + or + // Use the string interpolation as parent instead of the synthetic insert expression + exists(InterpolatedStringInsertExpr ie | + expr_parent(e, 0, ie) and + expr_parent(ie, child, parent) + ) +} diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties index 9e9a659b10a3..9e8118060f2b 100644 --- a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties @@ -1,3 +1,4 @@ description: Remove `interpolated_string_insert_expr` kind. -compatibility: partial -expressions.rel: run expressions.qlo +compatibility: backwards +expressions.rel: run string_interpol_insert.qlo new_expressions +expr_parent.rel: run string_interpol_insert.qlo new_expr_parent From f64bdccd6de48aa8e758e2cdc0b38aa76dc687c7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 15:30:59 +0200 Subject: [PATCH 074/409] Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll Co-authored-by: Erik Krogh Kristensen --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index f7b7a3e96d48..1669af0b255e 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1792,7 +1792,7 @@ module API { LabelSpreadArgument() { this = MkLabelSpreadArgument(index) } - /** The argument index at which the spread argument appears. */ + /** Gets the argument index at which the spread argument appears. */ int getIndex() { result = index } override string toString() { result = "getSpreadArgument(" + index + ")" } From 149ec20758460697132cefbf85c401b2a404bdbc Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 15:39:09 +0200 Subject: [PATCH 075/409] JS: Add comment about internal edge --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 1669af0b255e..a1ffc8c02f12 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1795,7 +1795,10 @@ module API { /** Gets the argument index at which the spread argument appears. */ int getIndex() { result = index } - override string toString() { result = "getSpreadArgument(" + index + ")" } + override string toString() { + // Note: This refers to the internal edge that has no corresponding method on API::Node + result = "getSpreadArgument(" + index + ")" + } } /** A label for a function that is a wrapper around another function. */ From e7bb47f335b29661e43ee22e54d66f78c385cb1c Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 28 Mar 2025 12:57:58 +0100 Subject: [PATCH 076/409] ruby: add MaD model for permissions needed by actions Use this to suggest minimal set of nedded permissions --- actions/ql/lib/codeql/actions/Ast.qll | 2 + .../lib/codeql/actions/ast/internal/Ast.qll | 2 + .../ql/lib/codeql/actions/config/Config.qll | 10 +++++ .../actions/config/ConfigExtensions.qll | 5 +++ .../ql/lib/ext/config/actions_permissions.yml | 37 +++++++++++++++++++ .../CWE-275/MissingActionsPermissions.ql | 29 +++++++++++++-- .../CWE-275/.github/workflows/perms6.yml | 13 +++++++ .../MissingActionsPermissions.expected | 7 ++-- 8 files changed, 99 insertions(+), 6 deletions(-) create mode 100644 actions/ql/lib/ext/config/actions_permissions.yml create mode 100644 actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml diff --git a/actions/ql/lib/codeql/actions/Ast.qll b/actions/ql/lib/codeql/actions/Ast.qll index 8c1925f3288c..a50febdea973 100644 --- a/actions/ql/lib/codeql/actions/Ast.qll +++ b/actions/ql/lib/codeql/actions/Ast.qll @@ -242,6 +242,8 @@ class Step extends AstNode instanceof StepImpl { If getIf() { result = super.getIf() } + AstNode getUses() { result = super.getUses() } + StepsContainer getContainer() { result = super.getContainer() } Step getNextStep() { result = super.getNextStep() } diff --git a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll index b0cbb8a1d79e..44ae082a34db 100644 --- a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll +++ b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll @@ -1194,6 +1194,8 @@ class StepImpl extends AstNodeImpl, TStepNode { /** Gets the value of the `if` field in this step, if any. */ IfImpl getIf() { result.getNode() = n.lookup("if") } + AstNodeImpl getUses() { result.getNode() = n.lookup("uses") } + /** Gets the Runs or LocalJob that this step is in. */ StepsContainerImpl getContainer() { result = this.getParentNode().(RunsImpl) or diff --git a/actions/ql/lib/codeql/actions/config/Config.qll b/actions/ql/lib/codeql/actions/config/Config.qll index 08bc7e860c67..e55d36f1bab8 100644 --- a/actions/ql/lib/codeql/actions/config/Config.qll +++ b/actions/ql/lib/codeql/actions/config/Config.qll @@ -154,3 +154,13 @@ predicate untrustedGitCommandDataModel(string cmd_regex, string flag) { predicate untrustedGhCommandDataModel(string cmd_regex, string flag) { Extensions::untrustedGhCommandDataModel(cmd_regex, flag) } + +/** + * MaD models for permissions needed by actions + * Fields: + * - action: action name + * - permission: permission name + */ +predicate actionsPermissionsDataModel(string action, string permission) { + Extensions::actionsPermissionsDataModel(action, permission) +} diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index 68685f5874bb..b86ce68a5fdd 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -77,3 +77,8 @@ extensible predicate untrustedGitCommandDataModel(string cmd_regex, string flag) * Holds for gh commands that may introduce untrusted data */ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); + +/** + * Holds if `action` needs `permission` to run. + */ +extensible predicate actionsPermissionsDataModel(string action, string permission); diff --git a/actions/ql/lib/ext/config/actions_permissions.yml b/actions/ql/lib/ext/config/actions_permissions.yml new file mode 100644 index 000000000000..6e0081973de6 --- /dev/null +++ b/actions/ql/lib/ext/config/actions_permissions.yml @@ -0,0 +1,37 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: actionsPermissionsDataModel + data: + - ["actions/checkout", "contents: read"] + - ["actions/setup-node", "contents: read"] + - ["actions/setup-python", "contents: read"] + - ["actions/setup-java", "contents: read"] + - ["actions/setup-go", "contents: read"] + - ["actions/setup-dotnet", "contents: read"] + - ["actions/labeler", "contents: read"] + - ["actions/labeler", "pull-requests: write"] + - ["actions/attest", "id-token: write"] + - ["actions/attest", "attestations: write"] + # No permissions needed for actions/add-to-project + - ["actions/dependency-review-action", "contents: read"] + - ["actions/attest-sbom", "id-token: write"] + - ["actions/attest-sbom", "attestations: write"] + - ["actions/stale", "contents: write"] + - ["actions/stale", "issues: write"] + - ["actions/stale", "pull-requests: write"] + - ["actions/attest-build-provenance", "id-token: write"] + - ["actions/attest-build-provenance", "attestations: write"] + - ["actions/jekyll-build-pages", "contents: read"] + - ["actions/jekyll-build-pages", "pages: write"] + - ["actions/jekyll-build-pages", "id-token: write"] + - ["actions/publish-action", "contents: write"] + - ["actions/versions-package-tools", "contents: read"] + - ["actions/versions-package-tools", "actions: read"] + - ["actions/reusable-workflows", "contents: read"] + - ["actions/reusable-workflows", "actions: read"] + # TODO: Add permissions for actions/download-artifact + # TODO: Add permissions for actions/upload-artifact + # TODO: Add permissions for actions/cache + + diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 4f7e951d7ed6..6d5bd04b3e26 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -14,7 +14,28 @@ import actions -from Job job +Step stepInJob(Job job) { result = job.(LocalJob).getAStep() } + +bindingset[fullActionSelector] +string versionedAction(string fullActionSelector) { + result = fullActionSelector.substring(0, fullActionSelector.indexOf("@")) + or + not exists(fullActionSelector.indexOf("@")) and + result = fullActionSelector +} + +string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } + +string jobNeedsPersmission(Job job) { + actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) +} + +string permissionsForJob(Job job) { + result = + "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" +} + +from Job job, string permissions where not exists(job.getPermissions()) and not exists(job.getEnclosingWorkflow().getPermissions()) and @@ -22,5 +43,7 @@ where exists(Event e | e = job.getATriggerEvent() and not e.getName() = "workflow_call" - ) -select job, "Actions Job or Workflow does not set permissions" + ) and + permissions = permissionsForJob(job) +select job, + "Actions Job or Workflow does not set permissions. A minimal set might be " + permissions diff --git a/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml new file mode 100644 index 000000000000..2824ca14a7e1 --- /dev/null +++ b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml @@ -0,0 +1,13 @@ +on: + workflow_call: + workflow_dispatch: + +jobs: + build: + name: Build and test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/jekyll-build-pages + + diff --git a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected index 8f94d0dc45a6..c7103d6f8ddc 100644 --- a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected +++ b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected @@ -1,3 +1,4 @@ -| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions | -| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions | -| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions | +| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read, id-token: write, pages: write} | From f5d6fd081d1aba415836168cb435fe102737c1e3 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 31 Mar 2025 16:49:45 +0200 Subject: [PATCH 077/409] Rust: introduce upgrades/downgrades infrastructure --- misc/scripts/prepare-db-upgrade.sh | 2 +- rust/BUILD.bazel | 1 + rust/downgrades/BUILD.bazel | 12 + rust/downgrades/initial/rust.dbscheme | 3601 ++++++++++++++++++++ rust/downgrades/qlpack.yml | 5 + rust/ql/lib/upgrades/initial/rust.dbscheme | 3601 ++++++++++++++++++++ 6 files changed, 7221 insertions(+), 1 deletion(-) create mode 100644 rust/downgrades/BUILD.bazel create mode 100644 rust/downgrades/initial/rust.dbscheme create mode 100644 rust/downgrades/qlpack.yml create mode 100644 rust/ql/lib/upgrades/initial/rust.dbscheme diff --git a/misc/scripts/prepare-db-upgrade.sh b/misc/scripts/prepare-db-upgrade.sh index 8a8b32d17401..bbbeefc43185 100755 --- a/misc/scripts/prepare-db-upgrade.sh +++ b/misc/scripts/prepare-db-upgrade.sh @@ -86,7 +86,7 @@ case "${lang}" in csharp | cpp | javascript | python) scheme_file="${lang}/ql/lib/semmlecode.${lang}.dbscheme" ;; - go | ruby | swift) + go | ruby | rust | swift) scheme_file="${lang}/ql/lib/${lang}.dbscheme" ;; *) diff --git a/rust/BUILD.bazel b/rust/BUILD.bazel index f70f87a9b632..9cdc89dd52fd 100644 --- a/rust/BUILD.bazel +++ b/rust/BUILD.bazel @@ -55,6 +55,7 @@ codeql_pack( srcs = [ ":root-files", ":tools", + "//rust/downgrades", ], experimental = True, ) diff --git a/rust/downgrades/BUILD.bazel b/rust/downgrades/BUILD.bazel new file mode 100644 index 000000000000..8aff16d8071e --- /dev/null +++ b/rust/downgrades/BUILD.bazel @@ -0,0 +1,12 @@ +load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "strip_prefix") + +pkg_files( + name = "downgrades", + srcs = glob( + ["**"], + exclude = ["BUILD.bazel"], + ), + prefix = "downgrades", + strip_prefix = strip_prefix.from_pkg(), + visibility = ["//rust:__pkg__"], +) diff --git a/rust/downgrades/initial/rust.dbscheme b/rust/downgrades/initial/rust.dbscheme new file mode 100644 index 000000000000..256e80c2dcea --- /dev/null +++ b/rust/downgrades/initial/rust.dbscheme @@ -0,0 +1,3601 @@ +// generated by codegen, do not edit + +// from ../shared/tree-sitter-extractor/src/generator/prefix.dbscheme +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Empty location -*/ + +empty_location( + int location: @location_default ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + + +// from prefix.dbscheme +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_default ref +); + + +// from schema + +@element = + @extractor_step +| @locatable +| @named_crate +| @unextracted +; + +extractor_steps( + unique int id: @extractor_step, + string action: string ref, + int duration_ms: int ref +); + +#keyset[id] +extractor_step_files( + int id: @extractor_step ref, + int file: @file ref +); + +@locatable = + @ast_node +| @crate +; + +named_crates( + unique int id: @named_crate, + string name: string ref, + int crate: @crate ref +); + +@unextracted = + @missing +| @unimplemented +; + +@ast_node = + @abi +| @addressable +| @arg_list +| @asm_dir_spec +| @asm_operand +| @asm_operand_expr +| @asm_option +| @asm_piece +| @asm_reg_spec +| @assoc_item +| @assoc_item_list +| @attr +| @callable +| @closure_binder +| @expr +| @extern_item +| @extern_item_list +| @field_list +| @format_args_arg +| @generic_arg +| @generic_arg_list +| @generic_param +| @generic_param_list +| @item_list +| @label +| @let_else +| @macro_items +| @macro_stmts +| @match_arm +| @match_arm_list +| @match_guard +| @meta +| @name +| @param_base +| @param_list +| @parenthesized_arg_list +| @pat +| @path +| @path_segment +| @rename +| @resolvable +| @ret_type_repr +| @return_type_syntax +| @source_file +| @stmt +| @stmt_list +| @struct_expr_field +| @struct_expr_field_list +| @struct_field +| @struct_pat_field +| @struct_pat_field_list +| @token +| @token_tree +| @tuple_field +| @type_bound +| @type_bound_list +| @type_repr +| @use_bound_generic_arg +| @use_bound_generic_args +| @use_tree +| @use_tree_list +| @variant_def +| @variant_list +| @visibility +| @where_clause +| @where_pred +; + +crates( + unique int id: @crate +); + +#keyset[id] +crate_names( + int id: @crate ref, + string name: string ref +); + +#keyset[id] +crate_versions( + int id: @crate ref, + string version: string ref +); + +#keyset[id] +crate_modules( + int id: @crate ref, + int module: @module ref +); + +#keyset[id, index] +crate_cfg_options( + int id: @crate ref, + int index: int ref, + string cfg_option: string ref +); + +#keyset[id, index] +crate_named_dependencies( + int id: @crate ref, + int index: int ref, + int named_dependency: @named_crate ref +); + +missings( + unique int id: @missing +); + +unimplementeds( + unique int id: @unimplemented +); + +abis( + unique int id: @abi +); + +#keyset[id] +abi_abi_strings( + int id: @abi ref, + string abi_string: string ref +); + +@addressable = + @item +| @variant +; + +#keyset[id] +addressable_extended_canonical_paths( + int id: @addressable ref, + string extended_canonical_path: string ref +); + +#keyset[id] +addressable_crate_origins( + int id: @addressable ref, + string crate_origin: string ref +); + +arg_lists( + unique int id: @arg_list +); + +#keyset[id, index] +arg_list_args( + int id: @arg_list ref, + int index: int ref, + int arg: @expr ref +); + +asm_dir_specs( + unique int id: @asm_dir_spec +); + +@asm_operand = + @asm_const +| @asm_label +| @asm_reg_operand +| @asm_sym +; + +asm_operand_exprs( + unique int id: @asm_operand_expr +); + +#keyset[id] +asm_operand_expr_in_exprs( + int id: @asm_operand_expr ref, + int in_expr: @expr ref +); + +#keyset[id] +asm_operand_expr_out_exprs( + int id: @asm_operand_expr ref, + int out_expr: @expr ref +); + +asm_options( + unique int id: @asm_option +); + +#keyset[id] +asm_option_is_raw( + int id: @asm_option ref +); + +@asm_piece = + @asm_clobber_abi +| @asm_operand_named +| @asm_options_list +; + +asm_reg_specs( + unique int id: @asm_reg_spec +); + +#keyset[id] +asm_reg_spec_identifiers( + int id: @asm_reg_spec ref, + int identifier: @name_ref ref +); + +@assoc_item = + @const +| @function +| @macro_call +| @type_alias +; + +assoc_item_lists( + unique int id: @assoc_item_list +); + +#keyset[id, index] +assoc_item_list_assoc_items( + int id: @assoc_item_list ref, + int index: int ref, + int assoc_item: @assoc_item ref +); + +#keyset[id, index] +assoc_item_list_attrs( + int id: @assoc_item_list ref, + int index: int ref, + int attr: @attr ref +); + +attrs( + unique int id: @attr +); + +#keyset[id] +attr_meta( + int id: @attr ref, + int meta: @meta ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_param_lists( + int id: @callable ref, + int param_list: @param_list ref +); + +#keyset[id, index] +callable_attrs( + int id: @callable ref, + int index: int ref, + int attr: @attr ref +); + +closure_binders( + unique int id: @closure_binder +); + +#keyset[id] +closure_binder_generic_param_lists( + int id: @closure_binder ref, + int generic_param_list: @generic_param_list ref +); + +@expr = + @array_expr_internal +| @asm_expr +| @await_expr +| @become_expr +| @binary_expr +| @break_expr +| @call_expr_base +| @cast_expr +| @closure_expr +| @continue_expr +| @field_expr +| @format_args_expr +| @if_expr +| @index_expr +| @labelable_expr +| @let_expr +| @literal_expr +| @macro_expr +| @match_expr +| @offset_of_expr +| @paren_expr +| @path_expr_base +| @prefix_expr +| @range_expr +| @ref_expr +| @return_expr +| @struct_expr +| @try_expr +| @tuple_expr +| @underscore_expr +| @yeet_expr +| @yield_expr +; + +@extern_item = + @function +| @macro_call +| @static +| @type_alias +; + +extern_item_lists( + unique int id: @extern_item_list +); + +#keyset[id, index] +extern_item_list_attrs( + int id: @extern_item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +extern_item_list_extern_items( + int id: @extern_item_list ref, + int index: int ref, + int extern_item: @extern_item ref +); + +@field_list = + @struct_field_list +| @tuple_field_list +; + +format_args_args( + unique int id: @format_args_arg +); + +#keyset[id] +format_args_arg_exprs( + int id: @format_args_arg ref, + int expr: @expr ref +); + +#keyset[id] +format_args_arg_names( + int id: @format_args_arg ref, + int name: @name ref +); + +@generic_arg = + @assoc_type_arg +| @const_arg +| @lifetime_arg +| @type_arg +; + +generic_arg_lists( + unique int id: @generic_arg_list +); + +#keyset[id, index] +generic_arg_list_generic_args( + int id: @generic_arg_list ref, + int index: int ref, + int generic_arg: @generic_arg ref +); + +@generic_param = + @const_param +| @lifetime_param +| @type_param +; + +generic_param_lists( + unique int id: @generic_param_list +); + +#keyset[id, index] +generic_param_list_generic_params( + int id: @generic_param_list ref, + int index: int ref, + int generic_param: @generic_param ref +); + +item_lists( + unique int id: @item_list +); + +#keyset[id, index] +item_list_attrs( + int id: @item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +item_list_items( + int id: @item_list ref, + int index: int ref, + int item: @item ref +); + +labels( + unique int id: @label +); + +#keyset[id] +label_lifetimes( + int id: @label ref, + int lifetime: @lifetime ref +); + +let_elses( + unique int id: @let_else +); + +#keyset[id] +let_else_block_exprs( + int id: @let_else ref, + int block_expr: @block_expr ref +); + +macro_items( + unique int id: @macro_items +); + +#keyset[id, index] +macro_items_items( + int id: @macro_items ref, + int index: int ref, + int item: @item ref +); + +macro_stmts( + unique int id: @macro_stmts +); + +#keyset[id] +macro_stmts_exprs( + int id: @macro_stmts ref, + int expr: @expr ref +); + +#keyset[id, index] +macro_stmts_statements( + int id: @macro_stmts ref, + int index: int ref, + int statement: @stmt ref +); + +match_arms( + unique int id: @match_arm +); + +#keyset[id, index] +match_arm_attrs( + int id: @match_arm ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_arm_exprs( + int id: @match_arm ref, + int expr: @expr ref +); + +#keyset[id] +match_arm_guards( + int id: @match_arm ref, + int guard: @match_guard ref +); + +#keyset[id] +match_arm_pats( + int id: @match_arm ref, + int pat: @pat ref +); + +match_arm_lists( + unique int id: @match_arm_list +); + +#keyset[id, index] +match_arm_list_arms( + int id: @match_arm_list ref, + int index: int ref, + int arm: @match_arm ref +); + +#keyset[id, index] +match_arm_list_attrs( + int id: @match_arm_list ref, + int index: int ref, + int attr: @attr ref +); + +match_guards( + unique int id: @match_guard +); + +#keyset[id] +match_guard_conditions( + int id: @match_guard ref, + int condition: @expr ref +); + +meta( + unique int id: @meta +); + +#keyset[id] +meta_exprs( + int id: @meta ref, + int expr: @expr ref +); + +#keyset[id] +meta_is_unsafe( + int id: @meta ref +); + +#keyset[id] +meta_paths( + int id: @meta ref, + int path: @path ref +); + +#keyset[id] +meta_token_trees( + int id: @meta ref, + int token_tree: @token_tree ref +); + +names( + unique int id: @name +); + +#keyset[id] +name_texts( + int id: @name ref, + string text: string ref +); + +@param_base = + @param +| @self_param +; + +#keyset[id, index] +param_base_attrs( + int id: @param_base ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +param_base_type_reprs( + int id: @param_base ref, + int type_repr: @type_repr ref +); + +param_lists( + unique int id: @param_list +); + +#keyset[id, index] +param_list_params( + int id: @param_list ref, + int index: int ref, + int param: @param ref +); + +#keyset[id] +param_list_self_params( + int id: @param_list ref, + int self_param: @self_param ref +); + +parenthesized_arg_lists( + unique int id: @parenthesized_arg_list +); + +#keyset[id, index] +parenthesized_arg_list_type_args( + int id: @parenthesized_arg_list ref, + int index: int ref, + int type_arg: @type_arg ref +); + +@pat = + @box_pat +| @const_block_pat +| @ident_pat +| @literal_pat +| @macro_pat +| @or_pat +| @paren_pat +| @path_pat +| @range_pat +| @ref_pat +| @rest_pat +| @slice_pat +| @struct_pat +| @tuple_pat +| @tuple_struct_pat +| @wildcard_pat +; + +paths( + unique int id: @path +); + +#keyset[id] +path_qualifiers( + int id: @path ref, + int qualifier: @path ref +); + +#keyset[id] +path_segments_( + int id: @path ref, + int segment: @path_segment ref +); + +path_segments( + unique int id: @path_segment +); + +#keyset[id] +path_segment_generic_arg_lists( + int id: @path_segment ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +path_segment_identifiers( + int id: @path_segment ref, + int identifier: @name_ref ref +); + +#keyset[id] +path_segment_parenthesized_arg_lists( + int id: @path_segment ref, + int parenthesized_arg_list: @parenthesized_arg_list ref +); + +#keyset[id] +path_segment_ret_types( + int id: @path_segment ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +path_segment_return_type_syntaxes( + int id: @path_segment ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +path_segment_type_reprs( + int id: @path_segment ref, + int type_repr: @type_repr ref +); + +#keyset[id] +path_segment_trait_type_reprs( + int id: @path_segment ref, + int trait_type_repr: @path_type_repr ref +); + +renames( + unique int id: @rename +); + +#keyset[id] +rename_names( + int id: @rename ref, + int name: @name ref +); + +@resolvable = + @method_call_expr +| @path_ast_node +; + +#keyset[id] +resolvable_resolved_paths( + int id: @resolvable ref, + string resolved_path: string ref +); + +#keyset[id] +resolvable_resolved_crate_origins( + int id: @resolvable ref, + string resolved_crate_origin: string ref +); + +ret_type_reprs( + unique int id: @ret_type_repr +); + +#keyset[id] +ret_type_repr_type_reprs( + int id: @ret_type_repr ref, + int type_repr: @type_repr ref +); + +return_type_syntaxes( + unique int id: @return_type_syntax +); + +source_files( + unique int id: @source_file +); + +#keyset[id, index] +source_file_attrs( + int id: @source_file ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +source_file_items( + int id: @source_file ref, + int index: int ref, + int item: @item ref +); + +@stmt = + @expr_stmt +| @item +| @let_stmt +; + +stmt_lists( + unique int id: @stmt_list +); + +#keyset[id, index] +stmt_list_attrs( + int id: @stmt_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +stmt_list_statements( + int id: @stmt_list ref, + int index: int ref, + int statement: @stmt ref +); + +#keyset[id] +stmt_list_tail_exprs( + int id: @stmt_list ref, + int tail_expr: @expr ref +); + +struct_expr_fields( + unique int id: @struct_expr_field +); + +#keyset[id, index] +struct_expr_field_attrs( + int id: @struct_expr_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_expr_field_exprs( + int id: @struct_expr_field ref, + int expr: @expr ref +); + +#keyset[id] +struct_expr_field_identifiers( + int id: @struct_expr_field ref, + int identifier: @name_ref ref +); + +struct_expr_field_lists( + unique int id: @struct_expr_field_list +); + +#keyset[id, index] +struct_expr_field_list_attrs( + int id: @struct_expr_field_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +struct_expr_field_list_fields( + int id: @struct_expr_field_list ref, + int index: int ref, + int field: @struct_expr_field ref +); + +#keyset[id] +struct_expr_field_list_spreads( + int id: @struct_expr_field_list ref, + int spread: @expr ref +); + +struct_fields( + unique int id: @struct_field +); + +#keyset[id, index] +struct_field_attrs( + int id: @struct_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_defaults( + int id: @struct_field ref, + int default: @expr ref +); + +#keyset[id] +struct_field_names( + int id: @struct_field ref, + int name: @name ref +); + +#keyset[id] +struct_field_type_reprs( + int id: @struct_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +struct_field_visibilities( + int id: @struct_field ref, + int visibility: @visibility ref +); + +struct_pat_fields( + unique int id: @struct_pat_field +); + +#keyset[id, index] +struct_pat_field_attrs( + int id: @struct_pat_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_pat_field_identifiers( + int id: @struct_pat_field ref, + int identifier: @name_ref ref +); + +#keyset[id] +struct_pat_field_pats( + int id: @struct_pat_field ref, + int pat: @pat ref +); + +struct_pat_field_lists( + unique int id: @struct_pat_field_list +); + +#keyset[id, index] +struct_pat_field_list_fields( + int id: @struct_pat_field_list ref, + int index: int ref, + int field: @struct_pat_field ref +); + +#keyset[id] +struct_pat_field_list_rest_pats( + int id: @struct_pat_field_list ref, + int rest_pat: @rest_pat ref +); + +@token = + @comment +; + +token_trees( + unique int id: @token_tree +); + +tuple_fields( + unique int id: @tuple_field +); + +#keyset[id, index] +tuple_field_attrs( + int id: @tuple_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +tuple_field_type_reprs( + int id: @tuple_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +tuple_field_visibilities( + int id: @tuple_field ref, + int visibility: @visibility ref +); + +type_bounds( + unique int id: @type_bound +); + +#keyset[id] +type_bound_is_async( + int id: @type_bound ref +); + +#keyset[id] +type_bound_is_const( + int id: @type_bound ref +); + +#keyset[id] +type_bound_lifetimes( + int id: @type_bound ref, + int lifetime: @lifetime ref +); + +#keyset[id] +type_bound_type_reprs( + int id: @type_bound ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_bound_use_bound_generic_args( + int id: @type_bound ref, + int use_bound_generic_args: @use_bound_generic_args ref +); + +type_bound_lists( + unique int id: @type_bound_list +); + +#keyset[id, index] +type_bound_list_bounds( + int id: @type_bound_list ref, + int index: int ref, + int bound: @type_bound ref +); + +@type_repr = + @array_type_repr +| @dyn_trait_type_repr +| @fn_ptr_type_repr +| @for_type_repr +| @impl_trait_type_repr +| @infer_type_repr +| @macro_type_repr +| @never_type_repr +| @paren_type_repr +| @path_type_repr +| @ptr_type_repr +| @ref_type_repr +| @slice_type_repr +| @tuple_type_repr +; + +@use_bound_generic_arg = + @lifetime +| @name_ref +; + +use_bound_generic_args( + unique int id: @use_bound_generic_args +); + +#keyset[id, index] +use_bound_generic_args_use_bound_generic_args( + int id: @use_bound_generic_args ref, + int index: int ref, + int use_bound_generic_arg: @use_bound_generic_arg ref +); + +use_trees( + unique int id: @use_tree +); + +#keyset[id] +use_tree_is_glob( + int id: @use_tree ref +); + +#keyset[id] +use_tree_paths( + int id: @use_tree ref, + int path: @path ref +); + +#keyset[id] +use_tree_renames( + int id: @use_tree ref, + int rename: @rename ref +); + +#keyset[id] +use_tree_use_tree_lists( + int id: @use_tree ref, + int use_tree_list: @use_tree_list ref +); + +use_tree_lists( + unique int id: @use_tree_list +); + +#keyset[id, index] +use_tree_list_use_trees( + int id: @use_tree_list ref, + int index: int ref, + int use_tree: @use_tree ref +); + +@variant_def = + @struct +| @union +| @variant +; + +variant_lists( + unique int id: @variant_list +); + +#keyset[id, index] +variant_list_variants( + int id: @variant_list ref, + int index: int ref, + int variant: @variant ref +); + +visibilities( + unique int id: @visibility +); + +#keyset[id] +visibility_paths( + int id: @visibility ref, + int path: @path ref +); + +where_clauses( + unique int id: @where_clause +); + +#keyset[id, index] +where_clause_predicates( + int id: @where_clause ref, + int index: int ref, + int predicate: @where_pred ref +); + +where_preds( + unique int id: @where_pred +); + +#keyset[id] +where_pred_generic_param_lists( + int id: @where_pred ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +where_pred_lifetimes( + int id: @where_pred ref, + int lifetime: @lifetime ref +); + +#keyset[id] +where_pred_type_reprs( + int id: @where_pred ref, + int type_repr: @type_repr ref +); + +#keyset[id] +where_pred_type_bound_lists( + int id: @where_pred ref, + int type_bound_list: @type_bound_list ref +); + +array_expr_internals( + unique int id: @array_expr_internal +); + +#keyset[id, index] +array_expr_internal_attrs( + int id: @array_expr_internal ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +array_expr_internal_exprs( + int id: @array_expr_internal ref, + int index: int ref, + int expr: @expr ref +); + +#keyset[id] +array_expr_internal_is_semicolon( + int id: @array_expr_internal ref +); + +array_type_reprs( + unique int id: @array_type_repr +); + +#keyset[id] +array_type_repr_const_args( + int id: @array_type_repr ref, + int const_arg: @const_arg ref +); + +#keyset[id] +array_type_repr_element_type_reprs( + int id: @array_type_repr ref, + int element_type_repr: @type_repr ref +); + +asm_clobber_abis( + unique int id: @asm_clobber_abi +); + +asm_consts( + unique int id: @asm_const +); + +#keyset[id] +asm_const_exprs( + int id: @asm_const ref, + int expr: @expr ref +); + +#keyset[id] +asm_const_is_const( + int id: @asm_const ref +); + +asm_exprs( + unique int id: @asm_expr +); + +#keyset[id, index] +asm_expr_asm_pieces( + int id: @asm_expr ref, + int index: int ref, + int asm_piece: @asm_piece ref +); + +#keyset[id, index] +asm_expr_attrs( + int id: @asm_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +asm_expr_templates( + int id: @asm_expr ref, + int index: int ref, + int template: @expr ref +); + +asm_labels( + unique int id: @asm_label +); + +#keyset[id] +asm_label_block_exprs( + int id: @asm_label ref, + int block_expr: @block_expr ref +); + +asm_operand_nameds( + unique int id: @asm_operand_named +); + +#keyset[id] +asm_operand_named_asm_operands( + int id: @asm_operand_named ref, + int asm_operand: @asm_operand ref +); + +#keyset[id] +asm_operand_named_names( + int id: @asm_operand_named ref, + int name: @name ref +); + +asm_options_lists( + unique int id: @asm_options_list +); + +#keyset[id, index] +asm_options_list_asm_options( + int id: @asm_options_list ref, + int index: int ref, + int asm_option: @asm_option ref +); + +asm_reg_operands( + unique int id: @asm_reg_operand +); + +#keyset[id] +asm_reg_operand_asm_dir_specs( + int id: @asm_reg_operand ref, + int asm_dir_spec: @asm_dir_spec ref +); + +#keyset[id] +asm_reg_operand_asm_operand_exprs( + int id: @asm_reg_operand ref, + int asm_operand_expr: @asm_operand_expr ref +); + +#keyset[id] +asm_reg_operand_asm_reg_specs( + int id: @asm_reg_operand ref, + int asm_reg_spec: @asm_reg_spec ref +); + +asm_syms( + unique int id: @asm_sym +); + +#keyset[id] +asm_sym_paths( + int id: @asm_sym ref, + int path: @path ref +); + +assoc_type_args( + unique int id: @assoc_type_arg +); + +#keyset[id] +assoc_type_arg_const_args( + int id: @assoc_type_arg ref, + int const_arg: @const_arg ref +); + +#keyset[id] +assoc_type_arg_generic_arg_lists( + int id: @assoc_type_arg ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +assoc_type_arg_identifiers( + int id: @assoc_type_arg ref, + int identifier: @name_ref ref +); + +#keyset[id] +assoc_type_arg_param_lists( + int id: @assoc_type_arg ref, + int param_list: @param_list ref +); + +#keyset[id] +assoc_type_arg_ret_types( + int id: @assoc_type_arg ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +assoc_type_arg_return_type_syntaxes( + int id: @assoc_type_arg ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +assoc_type_arg_type_reprs( + int id: @assoc_type_arg ref, + int type_repr: @type_repr ref +); + +#keyset[id] +assoc_type_arg_type_bound_lists( + int id: @assoc_type_arg ref, + int type_bound_list: @type_bound_list ref +); + +await_exprs( + unique int id: @await_expr +); + +#keyset[id, index] +await_expr_attrs( + int id: @await_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +await_expr_exprs( + int id: @await_expr ref, + int expr: @expr ref +); + +become_exprs( + unique int id: @become_expr +); + +#keyset[id, index] +become_expr_attrs( + int id: @become_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +become_expr_exprs( + int id: @become_expr ref, + int expr: @expr ref +); + +binary_exprs( + unique int id: @binary_expr +); + +#keyset[id, index] +binary_expr_attrs( + int id: @binary_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +binary_expr_lhs( + int id: @binary_expr ref, + int lhs: @expr ref +); + +#keyset[id] +binary_expr_operator_names( + int id: @binary_expr ref, + string operator_name: string ref +); + +#keyset[id] +binary_expr_rhs( + int id: @binary_expr ref, + int rhs: @expr ref +); + +box_pats( + unique int id: @box_pat +); + +#keyset[id] +box_pat_pats( + int id: @box_pat ref, + int pat: @pat ref +); + +break_exprs( + unique int id: @break_expr +); + +#keyset[id, index] +break_expr_attrs( + int id: @break_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +break_expr_exprs( + int id: @break_expr ref, + int expr: @expr ref +); + +#keyset[id] +break_expr_lifetimes( + int id: @break_expr ref, + int lifetime: @lifetime ref +); + +@call_expr_base = + @call_expr +| @method_call_expr +; + +#keyset[id] +call_expr_base_arg_lists( + int id: @call_expr_base ref, + int arg_list: @arg_list ref +); + +#keyset[id, index] +call_expr_base_attrs( + int id: @call_expr_base ref, + int index: int ref, + int attr: @attr ref +); + +cast_exprs( + unique int id: @cast_expr +); + +#keyset[id, index] +cast_expr_attrs( + int id: @cast_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +cast_expr_exprs( + int id: @cast_expr ref, + int expr: @expr ref +); + +#keyset[id] +cast_expr_type_reprs( + int id: @cast_expr ref, + int type_repr: @type_repr ref +); + +closure_exprs( + unique int id: @closure_expr +); + +#keyset[id] +closure_expr_bodies( + int id: @closure_expr ref, + int body: @expr ref +); + +#keyset[id] +closure_expr_closure_binders( + int id: @closure_expr ref, + int closure_binder: @closure_binder ref +); + +#keyset[id] +closure_expr_is_async( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_const( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_gen( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_move( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_static( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_ret_types( + int id: @closure_expr ref, + int ret_type: @ret_type_repr ref +); + +comments( + unique int id: @comment, + int parent: @ast_node ref, + string text: string ref +); + +const_args( + unique int id: @const_arg +); + +#keyset[id] +const_arg_exprs( + int id: @const_arg ref, + int expr: @expr ref +); + +const_block_pats( + unique int id: @const_block_pat +); + +#keyset[id] +const_block_pat_block_exprs( + int id: @const_block_pat ref, + int block_expr: @block_expr ref +); + +#keyset[id] +const_block_pat_is_const( + int id: @const_block_pat ref +); + +const_params( + unique int id: @const_param +); + +#keyset[id, index] +const_param_attrs( + int id: @const_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_param_default_vals( + int id: @const_param ref, + int default_val: @const_arg ref +); + +#keyset[id] +const_param_is_const( + int id: @const_param ref +); + +#keyset[id] +const_param_names( + int id: @const_param ref, + int name: @name ref +); + +#keyset[id] +const_param_type_reprs( + int id: @const_param ref, + int type_repr: @type_repr ref +); + +continue_exprs( + unique int id: @continue_expr +); + +#keyset[id, index] +continue_expr_attrs( + int id: @continue_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +continue_expr_lifetimes( + int id: @continue_expr ref, + int lifetime: @lifetime ref +); + +dyn_trait_type_reprs( + unique int id: @dyn_trait_type_repr +); + +#keyset[id] +dyn_trait_type_repr_type_bound_lists( + int id: @dyn_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +expr_stmts( + unique int id: @expr_stmt +); + +#keyset[id] +expr_stmt_exprs( + int id: @expr_stmt ref, + int expr: @expr ref +); + +field_exprs( + unique int id: @field_expr +); + +#keyset[id, index] +field_expr_attrs( + int id: @field_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +field_expr_containers( + int id: @field_expr ref, + int container: @expr ref +); + +#keyset[id] +field_expr_identifiers( + int id: @field_expr ref, + int identifier: @name_ref ref +); + +fn_ptr_type_reprs( + unique int id: @fn_ptr_type_repr +); + +#keyset[id] +fn_ptr_type_repr_abis( + int id: @fn_ptr_type_repr ref, + int abi: @abi ref +); + +#keyset[id] +fn_ptr_type_repr_is_async( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_const( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_unsafe( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_param_lists( + int id: @fn_ptr_type_repr ref, + int param_list: @param_list ref +); + +#keyset[id] +fn_ptr_type_repr_ret_types( + int id: @fn_ptr_type_repr ref, + int ret_type: @ret_type_repr ref +); + +for_type_reprs( + unique int id: @for_type_repr +); + +#keyset[id] +for_type_repr_generic_param_lists( + int id: @for_type_repr ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +for_type_repr_type_reprs( + int id: @for_type_repr ref, + int type_repr: @type_repr ref +); + +format_args_exprs( + unique int id: @format_args_expr +); + +#keyset[id, index] +format_args_expr_args( + int id: @format_args_expr ref, + int index: int ref, + int arg: @format_args_arg ref +); + +#keyset[id, index] +format_args_expr_attrs( + int id: @format_args_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +format_args_expr_templates( + int id: @format_args_expr ref, + int template: @expr ref +); + +ident_pats( + unique int id: @ident_pat +); + +#keyset[id, index] +ident_pat_attrs( + int id: @ident_pat ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ident_pat_is_mut( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_is_ref( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_names( + int id: @ident_pat ref, + int name: @name ref +); + +#keyset[id] +ident_pat_pats( + int id: @ident_pat ref, + int pat: @pat ref +); + +if_exprs( + unique int id: @if_expr +); + +#keyset[id, index] +if_expr_attrs( + int id: @if_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +if_expr_conditions( + int id: @if_expr ref, + int condition: @expr ref +); + +#keyset[id] +if_expr_elses( + int id: @if_expr ref, + int else: @expr ref +); + +#keyset[id] +if_expr_thens( + int id: @if_expr ref, + int then: @block_expr ref +); + +impl_trait_type_reprs( + unique int id: @impl_trait_type_repr +); + +#keyset[id] +impl_trait_type_repr_type_bound_lists( + int id: @impl_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +index_exprs( + unique int id: @index_expr +); + +#keyset[id, index] +index_expr_attrs( + int id: @index_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +index_expr_bases( + int id: @index_expr ref, + int base: @expr ref +); + +#keyset[id] +index_expr_indices( + int id: @index_expr ref, + int index: @expr ref +); + +infer_type_reprs( + unique int id: @infer_type_repr +); + +@item = + @const +| @enum +| @extern_block +| @extern_crate +| @function +| @impl +| @macro_call +| @macro_def +| @macro_rules +| @module +| @static +| @struct +| @trait +| @trait_alias +| @type_alias +| @union +| @use +; + +@labelable_expr = + @block_expr +| @looping_expr +; + +#keyset[id] +labelable_expr_labels( + int id: @labelable_expr ref, + int label: @label ref +); + +let_exprs( + unique int id: @let_expr +); + +#keyset[id, index] +let_expr_attrs( + int id: @let_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_expr_scrutinees( + int id: @let_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +let_expr_pats( + int id: @let_expr ref, + int pat: @pat ref +); + +let_stmts( + unique int id: @let_stmt +); + +#keyset[id, index] +let_stmt_attrs( + int id: @let_stmt ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_stmt_initializers( + int id: @let_stmt ref, + int initializer: @expr ref +); + +#keyset[id] +let_stmt_let_elses( + int id: @let_stmt ref, + int let_else: @let_else ref +); + +#keyset[id] +let_stmt_pats( + int id: @let_stmt ref, + int pat: @pat ref +); + +#keyset[id] +let_stmt_type_reprs( + int id: @let_stmt ref, + int type_repr: @type_repr ref +); + +lifetimes( + unique int id: @lifetime +); + +#keyset[id] +lifetime_texts( + int id: @lifetime ref, + string text: string ref +); + +lifetime_args( + unique int id: @lifetime_arg +); + +#keyset[id] +lifetime_arg_lifetimes( + int id: @lifetime_arg ref, + int lifetime: @lifetime ref +); + +lifetime_params( + unique int id: @lifetime_param +); + +#keyset[id, index] +lifetime_param_attrs( + int id: @lifetime_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +lifetime_param_lifetimes( + int id: @lifetime_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +lifetime_param_type_bound_lists( + int id: @lifetime_param ref, + int type_bound_list: @type_bound_list ref +); + +literal_exprs( + unique int id: @literal_expr +); + +#keyset[id, index] +literal_expr_attrs( + int id: @literal_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +literal_expr_text_values( + int id: @literal_expr ref, + string text_value: string ref +); + +literal_pats( + unique int id: @literal_pat +); + +#keyset[id] +literal_pat_literals( + int id: @literal_pat ref, + int literal: @literal_expr ref +); + +macro_exprs( + unique int id: @macro_expr +); + +#keyset[id] +macro_expr_macro_calls( + int id: @macro_expr ref, + int macro_call: @macro_call ref +); + +macro_pats( + unique int id: @macro_pat +); + +#keyset[id] +macro_pat_macro_calls( + int id: @macro_pat ref, + int macro_call: @macro_call ref +); + +macro_type_reprs( + unique int id: @macro_type_repr +); + +#keyset[id] +macro_type_repr_macro_calls( + int id: @macro_type_repr ref, + int macro_call: @macro_call ref +); + +match_exprs( + unique int id: @match_expr +); + +#keyset[id, index] +match_expr_attrs( + int id: @match_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_expr_scrutinees( + int id: @match_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +match_expr_match_arm_lists( + int id: @match_expr ref, + int match_arm_list: @match_arm_list ref +); + +name_refs( + unique int id: @name_ref +); + +#keyset[id] +name_ref_texts( + int id: @name_ref ref, + string text: string ref +); + +never_type_reprs( + unique int id: @never_type_repr +); + +offset_of_exprs( + unique int id: @offset_of_expr +); + +#keyset[id, index] +offset_of_expr_attrs( + int id: @offset_of_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +offset_of_expr_fields( + int id: @offset_of_expr ref, + int index: int ref, + int field: @name_ref ref +); + +#keyset[id] +offset_of_expr_type_reprs( + int id: @offset_of_expr ref, + int type_repr: @type_repr ref +); + +or_pats( + unique int id: @or_pat +); + +#keyset[id, index] +or_pat_pats( + int id: @or_pat ref, + int index: int ref, + int pat: @pat ref +); + +params( + unique int id: @param +); + +#keyset[id] +param_pats( + int id: @param ref, + int pat: @pat ref +); + +paren_exprs( + unique int id: @paren_expr +); + +#keyset[id, index] +paren_expr_attrs( + int id: @paren_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +paren_expr_exprs( + int id: @paren_expr ref, + int expr: @expr ref +); + +paren_pats( + unique int id: @paren_pat +); + +#keyset[id] +paren_pat_pats( + int id: @paren_pat ref, + int pat: @pat ref +); + +paren_type_reprs( + unique int id: @paren_type_repr +); + +#keyset[id] +paren_type_repr_type_reprs( + int id: @paren_type_repr ref, + int type_repr: @type_repr ref +); + +@path_ast_node = + @path_expr +| @path_pat +| @struct_expr +| @struct_pat +| @tuple_struct_pat +; + +#keyset[id] +path_ast_node_paths( + int id: @path_ast_node ref, + int path: @path ref +); + +@path_expr_base = + @path_expr +; + +path_type_reprs( + unique int id: @path_type_repr +); + +#keyset[id] +path_type_repr_paths( + int id: @path_type_repr ref, + int path: @path ref +); + +prefix_exprs( + unique int id: @prefix_expr +); + +#keyset[id, index] +prefix_expr_attrs( + int id: @prefix_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +prefix_expr_exprs( + int id: @prefix_expr ref, + int expr: @expr ref +); + +#keyset[id] +prefix_expr_operator_names( + int id: @prefix_expr ref, + string operator_name: string ref +); + +ptr_type_reprs( + unique int id: @ptr_type_repr +); + +#keyset[id] +ptr_type_repr_is_const( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_is_mut( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_type_reprs( + int id: @ptr_type_repr ref, + int type_repr: @type_repr ref +); + +range_exprs( + unique int id: @range_expr +); + +#keyset[id, index] +range_expr_attrs( + int id: @range_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +range_expr_ends( + int id: @range_expr ref, + int end: @expr ref +); + +#keyset[id] +range_expr_operator_names( + int id: @range_expr ref, + string operator_name: string ref +); + +#keyset[id] +range_expr_starts( + int id: @range_expr ref, + int start: @expr ref +); + +range_pats( + unique int id: @range_pat +); + +#keyset[id] +range_pat_ends( + int id: @range_pat ref, + int end: @pat ref +); + +#keyset[id] +range_pat_operator_names( + int id: @range_pat ref, + string operator_name: string ref +); + +#keyset[id] +range_pat_starts( + int id: @range_pat ref, + int start: @pat ref +); + +ref_exprs( + unique int id: @ref_expr +); + +#keyset[id, index] +ref_expr_attrs( + int id: @ref_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ref_expr_exprs( + int id: @ref_expr ref, + int expr: @expr ref +); + +#keyset[id] +ref_expr_is_const( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_mut( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_raw( + int id: @ref_expr ref +); + +ref_pats( + unique int id: @ref_pat +); + +#keyset[id] +ref_pat_is_mut( + int id: @ref_pat ref +); + +#keyset[id] +ref_pat_pats( + int id: @ref_pat ref, + int pat: @pat ref +); + +ref_type_reprs( + unique int id: @ref_type_repr +); + +#keyset[id] +ref_type_repr_is_mut( + int id: @ref_type_repr ref +); + +#keyset[id] +ref_type_repr_lifetimes( + int id: @ref_type_repr ref, + int lifetime: @lifetime ref +); + +#keyset[id] +ref_type_repr_type_reprs( + int id: @ref_type_repr ref, + int type_repr: @type_repr ref +); + +rest_pats( + unique int id: @rest_pat +); + +#keyset[id, index] +rest_pat_attrs( + int id: @rest_pat ref, + int index: int ref, + int attr: @attr ref +); + +return_exprs( + unique int id: @return_expr +); + +#keyset[id, index] +return_expr_attrs( + int id: @return_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +return_expr_exprs( + int id: @return_expr ref, + int expr: @expr ref +); + +self_params( + unique int id: @self_param +); + +#keyset[id] +self_param_is_ref( + int id: @self_param ref +); + +#keyset[id] +self_param_is_mut( + int id: @self_param ref +); + +#keyset[id] +self_param_lifetimes( + int id: @self_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +self_param_names( + int id: @self_param ref, + int name: @name ref +); + +slice_pats( + unique int id: @slice_pat +); + +#keyset[id, index] +slice_pat_pats( + int id: @slice_pat ref, + int index: int ref, + int pat: @pat ref +); + +slice_type_reprs( + unique int id: @slice_type_repr +); + +#keyset[id] +slice_type_repr_type_reprs( + int id: @slice_type_repr ref, + int type_repr: @type_repr ref +); + +struct_field_lists( + unique int id: @struct_field_list +); + +#keyset[id, index] +struct_field_list_fields( + int id: @struct_field_list ref, + int index: int ref, + int field: @struct_field ref +); + +try_exprs( + unique int id: @try_expr +); + +#keyset[id, index] +try_expr_attrs( + int id: @try_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +try_expr_exprs( + int id: @try_expr ref, + int expr: @expr ref +); + +tuple_exprs( + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_attrs( + int id: @tuple_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +tuple_expr_fields( + int id: @tuple_expr ref, + int index: int ref, + int field: @expr ref +); + +tuple_field_lists( + unique int id: @tuple_field_list +); + +#keyset[id, index] +tuple_field_list_fields( + int id: @tuple_field_list ref, + int index: int ref, + int field: @tuple_field ref +); + +tuple_pats( + unique int id: @tuple_pat +); + +#keyset[id, index] +tuple_pat_fields( + int id: @tuple_pat ref, + int index: int ref, + int field: @pat ref +); + +tuple_type_reprs( + unique int id: @tuple_type_repr +); + +#keyset[id, index] +tuple_type_repr_fields( + int id: @tuple_type_repr ref, + int index: int ref, + int field: @type_repr ref +); + +type_args( + unique int id: @type_arg +); + +#keyset[id] +type_arg_type_reprs( + int id: @type_arg ref, + int type_repr: @type_repr ref +); + +type_params( + unique int id: @type_param +); + +#keyset[id, index] +type_param_attrs( + int id: @type_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_param_default_types( + int id: @type_param ref, + int default_type: @type_repr ref +); + +#keyset[id] +type_param_names( + int id: @type_param ref, + int name: @name ref +); + +#keyset[id] +type_param_type_bound_lists( + int id: @type_param ref, + int type_bound_list: @type_bound_list ref +); + +underscore_exprs( + unique int id: @underscore_expr +); + +#keyset[id, index] +underscore_expr_attrs( + int id: @underscore_expr ref, + int index: int ref, + int attr: @attr ref +); + +variants( + unique int id: @variant +); + +#keyset[id, index] +variant_attrs( + int id: @variant ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +variant_discriminants( + int id: @variant ref, + int discriminant: @expr ref +); + +#keyset[id] +variant_field_lists( + int id: @variant ref, + int field_list: @field_list ref +); + +#keyset[id] +variant_names( + int id: @variant ref, + int name: @name ref +); + +#keyset[id] +variant_visibilities( + int id: @variant ref, + int visibility: @visibility ref +); + +wildcard_pats( + unique int id: @wildcard_pat +); + +yeet_exprs( + unique int id: @yeet_expr +); + +#keyset[id, index] +yeet_expr_attrs( + int id: @yeet_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yeet_expr_exprs( + int id: @yeet_expr ref, + int expr: @expr ref +); + +yield_exprs( + unique int id: @yield_expr +); + +#keyset[id, index] +yield_expr_attrs( + int id: @yield_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yield_expr_exprs( + int id: @yield_expr ref, + int expr: @expr ref +); + +block_exprs( + unique int id: @block_expr +); + +#keyset[id, index] +block_expr_attrs( + int id: @block_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +block_expr_is_async( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_const( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_gen( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_move( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_try( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_unsafe( + int id: @block_expr ref +); + +#keyset[id] +block_expr_stmt_lists( + int id: @block_expr ref, + int stmt_list: @stmt_list ref +); + +call_exprs( + unique int id: @call_expr +); + +#keyset[id] +call_expr_functions( + int id: @call_expr ref, + int function: @expr ref +); + +consts( + unique int id: @const +); + +#keyset[id, index] +const_attrs( + int id: @const ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_bodies( + int id: @const ref, + int body: @expr ref +); + +#keyset[id] +const_is_const( + int id: @const ref +); + +#keyset[id] +const_is_default( + int id: @const ref +); + +#keyset[id] +const_names( + int id: @const ref, + int name: @name ref +); + +#keyset[id] +const_type_reprs( + int id: @const ref, + int type_repr: @type_repr ref +); + +#keyset[id] +const_visibilities( + int id: @const ref, + int visibility: @visibility ref +); + +enums( + unique int id: @enum +); + +#keyset[id, index] +enum_attrs( + int id: @enum ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +enum_generic_param_lists( + int id: @enum ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +enum_names( + int id: @enum ref, + int name: @name ref +); + +#keyset[id] +enum_variant_lists( + int id: @enum ref, + int variant_list: @variant_list ref +); + +#keyset[id] +enum_visibilities( + int id: @enum ref, + int visibility: @visibility ref +); + +#keyset[id] +enum_where_clauses( + int id: @enum ref, + int where_clause: @where_clause ref +); + +extern_blocks( + unique int id: @extern_block +); + +#keyset[id] +extern_block_abis( + int id: @extern_block ref, + int abi: @abi ref +); + +#keyset[id, index] +extern_block_attrs( + int id: @extern_block ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_block_extern_item_lists( + int id: @extern_block ref, + int extern_item_list: @extern_item_list ref +); + +#keyset[id] +extern_block_is_unsafe( + int id: @extern_block ref +); + +extern_crates( + unique int id: @extern_crate +); + +#keyset[id, index] +extern_crate_attrs( + int id: @extern_crate ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_crate_identifiers( + int id: @extern_crate ref, + int identifier: @name_ref ref +); + +#keyset[id] +extern_crate_renames( + int id: @extern_crate ref, + int rename: @rename ref +); + +#keyset[id] +extern_crate_visibilities( + int id: @extern_crate ref, + int visibility: @visibility ref +); + +functions( + unique int id: @function +); + +#keyset[id] +function_abis( + int id: @function ref, + int abi: @abi ref +); + +#keyset[id] +function_bodies( + int id: @function ref, + int body: @block_expr ref +); + +#keyset[id] +function_generic_param_lists( + int id: @function ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +function_is_async( + int id: @function ref +); + +#keyset[id] +function_is_const( + int id: @function ref +); + +#keyset[id] +function_is_default( + int id: @function ref +); + +#keyset[id] +function_is_gen( + int id: @function ref +); + +#keyset[id] +function_is_unsafe( + int id: @function ref +); + +#keyset[id] +function_names( + int id: @function ref, + int name: @name ref +); + +#keyset[id] +function_ret_types( + int id: @function ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +function_visibilities( + int id: @function ref, + int visibility: @visibility ref +); + +#keyset[id] +function_where_clauses( + int id: @function ref, + int where_clause: @where_clause ref +); + +impls( + unique int id: @impl +); + +#keyset[id] +impl_assoc_item_lists( + int id: @impl ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +impl_attrs( + int id: @impl ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +impl_generic_param_lists( + int id: @impl ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +impl_is_const( + int id: @impl ref +); + +#keyset[id] +impl_is_default( + int id: @impl ref +); + +#keyset[id] +impl_is_unsafe( + int id: @impl ref +); + +#keyset[id] +impl_self_ties( + int id: @impl ref, + int self_ty: @type_repr ref +); + +#keyset[id] +impl_traits( + int id: @impl ref, + int trait: @type_repr ref +); + +#keyset[id] +impl_visibilities( + int id: @impl ref, + int visibility: @visibility ref +); + +#keyset[id] +impl_where_clauses( + int id: @impl ref, + int where_clause: @where_clause ref +); + +@looping_expr = + @for_expr +| @loop_expr +| @while_expr +; + +#keyset[id] +looping_expr_loop_bodies( + int id: @looping_expr ref, + int loop_body: @block_expr ref +); + +macro_calls( + unique int id: @macro_call +); + +#keyset[id, index] +macro_call_attrs( + int id: @macro_call ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_call_paths( + int id: @macro_call ref, + int path: @path ref +); + +#keyset[id] +macro_call_token_trees( + int id: @macro_call ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_call_expandeds( + int id: @macro_call ref, + int expanded: @ast_node ref +); + +macro_defs( + unique int id: @macro_def +); + +#keyset[id] +macro_def_args( + int id: @macro_def ref, + int args: @token_tree ref +); + +#keyset[id, index] +macro_def_attrs( + int id: @macro_def ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_def_bodies( + int id: @macro_def ref, + int body: @token_tree ref +); + +#keyset[id] +macro_def_names( + int id: @macro_def ref, + int name: @name ref +); + +#keyset[id] +macro_def_visibilities( + int id: @macro_def ref, + int visibility: @visibility ref +); + +macro_rules( + unique int id: @macro_rules +); + +#keyset[id, index] +macro_rules_attrs( + int id: @macro_rules ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_rules_names( + int id: @macro_rules ref, + int name: @name ref +); + +#keyset[id] +macro_rules_token_trees( + int id: @macro_rules ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_rules_visibilities( + int id: @macro_rules ref, + int visibility: @visibility ref +); + +method_call_exprs( + unique int id: @method_call_expr +); + +#keyset[id] +method_call_expr_generic_arg_lists( + int id: @method_call_expr ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +method_call_expr_identifiers( + int id: @method_call_expr ref, + int identifier: @name_ref ref +); + +#keyset[id] +method_call_expr_receivers( + int id: @method_call_expr ref, + int receiver: @expr ref +); + +modules( + unique int id: @module +); + +#keyset[id, index] +module_attrs( + int id: @module ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +module_item_lists( + int id: @module ref, + int item_list: @item_list ref +); + +#keyset[id] +module_names( + int id: @module ref, + int name: @name ref +); + +#keyset[id] +module_visibilities( + int id: @module ref, + int visibility: @visibility ref +); + +path_exprs( + unique int id: @path_expr +); + +#keyset[id, index] +path_expr_attrs( + int id: @path_expr ref, + int index: int ref, + int attr: @attr ref +); + +path_pats( + unique int id: @path_pat +); + +statics( + unique int id: @static +); + +#keyset[id, index] +static_attrs( + int id: @static ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +static_bodies( + int id: @static ref, + int body: @expr ref +); + +#keyset[id] +static_is_mut( + int id: @static ref +); + +#keyset[id] +static_is_static( + int id: @static ref +); + +#keyset[id] +static_is_unsafe( + int id: @static ref +); + +#keyset[id] +static_names( + int id: @static ref, + int name: @name ref +); + +#keyset[id] +static_type_reprs( + int id: @static ref, + int type_repr: @type_repr ref +); + +#keyset[id] +static_visibilities( + int id: @static ref, + int visibility: @visibility ref +); + +structs( + unique int id: @struct +); + +#keyset[id, index] +struct_attrs( + int id: @struct ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_lists_( + int id: @struct ref, + int field_list: @field_list ref +); + +#keyset[id] +struct_generic_param_lists( + int id: @struct ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +struct_names( + int id: @struct ref, + int name: @name ref +); + +#keyset[id] +struct_visibilities( + int id: @struct ref, + int visibility: @visibility ref +); + +#keyset[id] +struct_where_clauses( + int id: @struct ref, + int where_clause: @where_clause ref +); + +struct_exprs( + unique int id: @struct_expr +); + +#keyset[id] +struct_expr_struct_expr_field_lists( + int id: @struct_expr ref, + int struct_expr_field_list: @struct_expr_field_list ref +); + +struct_pats( + unique int id: @struct_pat +); + +#keyset[id] +struct_pat_struct_pat_field_lists( + int id: @struct_pat ref, + int struct_pat_field_list: @struct_pat_field_list ref +); + +traits( + unique int id: @trait +); + +#keyset[id] +trait_assoc_item_lists( + int id: @trait ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +trait_attrs( + int id: @trait ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_generic_param_lists( + int id: @trait ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_is_auto( + int id: @trait ref +); + +#keyset[id] +trait_is_unsafe( + int id: @trait ref +); + +#keyset[id] +trait_names( + int id: @trait ref, + int name: @name ref +); + +#keyset[id] +trait_type_bound_lists( + int id: @trait ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_visibilities( + int id: @trait ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_where_clauses( + int id: @trait ref, + int where_clause: @where_clause ref +); + +trait_aliases( + unique int id: @trait_alias +); + +#keyset[id, index] +trait_alias_attrs( + int id: @trait_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_alias_generic_param_lists( + int id: @trait_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_alias_names( + int id: @trait_alias ref, + int name: @name ref +); + +#keyset[id] +trait_alias_type_bound_lists( + int id: @trait_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_alias_visibilities( + int id: @trait_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_alias_where_clauses( + int id: @trait_alias ref, + int where_clause: @where_clause ref +); + +tuple_struct_pats( + unique int id: @tuple_struct_pat +); + +#keyset[id, index] +tuple_struct_pat_fields( + int id: @tuple_struct_pat ref, + int index: int ref, + int field: @pat ref +); + +type_aliases( + unique int id: @type_alias +); + +#keyset[id, index] +type_alias_attrs( + int id: @type_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_alias_generic_param_lists( + int id: @type_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +type_alias_is_default( + int id: @type_alias ref +); + +#keyset[id] +type_alias_names( + int id: @type_alias ref, + int name: @name ref +); + +#keyset[id] +type_alias_type_reprs( + int id: @type_alias ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_alias_type_bound_lists( + int id: @type_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +type_alias_visibilities( + int id: @type_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +type_alias_where_clauses( + int id: @type_alias ref, + int where_clause: @where_clause ref +); + +unions( + unique int id: @union +); + +#keyset[id, index] +union_attrs( + int id: @union ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +union_generic_param_lists( + int id: @union ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +union_names( + int id: @union ref, + int name: @name ref +); + +#keyset[id] +union_struct_field_lists( + int id: @union ref, + int struct_field_list: @struct_field_list ref +); + +#keyset[id] +union_visibilities( + int id: @union ref, + int visibility: @visibility ref +); + +#keyset[id] +union_where_clauses( + int id: @union ref, + int where_clause: @where_clause ref +); + +uses( + unique int id: @use +); + +#keyset[id, index] +use_attrs( + int id: @use ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +use_use_trees( + int id: @use ref, + int use_tree: @use_tree ref +); + +#keyset[id] +use_visibilities( + int id: @use ref, + int visibility: @visibility ref +); + +for_exprs( + unique int id: @for_expr +); + +#keyset[id, index] +for_expr_attrs( + int id: @for_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +for_expr_iterables( + int id: @for_expr ref, + int iterable: @expr ref +); + +#keyset[id] +for_expr_pats( + int id: @for_expr ref, + int pat: @pat ref +); + +loop_exprs( + unique int id: @loop_expr +); + +#keyset[id, index] +loop_expr_attrs( + int id: @loop_expr ref, + int index: int ref, + int attr: @attr ref +); + +while_exprs( + unique int id: @while_expr +); + +#keyset[id, index] +while_expr_attrs( + int id: @while_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +while_expr_conditions( + int id: @while_expr ref, + int condition: @expr ref +); diff --git a/rust/downgrades/qlpack.yml b/rust/downgrades/qlpack.yml new file mode 100644 index 000000000000..5bfaa9be4e50 --- /dev/null +++ b/rust/downgrades/qlpack.yml @@ -0,0 +1,5 @@ +name: codeql/rust-downgrades +groups: rust +downgrades: . +library: true +warnOnImplicitThis: true diff --git a/rust/ql/lib/upgrades/initial/rust.dbscheme b/rust/ql/lib/upgrades/initial/rust.dbscheme new file mode 100644 index 000000000000..256e80c2dcea --- /dev/null +++ b/rust/ql/lib/upgrades/initial/rust.dbscheme @@ -0,0 +1,3601 @@ +// generated by codegen, do not edit + +// from ../shared/tree-sitter-extractor/src/generator/prefix.dbscheme +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Empty location -*/ + +empty_location( + int location: @location_default ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + + +// from prefix.dbscheme +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_default ref +); + + +// from schema + +@element = + @extractor_step +| @locatable +| @named_crate +| @unextracted +; + +extractor_steps( + unique int id: @extractor_step, + string action: string ref, + int duration_ms: int ref +); + +#keyset[id] +extractor_step_files( + int id: @extractor_step ref, + int file: @file ref +); + +@locatable = + @ast_node +| @crate +; + +named_crates( + unique int id: @named_crate, + string name: string ref, + int crate: @crate ref +); + +@unextracted = + @missing +| @unimplemented +; + +@ast_node = + @abi +| @addressable +| @arg_list +| @asm_dir_spec +| @asm_operand +| @asm_operand_expr +| @asm_option +| @asm_piece +| @asm_reg_spec +| @assoc_item +| @assoc_item_list +| @attr +| @callable +| @closure_binder +| @expr +| @extern_item +| @extern_item_list +| @field_list +| @format_args_arg +| @generic_arg +| @generic_arg_list +| @generic_param +| @generic_param_list +| @item_list +| @label +| @let_else +| @macro_items +| @macro_stmts +| @match_arm +| @match_arm_list +| @match_guard +| @meta +| @name +| @param_base +| @param_list +| @parenthesized_arg_list +| @pat +| @path +| @path_segment +| @rename +| @resolvable +| @ret_type_repr +| @return_type_syntax +| @source_file +| @stmt +| @stmt_list +| @struct_expr_field +| @struct_expr_field_list +| @struct_field +| @struct_pat_field +| @struct_pat_field_list +| @token +| @token_tree +| @tuple_field +| @type_bound +| @type_bound_list +| @type_repr +| @use_bound_generic_arg +| @use_bound_generic_args +| @use_tree +| @use_tree_list +| @variant_def +| @variant_list +| @visibility +| @where_clause +| @where_pred +; + +crates( + unique int id: @crate +); + +#keyset[id] +crate_names( + int id: @crate ref, + string name: string ref +); + +#keyset[id] +crate_versions( + int id: @crate ref, + string version: string ref +); + +#keyset[id] +crate_modules( + int id: @crate ref, + int module: @module ref +); + +#keyset[id, index] +crate_cfg_options( + int id: @crate ref, + int index: int ref, + string cfg_option: string ref +); + +#keyset[id, index] +crate_named_dependencies( + int id: @crate ref, + int index: int ref, + int named_dependency: @named_crate ref +); + +missings( + unique int id: @missing +); + +unimplementeds( + unique int id: @unimplemented +); + +abis( + unique int id: @abi +); + +#keyset[id] +abi_abi_strings( + int id: @abi ref, + string abi_string: string ref +); + +@addressable = + @item +| @variant +; + +#keyset[id] +addressable_extended_canonical_paths( + int id: @addressable ref, + string extended_canonical_path: string ref +); + +#keyset[id] +addressable_crate_origins( + int id: @addressable ref, + string crate_origin: string ref +); + +arg_lists( + unique int id: @arg_list +); + +#keyset[id, index] +arg_list_args( + int id: @arg_list ref, + int index: int ref, + int arg: @expr ref +); + +asm_dir_specs( + unique int id: @asm_dir_spec +); + +@asm_operand = + @asm_const +| @asm_label +| @asm_reg_operand +| @asm_sym +; + +asm_operand_exprs( + unique int id: @asm_operand_expr +); + +#keyset[id] +asm_operand_expr_in_exprs( + int id: @asm_operand_expr ref, + int in_expr: @expr ref +); + +#keyset[id] +asm_operand_expr_out_exprs( + int id: @asm_operand_expr ref, + int out_expr: @expr ref +); + +asm_options( + unique int id: @asm_option +); + +#keyset[id] +asm_option_is_raw( + int id: @asm_option ref +); + +@asm_piece = + @asm_clobber_abi +| @asm_operand_named +| @asm_options_list +; + +asm_reg_specs( + unique int id: @asm_reg_spec +); + +#keyset[id] +asm_reg_spec_identifiers( + int id: @asm_reg_spec ref, + int identifier: @name_ref ref +); + +@assoc_item = + @const +| @function +| @macro_call +| @type_alias +; + +assoc_item_lists( + unique int id: @assoc_item_list +); + +#keyset[id, index] +assoc_item_list_assoc_items( + int id: @assoc_item_list ref, + int index: int ref, + int assoc_item: @assoc_item ref +); + +#keyset[id, index] +assoc_item_list_attrs( + int id: @assoc_item_list ref, + int index: int ref, + int attr: @attr ref +); + +attrs( + unique int id: @attr +); + +#keyset[id] +attr_meta( + int id: @attr ref, + int meta: @meta ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_param_lists( + int id: @callable ref, + int param_list: @param_list ref +); + +#keyset[id, index] +callable_attrs( + int id: @callable ref, + int index: int ref, + int attr: @attr ref +); + +closure_binders( + unique int id: @closure_binder +); + +#keyset[id] +closure_binder_generic_param_lists( + int id: @closure_binder ref, + int generic_param_list: @generic_param_list ref +); + +@expr = + @array_expr_internal +| @asm_expr +| @await_expr +| @become_expr +| @binary_expr +| @break_expr +| @call_expr_base +| @cast_expr +| @closure_expr +| @continue_expr +| @field_expr +| @format_args_expr +| @if_expr +| @index_expr +| @labelable_expr +| @let_expr +| @literal_expr +| @macro_expr +| @match_expr +| @offset_of_expr +| @paren_expr +| @path_expr_base +| @prefix_expr +| @range_expr +| @ref_expr +| @return_expr +| @struct_expr +| @try_expr +| @tuple_expr +| @underscore_expr +| @yeet_expr +| @yield_expr +; + +@extern_item = + @function +| @macro_call +| @static +| @type_alias +; + +extern_item_lists( + unique int id: @extern_item_list +); + +#keyset[id, index] +extern_item_list_attrs( + int id: @extern_item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +extern_item_list_extern_items( + int id: @extern_item_list ref, + int index: int ref, + int extern_item: @extern_item ref +); + +@field_list = + @struct_field_list +| @tuple_field_list +; + +format_args_args( + unique int id: @format_args_arg +); + +#keyset[id] +format_args_arg_exprs( + int id: @format_args_arg ref, + int expr: @expr ref +); + +#keyset[id] +format_args_arg_names( + int id: @format_args_arg ref, + int name: @name ref +); + +@generic_arg = + @assoc_type_arg +| @const_arg +| @lifetime_arg +| @type_arg +; + +generic_arg_lists( + unique int id: @generic_arg_list +); + +#keyset[id, index] +generic_arg_list_generic_args( + int id: @generic_arg_list ref, + int index: int ref, + int generic_arg: @generic_arg ref +); + +@generic_param = + @const_param +| @lifetime_param +| @type_param +; + +generic_param_lists( + unique int id: @generic_param_list +); + +#keyset[id, index] +generic_param_list_generic_params( + int id: @generic_param_list ref, + int index: int ref, + int generic_param: @generic_param ref +); + +item_lists( + unique int id: @item_list +); + +#keyset[id, index] +item_list_attrs( + int id: @item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +item_list_items( + int id: @item_list ref, + int index: int ref, + int item: @item ref +); + +labels( + unique int id: @label +); + +#keyset[id] +label_lifetimes( + int id: @label ref, + int lifetime: @lifetime ref +); + +let_elses( + unique int id: @let_else +); + +#keyset[id] +let_else_block_exprs( + int id: @let_else ref, + int block_expr: @block_expr ref +); + +macro_items( + unique int id: @macro_items +); + +#keyset[id, index] +macro_items_items( + int id: @macro_items ref, + int index: int ref, + int item: @item ref +); + +macro_stmts( + unique int id: @macro_stmts +); + +#keyset[id] +macro_stmts_exprs( + int id: @macro_stmts ref, + int expr: @expr ref +); + +#keyset[id, index] +macro_stmts_statements( + int id: @macro_stmts ref, + int index: int ref, + int statement: @stmt ref +); + +match_arms( + unique int id: @match_arm +); + +#keyset[id, index] +match_arm_attrs( + int id: @match_arm ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_arm_exprs( + int id: @match_arm ref, + int expr: @expr ref +); + +#keyset[id] +match_arm_guards( + int id: @match_arm ref, + int guard: @match_guard ref +); + +#keyset[id] +match_arm_pats( + int id: @match_arm ref, + int pat: @pat ref +); + +match_arm_lists( + unique int id: @match_arm_list +); + +#keyset[id, index] +match_arm_list_arms( + int id: @match_arm_list ref, + int index: int ref, + int arm: @match_arm ref +); + +#keyset[id, index] +match_arm_list_attrs( + int id: @match_arm_list ref, + int index: int ref, + int attr: @attr ref +); + +match_guards( + unique int id: @match_guard +); + +#keyset[id] +match_guard_conditions( + int id: @match_guard ref, + int condition: @expr ref +); + +meta( + unique int id: @meta +); + +#keyset[id] +meta_exprs( + int id: @meta ref, + int expr: @expr ref +); + +#keyset[id] +meta_is_unsafe( + int id: @meta ref +); + +#keyset[id] +meta_paths( + int id: @meta ref, + int path: @path ref +); + +#keyset[id] +meta_token_trees( + int id: @meta ref, + int token_tree: @token_tree ref +); + +names( + unique int id: @name +); + +#keyset[id] +name_texts( + int id: @name ref, + string text: string ref +); + +@param_base = + @param +| @self_param +; + +#keyset[id, index] +param_base_attrs( + int id: @param_base ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +param_base_type_reprs( + int id: @param_base ref, + int type_repr: @type_repr ref +); + +param_lists( + unique int id: @param_list +); + +#keyset[id, index] +param_list_params( + int id: @param_list ref, + int index: int ref, + int param: @param ref +); + +#keyset[id] +param_list_self_params( + int id: @param_list ref, + int self_param: @self_param ref +); + +parenthesized_arg_lists( + unique int id: @parenthesized_arg_list +); + +#keyset[id, index] +parenthesized_arg_list_type_args( + int id: @parenthesized_arg_list ref, + int index: int ref, + int type_arg: @type_arg ref +); + +@pat = + @box_pat +| @const_block_pat +| @ident_pat +| @literal_pat +| @macro_pat +| @or_pat +| @paren_pat +| @path_pat +| @range_pat +| @ref_pat +| @rest_pat +| @slice_pat +| @struct_pat +| @tuple_pat +| @tuple_struct_pat +| @wildcard_pat +; + +paths( + unique int id: @path +); + +#keyset[id] +path_qualifiers( + int id: @path ref, + int qualifier: @path ref +); + +#keyset[id] +path_segments_( + int id: @path ref, + int segment: @path_segment ref +); + +path_segments( + unique int id: @path_segment +); + +#keyset[id] +path_segment_generic_arg_lists( + int id: @path_segment ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +path_segment_identifiers( + int id: @path_segment ref, + int identifier: @name_ref ref +); + +#keyset[id] +path_segment_parenthesized_arg_lists( + int id: @path_segment ref, + int parenthesized_arg_list: @parenthesized_arg_list ref +); + +#keyset[id] +path_segment_ret_types( + int id: @path_segment ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +path_segment_return_type_syntaxes( + int id: @path_segment ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +path_segment_type_reprs( + int id: @path_segment ref, + int type_repr: @type_repr ref +); + +#keyset[id] +path_segment_trait_type_reprs( + int id: @path_segment ref, + int trait_type_repr: @path_type_repr ref +); + +renames( + unique int id: @rename +); + +#keyset[id] +rename_names( + int id: @rename ref, + int name: @name ref +); + +@resolvable = + @method_call_expr +| @path_ast_node +; + +#keyset[id] +resolvable_resolved_paths( + int id: @resolvable ref, + string resolved_path: string ref +); + +#keyset[id] +resolvable_resolved_crate_origins( + int id: @resolvable ref, + string resolved_crate_origin: string ref +); + +ret_type_reprs( + unique int id: @ret_type_repr +); + +#keyset[id] +ret_type_repr_type_reprs( + int id: @ret_type_repr ref, + int type_repr: @type_repr ref +); + +return_type_syntaxes( + unique int id: @return_type_syntax +); + +source_files( + unique int id: @source_file +); + +#keyset[id, index] +source_file_attrs( + int id: @source_file ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +source_file_items( + int id: @source_file ref, + int index: int ref, + int item: @item ref +); + +@stmt = + @expr_stmt +| @item +| @let_stmt +; + +stmt_lists( + unique int id: @stmt_list +); + +#keyset[id, index] +stmt_list_attrs( + int id: @stmt_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +stmt_list_statements( + int id: @stmt_list ref, + int index: int ref, + int statement: @stmt ref +); + +#keyset[id] +stmt_list_tail_exprs( + int id: @stmt_list ref, + int tail_expr: @expr ref +); + +struct_expr_fields( + unique int id: @struct_expr_field +); + +#keyset[id, index] +struct_expr_field_attrs( + int id: @struct_expr_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_expr_field_exprs( + int id: @struct_expr_field ref, + int expr: @expr ref +); + +#keyset[id] +struct_expr_field_identifiers( + int id: @struct_expr_field ref, + int identifier: @name_ref ref +); + +struct_expr_field_lists( + unique int id: @struct_expr_field_list +); + +#keyset[id, index] +struct_expr_field_list_attrs( + int id: @struct_expr_field_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +struct_expr_field_list_fields( + int id: @struct_expr_field_list ref, + int index: int ref, + int field: @struct_expr_field ref +); + +#keyset[id] +struct_expr_field_list_spreads( + int id: @struct_expr_field_list ref, + int spread: @expr ref +); + +struct_fields( + unique int id: @struct_field +); + +#keyset[id, index] +struct_field_attrs( + int id: @struct_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_defaults( + int id: @struct_field ref, + int default: @expr ref +); + +#keyset[id] +struct_field_names( + int id: @struct_field ref, + int name: @name ref +); + +#keyset[id] +struct_field_type_reprs( + int id: @struct_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +struct_field_visibilities( + int id: @struct_field ref, + int visibility: @visibility ref +); + +struct_pat_fields( + unique int id: @struct_pat_field +); + +#keyset[id, index] +struct_pat_field_attrs( + int id: @struct_pat_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_pat_field_identifiers( + int id: @struct_pat_field ref, + int identifier: @name_ref ref +); + +#keyset[id] +struct_pat_field_pats( + int id: @struct_pat_field ref, + int pat: @pat ref +); + +struct_pat_field_lists( + unique int id: @struct_pat_field_list +); + +#keyset[id, index] +struct_pat_field_list_fields( + int id: @struct_pat_field_list ref, + int index: int ref, + int field: @struct_pat_field ref +); + +#keyset[id] +struct_pat_field_list_rest_pats( + int id: @struct_pat_field_list ref, + int rest_pat: @rest_pat ref +); + +@token = + @comment +; + +token_trees( + unique int id: @token_tree +); + +tuple_fields( + unique int id: @tuple_field +); + +#keyset[id, index] +tuple_field_attrs( + int id: @tuple_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +tuple_field_type_reprs( + int id: @tuple_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +tuple_field_visibilities( + int id: @tuple_field ref, + int visibility: @visibility ref +); + +type_bounds( + unique int id: @type_bound +); + +#keyset[id] +type_bound_is_async( + int id: @type_bound ref +); + +#keyset[id] +type_bound_is_const( + int id: @type_bound ref +); + +#keyset[id] +type_bound_lifetimes( + int id: @type_bound ref, + int lifetime: @lifetime ref +); + +#keyset[id] +type_bound_type_reprs( + int id: @type_bound ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_bound_use_bound_generic_args( + int id: @type_bound ref, + int use_bound_generic_args: @use_bound_generic_args ref +); + +type_bound_lists( + unique int id: @type_bound_list +); + +#keyset[id, index] +type_bound_list_bounds( + int id: @type_bound_list ref, + int index: int ref, + int bound: @type_bound ref +); + +@type_repr = + @array_type_repr +| @dyn_trait_type_repr +| @fn_ptr_type_repr +| @for_type_repr +| @impl_trait_type_repr +| @infer_type_repr +| @macro_type_repr +| @never_type_repr +| @paren_type_repr +| @path_type_repr +| @ptr_type_repr +| @ref_type_repr +| @slice_type_repr +| @tuple_type_repr +; + +@use_bound_generic_arg = + @lifetime +| @name_ref +; + +use_bound_generic_args( + unique int id: @use_bound_generic_args +); + +#keyset[id, index] +use_bound_generic_args_use_bound_generic_args( + int id: @use_bound_generic_args ref, + int index: int ref, + int use_bound_generic_arg: @use_bound_generic_arg ref +); + +use_trees( + unique int id: @use_tree +); + +#keyset[id] +use_tree_is_glob( + int id: @use_tree ref +); + +#keyset[id] +use_tree_paths( + int id: @use_tree ref, + int path: @path ref +); + +#keyset[id] +use_tree_renames( + int id: @use_tree ref, + int rename: @rename ref +); + +#keyset[id] +use_tree_use_tree_lists( + int id: @use_tree ref, + int use_tree_list: @use_tree_list ref +); + +use_tree_lists( + unique int id: @use_tree_list +); + +#keyset[id, index] +use_tree_list_use_trees( + int id: @use_tree_list ref, + int index: int ref, + int use_tree: @use_tree ref +); + +@variant_def = + @struct +| @union +| @variant +; + +variant_lists( + unique int id: @variant_list +); + +#keyset[id, index] +variant_list_variants( + int id: @variant_list ref, + int index: int ref, + int variant: @variant ref +); + +visibilities( + unique int id: @visibility +); + +#keyset[id] +visibility_paths( + int id: @visibility ref, + int path: @path ref +); + +where_clauses( + unique int id: @where_clause +); + +#keyset[id, index] +where_clause_predicates( + int id: @where_clause ref, + int index: int ref, + int predicate: @where_pred ref +); + +where_preds( + unique int id: @where_pred +); + +#keyset[id] +where_pred_generic_param_lists( + int id: @where_pred ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +where_pred_lifetimes( + int id: @where_pred ref, + int lifetime: @lifetime ref +); + +#keyset[id] +where_pred_type_reprs( + int id: @where_pred ref, + int type_repr: @type_repr ref +); + +#keyset[id] +where_pred_type_bound_lists( + int id: @where_pred ref, + int type_bound_list: @type_bound_list ref +); + +array_expr_internals( + unique int id: @array_expr_internal +); + +#keyset[id, index] +array_expr_internal_attrs( + int id: @array_expr_internal ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +array_expr_internal_exprs( + int id: @array_expr_internal ref, + int index: int ref, + int expr: @expr ref +); + +#keyset[id] +array_expr_internal_is_semicolon( + int id: @array_expr_internal ref +); + +array_type_reprs( + unique int id: @array_type_repr +); + +#keyset[id] +array_type_repr_const_args( + int id: @array_type_repr ref, + int const_arg: @const_arg ref +); + +#keyset[id] +array_type_repr_element_type_reprs( + int id: @array_type_repr ref, + int element_type_repr: @type_repr ref +); + +asm_clobber_abis( + unique int id: @asm_clobber_abi +); + +asm_consts( + unique int id: @asm_const +); + +#keyset[id] +asm_const_exprs( + int id: @asm_const ref, + int expr: @expr ref +); + +#keyset[id] +asm_const_is_const( + int id: @asm_const ref +); + +asm_exprs( + unique int id: @asm_expr +); + +#keyset[id, index] +asm_expr_asm_pieces( + int id: @asm_expr ref, + int index: int ref, + int asm_piece: @asm_piece ref +); + +#keyset[id, index] +asm_expr_attrs( + int id: @asm_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +asm_expr_templates( + int id: @asm_expr ref, + int index: int ref, + int template: @expr ref +); + +asm_labels( + unique int id: @asm_label +); + +#keyset[id] +asm_label_block_exprs( + int id: @asm_label ref, + int block_expr: @block_expr ref +); + +asm_operand_nameds( + unique int id: @asm_operand_named +); + +#keyset[id] +asm_operand_named_asm_operands( + int id: @asm_operand_named ref, + int asm_operand: @asm_operand ref +); + +#keyset[id] +asm_operand_named_names( + int id: @asm_operand_named ref, + int name: @name ref +); + +asm_options_lists( + unique int id: @asm_options_list +); + +#keyset[id, index] +asm_options_list_asm_options( + int id: @asm_options_list ref, + int index: int ref, + int asm_option: @asm_option ref +); + +asm_reg_operands( + unique int id: @asm_reg_operand +); + +#keyset[id] +asm_reg_operand_asm_dir_specs( + int id: @asm_reg_operand ref, + int asm_dir_spec: @asm_dir_spec ref +); + +#keyset[id] +asm_reg_operand_asm_operand_exprs( + int id: @asm_reg_operand ref, + int asm_operand_expr: @asm_operand_expr ref +); + +#keyset[id] +asm_reg_operand_asm_reg_specs( + int id: @asm_reg_operand ref, + int asm_reg_spec: @asm_reg_spec ref +); + +asm_syms( + unique int id: @asm_sym +); + +#keyset[id] +asm_sym_paths( + int id: @asm_sym ref, + int path: @path ref +); + +assoc_type_args( + unique int id: @assoc_type_arg +); + +#keyset[id] +assoc_type_arg_const_args( + int id: @assoc_type_arg ref, + int const_arg: @const_arg ref +); + +#keyset[id] +assoc_type_arg_generic_arg_lists( + int id: @assoc_type_arg ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +assoc_type_arg_identifiers( + int id: @assoc_type_arg ref, + int identifier: @name_ref ref +); + +#keyset[id] +assoc_type_arg_param_lists( + int id: @assoc_type_arg ref, + int param_list: @param_list ref +); + +#keyset[id] +assoc_type_arg_ret_types( + int id: @assoc_type_arg ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +assoc_type_arg_return_type_syntaxes( + int id: @assoc_type_arg ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +assoc_type_arg_type_reprs( + int id: @assoc_type_arg ref, + int type_repr: @type_repr ref +); + +#keyset[id] +assoc_type_arg_type_bound_lists( + int id: @assoc_type_arg ref, + int type_bound_list: @type_bound_list ref +); + +await_exprs( + unique int id: @await_expr +); + +#keyset[id, index] +await_expr_attrs( + int id: @await_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +await_expr_exprs( + int id: @await_expr ref, + int expr: @expr ref +); + +become_exprs( + unique int id: @become_expr +); + +#keyset[id, index] +become_expr_attrs( + int id: @become_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +become_expr_exprs( + int id: @become_expr ref, + int expr: @expr ref +); + +binary_exprs( + unique int id: @binary_expr +); + +#keyset[id, index] +binary_expr_attrs( + int id: @binary_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +binary_expr_lhs( + int id: @binary_expr ref, + int lhs: @expr ref +); + +#keyset[id] +binary_expr_operator_names( + int id: @binary_expr ref, + string operator_name: string ref +); + +#keyset[id] +binary_expr_rhs( + int id: @binary_expr ref, + int rhs: @expr ref +); + +box_pats( + unique int id: @box_pat +); + +#keyset[id] +box_pat_pats( + int id: @box_pat ref, + int pat: @pat ref +); + +break_exprs( + unique int id: @break_expr +); + +#keyset[id, index] +break_expr_attrs( + int id: @break_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +break_expr_exprs( + int id: @break_expr ref, + int expr: @expr ref +); + +#keyset[id] +break_expr_lifetimes( + int id: @break_expr ref, + int lifetime: @lifetime ref +); + +@call_expr_base = + @call_expr +| @method_call_expr +; + +#keyset[id] +call_expr_base_arg_lists( + int id: @call_expr_base ref, + int arg_list: @arg_list ref +); + +#keyset[id, index] +call_expr_base_attrs( + int id: @call_expr_base ref, + int index: int ref, + int attr: @attr ref +); + +cast_exprs( + unique int id: @cast_expr +); + +#keyset[id, index] +cast_expr_attrs( + int id: @cast_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +cast_expr_exprs( + int id: @cast_expr ref, + int expr: @expr ref +); + +#keyset[id] +cast_expr_type_reprs( + int id: @cast_expr ref, + int type_repr: @type_repr ref +); + +closure_exprs( + unique int id: @closure_expr +); + +#keyset[id] +closure_expr_bodies( + int id: @closure_expr ref, + int body: @expr ref +); + +#keyset[id] +closure_expr_closure_binders( + int id: @closure_expr ref, + int closure_binder: @closure_binder ref +); + +#keyset[id] +closure_expr_is_async( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_const( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_gen( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_move( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_static( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_ret_types( + int id: @closure_expr ref, + int ret_type: @ret_type_repr ref +); + +comments( + unique int id: @comment, + int parent: @ast_node ref, + string text: string ref +); + +const_args( + unique int id: @const_arg +); + +#keyset[id] +const_arg_exprs( + int id: @const_arg ref, + int expr: @expr ref +); + +const_block_pats( + unique int id: @const_block_pat +); + +#keyset[id] +const_block_pat_block_exprs( + int id: @const_block_pat ref, + int block_expr: @block_expr ref +); + +#keyset[id] +const_block_pat_is_const( + int id: @const_block_pat ref +); + +const_params( + unique int id: @const_param +); + +#keyset[id, index] +const_param_attrs( + int id: @const_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_param_default_vals( + int id: @const_param ref, + int default_val: @const_arg ref +); + +#keyset[id] +const_param_is_const( + int id: @const_param ref +); + +#keyset[id] +const_param_names( + int id: @const_param ref, + int name: @name ref +); + +#keyset[id] +const_param_type_reprs( + int id: @const_param ref, + int type_repr: @type_repr ref +); + +continue_exprs( + unique int id: @continue_expr +); + +#keyset[id, index] +continue_expr_attrs( + int id: @continue_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +continue_expr_lifetimes( + int id: @continue_expr ref, + int lifetime: @lifetime ref +); + +dyn_trait_type_reprs( + unique int id: @dyn_trait_type_repr +); + +#keyset[id] +dyn_trait_type_repr_type_bound_lists( + int id: @dyn_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +expr_stmts( + unique int id: @expr_stmt +); + +#keyset[id] +expr_stmt_exprs( + int id: @expr_stmt ref, + int expr: @expr ref +); + +field_exprs( + unique int id: @field_expr +); + +#keyset[id, index] +field_expr_attrs( + int id: @field_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +field_expr_containers( + int id: @field_expr ref, + int container: @expr ref +); + +#keyset[id] +field_expr_identifiers( + int id: @field_expr ref, + int identifier: @name_ref ref +); + +fn_ptr_type_reprs( + unique int id: @fn_ptr_type_repr +); + +#keyset[id] +fn_ptr_type_repr_abis( + int id: @fn_ptr_type_repr ref, + int abi: @abi ref +); + +#keyset[id] +fn_ptr_type_repr_is_async( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_const( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_unsafe( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_param_lists( + int id: @fn_ptr_type_repr ref, + int param_list: @param_list ref +); + +#keyset[id] +fn_ptr_type_repr_ret_types( + int id: @fn_ptr_type_repr ref, + int ret_type: @ret_type_repr ref +); + +for_type_reprs( + unique int id: @for_type_repr +); + +#keyset[id] +for_type_repr_generic_param_lists( + int id: @for_type_repr ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +for_type_repr_type_reprs( + int id: @for_type_repr ref, + int type_repr: @type_repr ref +); + +format_args_exprs( + unique int id: @format_args_expr +); + +#keyset[id, index] +format_args_expr_args( + int id: @format_args_expr ref, + int index: int ref, + int arg: @format_args_arg ref +); + +#keyset[id, index] +format_args_expr_attrs( + int id: @format_args_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +format_args_expr_templates( + int id: @format_args_expr ref, + int template: @expr ref +); + +ident_pats( + unique int id: @ident_pat +); + +#keyset[id, index] +ident_pat_attrs( + int id: @ident_pat ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ident_pat_is_mut( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_is_ref( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_names( + int id: @ident_pat ref, + int name: @name ref +); + +#keyset[id] +ident_pat_pats( + int id: @ident_pat ref, + int pat: @pat ref +); + +if_exprs( + unique int id: @if_expr +); + +#keyset[id, index] +if_expr_attrs( + int id: @if_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +if_expr_conditions( + int id: @if_expr ref, + int condition: @expr ref +); + +#keyset[id] +if_expr_elses( + int id: @if_expr ref, + int else: @expr ref +); + +#keyset[id] +if_expr_thens( + int id: @if_expr ref, + int then: @block_expr ref +); + +impl_trait_type_reprs( + unique int id: @impl_trait_type_repr +); + +#keyset[id] +impl_trait_type_repr_type_bound_lists( + int id: @impl_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +index_exprs( + unique int id: @index_expr +); + +#keyset[id, index] +index_expr_attrs( + int id: @index_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +index_expr_bases( + int id: @index_expr ref, + int base: @expr ref +); + +#keyset[id] +index_expr_indices( + int id: @index_expr ref, + int index: @expr ref +); + +infer_type_reprs( + unique int id: @infer_type_repr +); + +@item = + @const +| @enum +| @extern_block +| @extern_crate +| @function +| @impl +| @macro_call +| @macro_def +| @macro_rules +| @module +| @static +| @struct +| @trait +| @trait_alias +| @type_alias +| @union +| @use +; + +@labelable_expr = + @block_expr +| @looping_expr +; + +#keyset[id] +labelable_expr_labels( + int id: @labelable_expr ref, + int label: @label ref +); + +let_exprs( + unique int id: @let_expr +); + +#keyset[id, index] +let_expr_attrs( + int id: @let_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_expr_scrutinees( + int id: @let_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +let_expr_pats( + int id: @let_expr ref, + int pat: @pat ref +); + +let_stmts( + unique int id: @let_stmt +); + +#keyset[id, index] +let_stmt_attrs( + int id: @let_stmt ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_stmt_initializers( + int id: @let_stmt ref, + int initializer: @expr ref +); + +#keyset[id] +let_stmt_let_elses( + int id: @let_stmt ref, + int let_else: @let_else ref +); + +#keyset[id] +let_stmt_pats( + int id: @let_stmt ref, + int pat: @pat ref +); + +#keyset[id] +let_stmt_type_reprs( + int id: @let_stmt ref, + int type_repr: @type_repr ref +); + +lifetimes( + unique int id: @lifetime +); + +#keyset[id] +lifetime_texts( + int id: @lifetime ref, + string text: string ref +); + +lifetime_args( + unique int id: @lifetime_arg +); + +#keyset[id] +lifetime_arg_lifetimes( + int id: @lifetime_arg ref, + int lifetime: @lifetime ref +); + +lifetime_params( + unique int id: @lifetime_param +); + +#keyset[id, index] +lifetime_param_attrs( + int id: @lifetime_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +lifetime_param_lifetimes( + int id: @lifetime_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +lifetime_param_type_bound_lists( + int id: @lifetime_param ref, + int type_bound_list: @type_bound_list ref +); + +literal_exprs( + unique int id: @literal_expr +); + +#keyset[id, index] +literal_expr_attrs( + int id: @literal_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +literal_expr_text_values( + int id: @literal_expr ref, + string text_value: string ref +); + +literal_pats( + unique int id: @literal_pat +); + +#keyset[id] +literal_pat_literals( + int id: @literal_pat ref, + int literal: @literal_expr ref +); + +macro_exprs( + unique int id: @macro_expr +); + +#keyset[id] +macro_expr_macro_calls( + int id: @macro_expr ref, + int macro_call: @macro_call ref +); + +macro_pats( + unique int id: @macro_pat +); + +#keyset[id] +macro_pat_macro_calls( + int id: @macro_pat ref, + int macro_call: @macro_call ref +); + +macro_type_reprs( + unique int id: @macro_type_repr +); + +#keyset[id] +macro_type_repr_macro_calls( + int id: @macro_type_repr ref, + int macro_call: @macro_call ref +); + +match_exprs( + unique int id: @match_expr +); + +#keyset[id, index] +match_expr_attrs( + int id: @match_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_expr_scrutinees( + int id: @match_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +match_expr_match_arm_lists( + int id: @match_expr ref, + int match_arm_list: @match_arm_list ref +); + +name_refs( + unique int id: @name_ref +); + +#keyset[id] +name_ref_texts( + int id: @name_ref ref, + string text: string ref +); + +never_type_reprs( + unique int id: @never_type_repr +); + +offset_of_exprs( + unique int id: @offset_of_expr +); + +#keyset[id, index] +offset_of_expr_attrs( + int id: @offset_of_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +offset_of_expr_fields( + int id: @offset_of_expr ref, + int index: int ref, + int field: @name_ref ref +); + +#keyset[id] +offset_of_expr_type_reprs( + int id: @offset_of_expr ref, + int type_repr: @type_repr ref +); + +or_pats( + unique int id: @or_pat +); + +#keyset[id, index] +or_pat_pats( + int id: @or_pat ref, + int index: int ref, + int pat: @pat ref +); + +params( + unique int id: @param +); + +#keyset[id] +param_pats( + int id: @param ref, + int pat: @pat ref +); + +paren_exprs( + unique int id: @paren_expr +); + +#keyset[id, index] +paren_expr_attrs( + int id: @paren_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +paren_expr_exprs( + int id: @paren_expr ref, + int expr: @expr ref +); + +paren_pats( + unique int id: @paren_pat +); + +#keyset[id] +paren_pat_pats( + int id: @paren_pat ref, + int pat: @pat ref +); + +paren_type_reprs( + unique int id: @paren_type_repr +); + +#keyset[id] +paren_type_repr_type_reprs( + int id: @paren_type_repr ref, + int type_repr: @type_repr ref +); + +@path_ast_node = + @path_expr +| @path_pat +| @struct_expr +| @struct_pat +| @tuple_struct_pat +; + +#keyset[id] +path_ast_node_paths( + int id: @path_ast_node ref, + int path: @path ref +); + +@path_expr_base = + @path_expr +; + +path_type_reprs( + unique int id: @path_type_repr +); + +#keyset[id] +path_type_repr_paths( + int id: @path_type_repr ref, + int path: @path ref +); + +prefix_exprs( + unique int id: @prefix_expr +); + +#keyset[id, index] +prefix_expr_attrs( + int id: @prefix_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +prefix_expr_exprs( + int id: @prefix_expr ref, + int expr: @expr ref +); + +#keyset[id] +prefix_expr_operator_names( + int id: @prefix_expr ref, + string operator_name: string ref +); + +ptr_type_reprs( + unique int id: @ptr_type_repr +); + +#keyset[id] +ptr_type_repr_is_const( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_is_mut( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_type_reprs( + int id: @ptr_type_repr ref, + int type_repr: @type_repr ref +); + +range_exprs( + unique int id: @range_expr +); + +#keyset[id, index] +range_expr_attrs( + int id: @range_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +range_expr_ends( + int id: @range_expr ref, + int end: @expr ref +); + +#keyset[id] +range_expr_operator_names( + int id: @range_expr ref, + string operator_name: string ref +); + +#keyset[id] +range_expr_starts( + int id: @range_expr ref, + int start: @expr ref +); + +range_pats( + unique int id: @range_pat +); + +#keyset[id] +range_pat_ends( + int id: @range_pat ref, + int end: @pat ref +); + +#keyset[id] +range_pat_operator_names( + int id: @range_pat ref, + string operator_name: string ref +); + +#keyset[id] +range_pat_starts( + int id: @range_pat ref, + int start: @pat ref +); + +ref_exprs( + unique int id: @ref_expr +); + +#keyset[id, index] +ref_expr_attrs( + int id: @ref_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ref_expr_exprs( + int id: @ref_expr ref, + int expr: @expr ref +); + +#keyset[id] +ref_expr_is_const( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_mut( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_raw( + int id: @ref_expr ref +); + +ref_pats( + unique int id: @ref_pat +); + +#keyset[id] +ref_pat_is_mut( + int id: @ref_pat ref +); + +#keyset[id] +ref_pat_pats( + int id: @ref_pat ref, + int pat: @pat ref +); + +ref_type_reprs( + unique int id: @ref_type_repr +); + +#keyset[id] +ref_type_repr_is_mut( + int id: @ref_type_repr ref +); + +#keyset[id] +ref_type_repr_lifetimes( + int id: @ref_type_repr ref, + int lifetime: @lifetime ref +); + +#keyset[id] +ref_type_repr_type_reprs( + int id: @ref_type_repr ref, + int type_repr: @type_repr ref +); + +rest_pats( + unique int id: @rest_pat +); + +#keyset[id, index] +rest_pat_attrs( + int id: @rest_pat ref, + int index: int ref, + int attr: @attr ref +); + +return_exprs( + unique int id: @return_expr +); + +#keyset[id, index] +return_expr_attrs( + int id: @return_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +return_expr_exprs( + int id: @return_expr ref, + int expr: @expr ref +); + +self_params( + unique int id: @self_param +); + +#keyset[id] +self_param_is_ref( + int id: @self_param ref +); + +#keyset[id] +self_param_is_mut( + int id: @self_param ref +); + +#keyset[id] +self_param_lifetimes( + int id: @self_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +self_param_names( + int id: @self_param ref, + int name: @name ref +); + +slice_pats( + unique int id: @slice_pat +); + +#keyset[id, index] +slice_pat_pats( + int id: @slice_pat ref, + int index: int ref, + int pat: @pat ref +); + +slice_type_reprs( + unique int id: @slice_type_repr +); + +#keyset[id] +slice_type_repr_type_reprs( + int id: @slice_type_repr ref, + int type_repr: @type_repr ref +); + +struct_field_lists( + unique int id: @struct_field_list +); + +#keyset[id, index] +struct_field_list_fields( + int id: @struct_field_list ref, + int index: int ref, + int field: @struct_field ref +); + +try_exprs( + unique int id: @try_expr +); + +#keyset[id, index] +try_expr_attrs( + int id: @try_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +try_expr_exprs( + int id: @try_expr ref, + int expr: @expr ref +); + +tuple_exprs( + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_attrs( + int id: @tuple_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +tuple_expr_fields( + int id: @tuple_expr ref, + int index: int ref, + int field: @expr ref +); + +tuple_field_lists( + unique int id: @tuple_field_list +); + +#keyset[id, index] +tuple_field_list_fields( + int id: @tuple_field_list ref, + int index: int ref, + int field: @tuple_field ref +); + +tuple_pats( + unique int id: @tuple_pat +); + +#keyset[id, index] +tuple_pat_fields( + int id: @tuple_pat ref, + int index: int ref, + int field: @pat ref +); + +tuple_type_reprs( + unique int id: @tuple_type_repr +); + +#keyset[id, index] +tuple_type_repr_fields( + int id: @tuple_type_repr ref, + int index: int ref, + int field: @type_repr ref +); + +type_args( + unique int id: @type_arg +); + +#keyset[id] +type_arg_type_reprs( + int id: @type_arg ref, + int type_repr: @type_repr ref +); + +type_params( + unique int id: @type_param +); + +#keyset[id, index] +type_param_attrs( + int id: @type_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_param_default_types( + int id: @type_param ref, + int default_type: @type_repr ref +); + +#keyset[id] +type_param_names( + int id: @type_param ref, + int name: @name ref +); + +#keyset[id] +type_param_type_bound_lists( + int id: @type_param ref, + int type_bound_list: @type_bound_list ref +); + +underscore_exprs( + unique int id: @underscore_expr +); + +#keyset[id, index] +underscore_expr_attrs( + int id: @underscore_expr ref, + int index: int ref, + int attr: @attr ref +); + +variants( + unique int id: @variant +); + +#keyset[id, index] +variant_attrs( + int id: @variant ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +variant_discriminants( + int id: @variant ref, + int discriminant: @expr ref +); + +#keyset[id] +variant_field_lists( + int id: @variant ref, + int field_list: @field_list ref +); + +#keyset[id] +variant_names( + int id: @variant ref, + int name: @name ref +); + +#keyset[id] +variant_visibilities( + int id: @variant ref, + int visibility: @visibility ref +); + +wildcard_pats( + unique int id: @wildcard_pat +); + +yeet_exprs( + unique int id: @yeet_expr +); + +#keyset[id, index] +yeet_expr_attrs( + int id: @yeet_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yeet_expr_exprs( + int id: @yeet_expr ref, + int expr: @expr ref +); + +yield_exprs( + unique int id: @yield_expr +); + +#keyset[id, index] +yield_expr_attrs( + int id: @yield_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yield_expr_exprs( + int id: @yield_expr ref, + int expr: @expr ref +); + +block_exprs( + unique int id: @block_expr +); + +#keyset[id, index] +block_expr_attrs( + int id: @block_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +block_expr_is_async( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_const( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_gen( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_move( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_try( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_unsafe( + int id: @block_expr ref +); + +#keyset[id] +block_expr_stmt_lists( + int id: @block_expr ref, + int stmt_list: @stmt_list ref +); + +call_exprs( + unique int id: @call_expr +); + +#keyset[id] +call_expr_functions( + int id: @call_expr ref, + int function: @expr ref +); + +consts( + unique int id: @const +); + +#keyset[id, index] +const_attrs( + int id: @const ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_bodies( + int id: @const ref, + int body: @expr ref +); + +#keyset[id] +const_is_const( + int id: @const ref +); + +#keyset[id] +const_is_default( + int id: @const ref +); + +#keyset[id] +const_names( + int id: @const ref, + int name: @name ref +); + +#keyset[id] +const_type_reprs( + int id: @const ref, + int type_repr: @type_repr ref +); + +#keyset[id] +const_visibilities( + int id: @const ref, + int visibility: @visibility ref +); + +enums( + unique int id: @enum +); + +#keyset[id, index] +enum_attrs( + int id: @enum ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +enum_generic_param_lists( + int id: @enum ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +enum_names( + int id: @enum ref, + int name: @name ref +); + +#keyset[id] +enum_variant_lists( + int id: @enum ref, + int variant_list: @variant_list ref +); + +#keyset[id] +enum_visibilities( + int id: @enum ref, + int visibility: @visibility ref +); + +#keyset[id] +enum_where_clauses( + int id: @enum ref, + int where_clause: @where_clause ref +); + +extern_blocks( + unique int id: @extern_block +); + +#keyset[id] +extern_block_abis( + int id: @extern_block ref, + int abi: @abi ref +); + +#keyset[id, index] +extern_block_attrs( + int id: @extern_block ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_block_extern_item_lists( + int id: @extern_block ref, + int extern_item_list: @extern_item_list ref +); + +#keyset[id] +extern_block_is_unsafe( + int id: @extern_block ref +); + +extern_crates( + unique int id: @extern_crate +); + +#keyset[id, index] +extern_crate_attrs( + int id: @extern_crate ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_crate_identifiers( + int id: @extern_crate ref, + int identifier: @name_ref ref +); + +#keyset[id] +extern_crate_renames( + int id: @extern_crate ref, + int rename: @rename ref +); + +#keyset[id] +extern_crate_visibilities( + int id: @extern_crate ref, + int visibility: @visibility ref +); + +functions( + unique int id: @function +); + +#keyset[id] +function_abis( + int id: @function ref, + int abi: @abi ref +); + +#keyset[id] +function_bodies( + int id: @function ref, + int body: @block_expr ref +); + +#keyset[id] +function_generic_param_lists( + int id: @function ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +function_is_async( + int id: @function ref +); + +#keyset[id] +function_is_const( + int id: @function ref +); + +#keyset[id] +function_is_default( + int id: @function ref +); + +#keyset[id] +function_is_gen( + int id: @function ref +); + +#keyset[id] +function_is_unsafe( + int id: @function ref +); + +#keyset[id] +function_names( + int id: @function ref, + int name: @name ref +); + +#keyset[id] +function_ret_types( + int id: @function ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +function_visibilities( + int id: @function ref, + int visibility: @visibility ref +); + +#keyset[id] +function_where_clauses( + int id: @function ref, + int where_clause: @where_clause ref +); + +impls( + unique int id: @impl +); + +#keyset[id] +impl_assoc_item_lists( + int id: @impl ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +impl_attrs( + int id: @impl ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +impl_generic_param_lists( + int id: @impl ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +impl_is_const( + int id: @impl ref +); + +#keyset[id] +impl_is_default( + int id: @impl ref +); + +#keyset[id] +impl_is_unsafe( + int id: @impl ref +); + +#keyset[id] +impl_self_ties( + int id: @impl ref, + int self_ty: @type_repr ref +); + +#keyset[id] +impl_traits( + int id: @impl ref, + int trait: @type_repr ref +); + +#keyset[id] +impl_visibilities( + int id: @impl ref, + int visibility: @visibility ref +); + +#keyset[id] +impl_where_clauses( + int id: @impl ref, + int where_clause: @where_clause ref +); + +@looping_expr = + @for_expr +| @loop_expr +| @while_expr +; + +#keyset[id] +looping_expr_loop_bodies( + int id: @looping_expr ref, + int loop_body: @block_expr ref +); + +macro_calls( + unique int id: @macro_call +); + +#keyset[id, index] +macro_call_attrs( + int id: @macro_call ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_call_paths( + int id: @macro_call ref, + int path: @path ref +); + +#keyset[id] +macro_call_token_trees( + int id: @macro_call ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_call_expandeds( + int id: @macro_call ref, + int expanded: @ast_node ref +); + +macro_defs( + unique int id: @macro_def +); + +#keyset[id] +macro_def_args( + int id: @macro_def ref, + int args: @token_tree ref +); + +#keyset[id, index] +macro_def_attrs( + int id: @macro_def ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_def_bodies( + int id: @macro_def ref, + int body: @token_tree ref +); + +#keyset[id] +macro_def_names( + int id: @macro_def ref, + int name: @name ref +); + +#keyset[id] +macro_def_visibilities( + int id: @macro_def ref, + int visibility: @visibility ref +); + +macro_rules( + unique int id: @macro_rules +); + +#keyset[id, index] +macro_rules_attrs( + int id: @macro_rules ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_rules_names( + int id: @macro_rules ref, + int name: @name ref +); + +#keyset[id] +macro_rules_token_trees( + int id: @macro_rules ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_rules_visibilities( + int id: @macro_rules ref, + int visibility: @visibility ref +); + +method_call_exprs( + unique int id: @method_call_expr +); + +#keyset[id] +method_call_expr_generic_arg_lists( + int id: @method_call_expr ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +method_call_expr_identifiers( + int id: @method_call_expr ref, + int identifier: @name_ref ref +); + +#keyset[id] +method_call_expr_receivers( + int id: @method_call_expr ref, + int receiver: @expr ref +); + +modules( + unique int id: @module +); + +#keyset[id, index] +module_attrs( + int id: @module ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +module_item_lists( + int id: @module ref, + int item_list: @item_list ref +); + +#keyset[id] +module_names( + int id: @module ref, + int name: @name ref +); + +#keyset[id] +module_visibilities( + int id: @module ref, + int visibility: @visibility ref +); + +path_exprs( + unique int id: @path_expr +); + +#keyset[id, index] +path_expr_attrs( + int id: @path_expr ref, + int index: int ref, + int attr: @attr ref +); + +path_pats( + unique int id: @path_pat +); + +statics( + unique int id: @static +); + +#keyset[id, index] +static_attrs( + int id: @static ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +static_bodies( + int id: @static ref, + int body: @expr ref +); + +#keyset[id] +static_is_mut( + int id: @static ref +); + +#keyset[id] +static_is_static( + int id: @static ref +); + +#keyset[id] +static_is_unsafe( + int id: @static ref +); + +#keyset[id] +static_names( + int id: @static ref, + int name: @name ref +); + +#keyset[id] +static_type_reprs( + int id: @static ref, + int type_repr: @type_repr ref +); + +#keyset[id] +static_visibilities( + int id: @static ref, + int visibility: @visibility ref +); + +structs( + unique int id: @struct +); + +#keyset[id, index] +struct_attrs( + int id: @struct ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_lists_( + int id: @struct ref, + int field_list: @field_list ref +); + +#keyset[id] +struct_generic_param_lists( + int id: @struct ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +struct_names( + int id: @struct ref, + int name: @name ref +); + +#keyset[id] +struct_visibilities( + int id: @struct ref, + int visibility: @visibility ref +); + +#keyset[id] +struct_where_clauses( + int id: @struct ref, + int where_clause: @where_clause ref +); + +struct_exprs( + unique int id: @struct_expr +); + +#keyset[id] +struct_expr_struct_expr_field_lists( + int id: @struct_expr ref, + int struct_expr_field_list: @struct_expr_field_list ref +); + +struct_pats( + unique int id: @struct_pat +); + +#keyset[id] +struct_pat_struct_pat_field_lists( + int id: @struct_pat ref, + int struct_pat_field_list: @struct_pat_field_list ref +); + +traits( + unique int id: @trait +); + +#keyset[id] +trait_assoc_item_lists( + int id: @trait ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +trait_attrs( + int id: @trait ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_generic_param_lists( + int id: @trait ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_is_auto( + int id: @trait ref +); + +#keyset[id] +trait_is_unsafe( + int id: @trait ref +); + +#keyset[id] +trait_names( + int id: @trait ref, + int name: @name ref +); + +#keyset[id] +trait_type_bound_lists( + int id: @trait ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_visibilities( + int id: @trait ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_where_clauses( + int id: @trait ref, + int where_clause: @where_clause ref +); + +trait_aliases( + unique int id: @trait_alias +); + +#keyset[id, index] +trait_alias_attrs( + int id: @trait_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_alias_generic_param_lists( + int id: @trait_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_alias_names( + int id: @trait_alias ref, + int name: @name ref +); + +#keyset[id] +trait_alias_type_bound_lists( + int id: @trait_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_alias_visibilities( + int id: @trait_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_alias_where_clauses( + int id: @trait_alias ref, + int where_clause: @where_clause ref +); + +tuple_struct_pats( + unique int id: @tuple_struct_pat +); + +#keyset[id, index] +tuple_struct_pat_fields( + int id: @tuple_struct_pat ref, + int index: int ref, + int field: @pat ref +); + +type_aliases( + unique int id: @type_alias +); + +#keyset[id, index] +type_alias_attrs( + int id: @type_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_alias_generic_param_lists( + int id: @type_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +type_alias_is_default( + int id: @type_alias ref +); + +#keyset[id] +type_alias_names( + int id: @type_alias ref, + int name: @name ref +); + +#keyset[id] +type_alias_type_reprs( + int id: @type_alias ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_alias_type_bound_lists( + int id: @type_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +type_alias_visibilities( + int id: @type_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +type_alias_where_clauses( + int id: @type_alias ref, + int where_clause: @where_clause ref +); + +unions( + unique int id: @union +); + +#keyset[id, index] +union_attrs( + int id: @union ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +union_generic_param_lists( + int id: @union ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +union_names( + int id: @union ref, + int name: @name ref +); + +#keyset[id] +union_struct_field_lists( + int id: @union ref, + int struct_field_list: @struct_field_list ref +); + +#keyset[id] +union_visibilities( + int id: @union ref, + int visibility: @visibility ref +); + +#keyset[id] +union_where_clauses( + int id: @union ref, + int where_clause: @where_clause ref +); + +uses( + unique int id: @use +); + +#keyset[id, index] +use_attrs( + int id: @use ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +use_use_trees( + int id: @use ref, + int use_tree: @use_tree ref +); + +#keyset[id] +use_visibilities( + int id: @use ref, + int visibility: @visibility ref +); + +for_exprs( + unique int id: @for_expr +); + +#keyset[id, index] +for_expr_attrs( + int id: @for_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +for_expr_iterables( + int id: @for_expr ref, + int iterable: @expr ref +); + +#keyset[id] +for_expr_pats( + int id: @for_expr ref, + int pat: @pat ref +); + +loop_exprs( + unique int id: @loop_expr +); + +#keyset[id, index] +loop_expr_attrs( + int id: @loop_expr ref, + int index: int ref, + int attr: @attr ref +); + +while_exprs( + unique int id: @while_expr +); + +#keyset[id, index] +while_expr_attrs( + int id: @while_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +while_expr_conditions( + int id: @while_expr ref, + int condition: @expr ref +); From f83f14bab2b81fa262e1896f62c84d85a5a4fb12 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Fri, 28 Mar 2025 16:31:01 +0100 Subject: [PATCH 078/409] C++: add calling convention specifier class --- cpp/ql/lib/semmle/code/cpp/Specifier.qll | 12 ++++++++++++ .../calling-convention/calling-convention.ql | 5 +++++ 2 files changed, 17 insertions(+) create mode 100644 cpp/ql/test/library-tests/calling-convention/calling-convention.ql diff --git a/cpp/ql/lib/semmle/code/cpp/Specifier.qll b/cpp/ql/lib/semmle/code/cpp/Specifier.qll index 2f1976d220c4..28ba21956561 100644 --- a/cpp/ql/lib/semmle/code/cpp/Specifier.qll +++ b/cpp/ql/lib/semmle/code/cpp/Specifier.qll @@ -97,6 +97,18 @@ class AccessSpecifier extends Specifier { override string getAPrimaryQlClass() { result = "AccessSpecifier" } } +/** + * A C/C++ calling convention specifier: `cdecl`, `fastcall`, `stdcall`, `thiscall`, + * `vectorcall`, or `clrcall`. + */ +class CallingConventionSpecifier extends Specifier { + CallingConventionSpecifier() { + this.hasName(["cdecl", "fastcall", "stdcall", "thiscall", "vectorcall", "clrcall"]) + } + + override string getAPrimaryQlClass() { result = "CallingConventionSpecifier" } +} + /** * An attribute introduced by GNU's `__attribute__((name))` syntax, * Microsoft's `__declspec(name)` syntax, Microsoft's `[name]` syntax, the diff --git a/cpp/ql/test/library-tests/calling-convention/calling-convention.ql b/cpp/ql/test/library-tests/calling-convention/calling-convention.ql new file mode 100644 index 000000000000..02e3b3af5ce0 --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/calling-convention.ql @@ -0,0 +1,5 @@ +import cpp + +from FunctionDeclarationEntry func, CallingConventionSpecifier ccs +where ccs.hasName(func.getASpecifier()) +select func, func.getASpecifier() From 9ec7f3c9a5587398a5796dd530f7fca2f1c79ed8 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 31 Mar 2025 11:57:32 +0200 Subject: [PATCH 079/409] C++: add test for calling conventions --- .../calling-convention.expected | 7 +++++++ .../library-tests/calling-convention/test.cpp | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 cpp/ql/test/library-tests/calling-convention/calling-convention.expected create mode 100644 cpp/ql/test/library-tests/calling-convention/test.cpp diff --git a/cpp/ql/test/library-tests/calling-convention/calling-convention.expected b/cpp/ql/test/library-tests/calling-convention/calling-convention.expected new file mode 100644 index 000000000000..a2dd41066169 --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/calling-convention.expected @@ -0,0 +1,7 @@ +| test.cpp:4:21:4:35 | definition of thiscall_method | thiscall | +| test.cpp:7:14:7:23 | definition of func_cdecl | cdecl | +| test.cpp:9:16:9:27 | definition of func_stdcall | stdcall | +| test.cpp:11:17:11:29 | definition of func_fastcall | fastcall | +| test.cpp:13:20:13:34 | definition of func_vectorcall | vectorcall | +| test.cpp:15:13:15:25 | definition of func_overload | cdecl | +| test.cpp:16:15:16:27 | definition of func_overload | stdcall | diff --git a/cpp/ql/test/library-tests/calling-convention/test.cpp b/cpp/ql/test/library-tests/calling-convention/test.cpp new file mode 100644 index 000000000000..982c3c0caea9 --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/test.cpp @@ -0,0 +1,16 @@ +// semmle-extractor-options: --microsoft + +struct call_conventions { + void __thiscall thiscall_method() {} +}; + +void __cdecl func_cdecl() {} + +void __stdcall func_stdcall() {} + +void __fastcall func_fastcall() {} + +void __vectorcall func_vectorcall() {} + +int __cdecl func_overload() {} +int __stdcall func_overload(int x) {} From ae555f2f2e3ac85dc7f2c2bff1330a8b016789ae Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 17:23:49 +0000 Subject: [PATCH 080/409] Rust: Add a test for uncontrolled allocation size. --- .../UncontrolledAllocationSize.expected | 0 .../CWE-770/UncontrolledAllocationSize.qlref | 4 + .../test/query-tests/security/CWE-770/main.rs | 223 ++++++++++++++++++ .../query-tests/security/CWE-770/options.yml | 3 + .../security/CWE-770/rust-toolchain.toml | 2 + 5 files changed, 232 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected create mode 100644 rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref create mode 100644 rust/ql/test/query-tests/security/CWE-770/main.rs create mode 100644 rust/ql/test/query-tests/security/CWE-770/options.yml create mode 100644 rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref new file mode 100644 index 000000000000..2e30becb92cd --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-770/UncontrolledAllocationSize.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql + - utils/test/PrettyPrintModels.ql diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs new file mode 100644 index 000000000000..c2a1eb111c33 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -0,0 +1,223 @@ +#![feature(alloc_layout_extra)] +#![feature(allocator_api)] +#![feature(try_with_capacity)] +#![feature(box_vec_non_null)] +#![feature(non_null_from_ref)] + +struct MyStruct { + _a: usize, + _b: i64, +} + +unsafe fn test_std_alloc_from_size(v: usize) { + let l1 = std::alloc::Layout::from_size_align(16, 1).unwrap(); + let m1 = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1.align_to(8).unwrap()); + let _ = std::alloc::alloc(l1.align_to(8).unwrap().pad_to_align()); + let _ = std::alloc::alloc_zeroed(l1); + let _ = std::alloc::realloc(m1, l1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? + let _ = std::alloc::alloc(l3); + + let l4 = std::alloc::Layout::from_size_align_unchecked(v, 1); + let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l5 = std::alloc::Layout::from_size_align_unchecked(v * std::mem::size_of::(), std::mem::size_of::()); + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let s6 = (std::mem::size_of::() * v) + 1; + let l6 = std::alloc::Layout::from_size_align_unchecked(s6, 4); + let _ = std::alloc::alloc(l6); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); + let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +unsafe fn test_std_alloc_new_repeat_extend(v: usize) { + let l1 = std::alloc::Layout::new::<[u8; 10]>(); + let _ = std::alloc::alloc(l1); + + let l2 = std::alloc::Layout::new::(); + let _ = std::alloc::alloc(l2); + let _ = std::alloc::alloc(l2.repeat(10).unwrap().0); + let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(10).unwrap()); + let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::array::(10).unwrap(); + let _ = std::alloc::alloc(l3); + let (k1, _offs1) = l3.repeat(v).expect("arithmetic overflow?"); + let _ = std::alloc::alloc(k1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let (k2, _offs2) = l3.extend(k1).unwrap(); + let _ = std::alloc::alloc(k2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let (k3, _offs3) = k1.extend(l3).unwrap(); + let _ = std::alloc::alloc(k3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l4 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +fn clamp(v: T, min: T, max: T) -> T { + if v < min { + return min; + } else if v > max { + return max; + } else { + return v; + } +} + +unsafe fn test_std_alloc_with_bounds(v: usize) { + let l1 = std::alloc::Layout::array::(v).unwrap(); + + if v < 100 { + let _ = std::alloc::alloc(l1); + } else { + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + if v == 100 { + let _ = std::alloc::alloc(l1); + } else { + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + { + let mut v_mut = v; + + if v_mut > 100 { + v_mut = 100; + } + + let l2 = std::alloc::Layout::array::(v_mut).unwrap(); + let _ = std::alloc::alloc(l2); + + let l3 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); + let _ = std::alloc::alloc(l4); + + let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); + let _ = std::alloc::alloc(l6); + + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + if v > 100 { + return; + } + let _ = std::alloc::alloc(l1); +} + +use std::alloc::{GlobalAlloc, Allocator}; + +unsafe fn test_system_alloc(v: usize) { + let l1 = std::alloc::Layout::array::(10).unwrap(); + let _ = std::alloc::System.alloc(l1); + let _ = std::alloc::System.alloc_zeroed(l1); + let _ = std::alloc::System.allocate(l1).unwrap(); + let _ = std::alloc::System.allocate_zeroed(l1).unwrap(); + let _ = std::alloc::Global.allocate(l1).unwrap(); + let _ = std::alloc::Global.allocate_zeroed(l1).unwrap(); + + let l2 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::System.alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::Global.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::array::(10).unwrap(); + let m3 = std::alloc::System.alloc(l3); + let _ = std::alloc::System.realloc(m3, l3, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l4 = std::alloc::Layout::array::(10).unwrap(); + let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l4)).unwrap(); + if v > 10 { + if v % 2 == 0 { + let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } else { + let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + } else { + let _ = std::alloc::System.shrink(m4, l4, l2).unwrap(); + } +} + +unsafe fn test_libc_alloc(v: usize) { + let m1 = libc::malloc(256); + let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::aligned_alloc(v, 8); + let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::calloc(v, std::mem::size_of::()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +unsafe fn test_vectors(v: usize) { + let _ = Vec::::try_with_capacity(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::with_capacity(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::try_with_capacity_in(v, std::alloc::Global).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::with_capacity_in(v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let mut v1 = Vec::::with_capacity(100); + v1.reserve(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.reserve_exact(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = v1.try_reserve(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = v1.try_reserve_exact(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.resize(v, 1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.set_len(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l2 = std::alloc::Layout::new::<[u64; 200]>(); + let m2 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts(m2, v, 200); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m3 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts(m3, 100, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts_in(m4, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m5 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts(m5, v, 200); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m6 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts(m6, 100, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m7 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts_in(m7, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +// --- main --- + +fn main() { + println!("--- begin ---"); + + let v = std::env::args().nth(1).unwrap_or("1024".to_string()).parse::().unwrap(); // $ Source=arg1 + + unsafe { + test_std_alloc_from_size(v); + test_std_alloc_new_repeat_extend(v); + test_std_alloc_with_bounds(v); + test_system_alloc(v); + test_libc_alloc(v); + test_vectors(v); + } + + println!("--- end ---"); +} diff --git a/rust/ql/test/query-tests/security/CWE-770/options.yml b/rust/ql/test/query-tests/security/CWE-770/options.yml new file mode 100644 index 000000000000..95a17a53b431 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/options.yml @@ -0,0 +1,3 @@ +qltest_cargo_check: true +qltest_dependencies: + - libc = { version = "0.2.11" } diff --git a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml new file mode 100644 index 000000000000..afeb59293258 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "nightly-2025-03-17" From 9409cd6ed7d0f9ee2fb3d863dda9df48831837f0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 18:32:43 +0000 Subject: [PATCH 081/409] Rust: Prototype query. --- .../UncontrolledAllocationSizeExtensions.qll | 34 ++++++++++++++ .../CWE-770/UncontrolledAllocationSize.ql | 44 +++++++++++++++++++ .../UncontrolledAllocationSize.expected | 4 ++ 3 files changed, 82 insertions(+) create mode 100644 rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll new file mode 100644 index 000000000000..bb0ffbb4e3c1 --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -0,0 +1,34 @@ +/** + * Provides classes and predicates for reasoning about uncontrolled allocation + * size vulnerabilities. + */ + +import rust +private import codeql.rust.Concepts +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSink + +/** + * Provides default sources, sinks and barriers for detecting uncontrolled + * allocation size vulnerabilities, as well as extension points for adding your own. + */ +module UncontrolledAllocationSize { + /** + * A data flow sink for uncontrolled allocation size vulnerabilities. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "UncontrolledAllocationSize" } + } + + /** + * A barrier for uncontrolled allocation size vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * sink for uncontrolled allocation size from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, ["alloc-size", "alloc-layout"]) } + } +} diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql new file mode 100644 index 000000000000..bbaaaf06a027 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql @@ -0,0 +1,44 @@ +/** + * @name Uncontrolled allocation size + * @description Allocating memory with a size controlled by an external user can result in + * arbitrary amounts of memory being allocated. + * @kind path-problem + * @problem.severity recommendation + * @security-severity 7.5 + * @precision high + * @id rust/uncontrolled-allocation-size + * @tags reliability + * security + * external/cwe/cwe-770 + * external/cwe/cwe-789 + */ + +import rust +import codeql.rust.Concepts +import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking +import codeql.rust.dataflow.internal.DataFlowImpl +import codeql.rust.security.UncontrolledAllocationSizeExtensions + +/** + * A taint-tracking configuration for uncontrolled allocation size vulnerabilities. + */ +module UncontrolledAllocationConfig implements DataFlow::ConfigSig { + import UncontrolledAllocationSize + + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } +} + +module UncontrolledAllocationFlow = TaintTracking::Global; + +import UncontrolledAllocationFlow::PathGraph + +from UncontrolledAllocationFlow::PathNode source, UncontrolledAllocationFlow::PathNode sink +where UncontrolledAllocationFlow::flowPath(source, sink) +select sink.getNode(), source, sink, + "This allocation size is derived from a $@ and could allocate arbitrary amounts of memory.", + source.getNode(), "user-provided value" diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index e69de29bb2d1..58f42bec0c84 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -0,0 +1,4 @@ +#select +edges +nodes +subpaths From 03f94de3cb70178c7c5da4c1ba9b2d300a316390 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 17:49:03 +0000 Subject: [PATCH 082/409] Rust: Add models. --- .../lib/codeql/rust/frameworks/libc.model.yml | 9 + .../frameworks/stdlib/lang-alloc.model.yml | 25 + .../frameworks/stdlib/lang-core.model.yml | 14 +- .../diagnostics/SummaryStats.expected | 2 +- .../UncontrolledAllocationSize.expected | 443 ++++++++++++++++++ .../test/query-tests/security/CWE-770/main.rs | 80 ++-- 6 files changed, 531 insertions(+), 42 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/libc.model.yml create mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml new file mode 100644 index 000000000000..f952656a21e5 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml new file mode 100644 index 000000000000..85cd97fb4629 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -0,0 +1,25 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + # Alloc + - ["lang:alloc", "crate::alloc::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "crate::alloc::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "crate::alloc::realloc", "Argument[2]", "alloc-size", "manual"] + - ["lang:std", "::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::allocate", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::grow", "Argument[2]", "alloc-layout", "manual"] + - ["lang:std", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] + - ["lang:alloc", "::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::allocate", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::grow", "Argument[2]", "alloc-layout", "manual"] + - ["lang:alloc", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index a2f6b15ab2cc..710949b07e0d 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -19,7 +19,19 @@ extensions: - ["lang:core", "::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["lang:core", "::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # ptr + # Layout + - ["lang:core", "::from_size_align", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["lang:core", "::array", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::repeat", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::repeat", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::repeat_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::repeat_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::extend", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::extend", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::extend_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::extend_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_volatile", "Argument[0].Reference", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index d34cd849069b..a8833f626807 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1675 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 58f42bec0c84..4dcc0f1b5583 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,4 +1,447 @@ #select +| main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:85:17:85:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:87:17:87:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:91:17:91:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:93:17:93:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:104:17:104:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:107:17:107:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:111:13:111:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:114:13:114:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:117:13:117:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:119:13:119:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:123:13:123:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:138:32:138:36 | alloc | main.rs:211:13:211:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:139:32:139:43 | alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:140:32:140:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:141:32:141:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:142:32:142:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:143:32:143:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:153:40:153:43 | grow | main.rs:211:13:211:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:155:40:155:50 | grow_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | edges +| main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | +| main.rs:18:41:18:41 | v | main.rs:20:50:20:50 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:29:60:29:60 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | +| main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | +| main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:22 | +| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | +| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | +| main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | +| main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | +| main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | +| main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | +| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | +| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | +| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | +| main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:27 | +| main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | +| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:19 | +| main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | +| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | +| main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:18 | +| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | +| main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | +| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:20 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:97:13:97:21 | mut v_mut | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:106:51:106:51 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:110:61:110:61 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:113:61:113:61 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | +| main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | +| main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | +| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | +| main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | +| main.rs:87:35:87:36 | l1 | main.rs:87:17:87:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:87:35:87:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | +| main.rs:87:35:87:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | +| main.rs:91:35:91:36 | l1 | main.rs:91:17:91:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:91:35:91:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | +| main.rs:93:35:93:36 | l1 | main.rs:93:17:93:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | +| main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | +| main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | +| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | +| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | +| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:31 | +| main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | +| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:30 | +| main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | +| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | +| main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | +| main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:119:31:119:32 | l1 | main.rs:119:13:119:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:119:31:119:32 | l1 | main.rs:123:31:123:32 | l1 | provenance | | +| main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | +| main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | +| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | +| main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | +| main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | +| main.rs:139:45:139:46 | l2 | main.rs:140:41:140:42 | l2 | provenance | | +| main.rs:140:41:140:42 | l2 | main.rs:140:32:140:39 | allocate | provenance | MaD:6 Sink:MaD:6 | +| main.rs:140:41:140:42 | l2 | main.rs:141:48:141:49 | l2 | provenance | | +| main.rs:141:48:141:49 | l2 | main.rs:141:32:141:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | +| main.rs:141:48:141:49 | l2 | main.rs:142:41:142:42 | l2 | provenance | | +| main.rs:142:41:142:42 | l2 | main.rs:142:32:142:39 | allocate | provenance | MaD:1 Sink:MaD:1 | +| main.rs:142:41:142:42 | l2 | main.rs:143:48:143:49 | l2 | provenance | | +| main.rs:143:48:143:49 | l2 | main.rs:143:32:143:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | +| main.rs:143:48:143:49 | l2 | main.rs:153:53:153:54 | l2 | provenance | | +| main.rs:143:48:143:49 | l2 | main.rs:155:60:155:61 | l2 | provenance | | +| main.rs:153:53:153:54 | l2 | main.rs:153:40:153:43 | grow | provenance | MaD:8 Sink:MaD:8 | +| main.rs:155:60:155:61 | l2 | main.rs:155:40:155:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | +| main.rs:162:27:162:34 | ...: usize | main.rs:164:26:164:26 | v | provenance | | +| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:164:26:164:26 | v | main.rs:165:36:165:36 | v | provenance | | +| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:165:36:165:36 | v | main.rs:167:30:167:30 | v | provenance | | +| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:167:30:167:30 | v | main.rs:168:26:168:26 | v | provenance | | +| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | +| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:211:9:211:9 | v | main.rs:214:34:214:34 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:215:42:215:42 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:216:36:216:36 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | +| main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:32 | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:26 | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:29 | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | +| main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:216:36:216:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | +| main.rs:217:27:217:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | +| main.rs:218:25:218:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +models +| 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | +| 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | +| 3 | Sink: lang:alloc; crate::alloc::alloc; alloc-layout; Argument[0] | +| 4 | Sink: lang:alloc; crate::alloc::alloc_zeroed; alloc-layout; Argument[0] | +| 5 | Sink: lang:alloc; crate::alloc::realloc; alloc-size; Argument[2] | +| 6 | Sink: lang:std; ::allocate; alloc-layout; Argument[0] | +| 7 | Sink: lang:std; ::allocate_zeroed; alloc-layout; Argument[0] | +| 8 | Sink: lang:std; ::grow; alloc-layout; Argument[2] | +| 9 | Sink: lang:std; ::grow_zeroed; alloc-layout; Argument[2] | +| 10 | Sink: lang:std; ::alloc; alloc-layout; Argument[0] | +| 11 | Sink: lang:std; ::alloc_zeroed; alloc-layout; Argument[0] | +| 12 | Sink: repo:https://github.com/rust-lang/libc:libc; ::aligned_alloc; alloc-size; Argument[1] | +| 13 | Sink: repo:https://github.com/rust-lang/libc:libc; ::calloc; alloc-size; Argument[0,1] | +| 14 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; alloc-size; Argument[0] | +| 15 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; alloc-size; Argument[1] | +| 16 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | +| 17 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 18 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 19 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 20 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 21 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 22 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 23 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 24 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 25 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 26 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | +| 27 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 28 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 29 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 30 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 31 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 32 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes +| main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | +| main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | +| main.rs:18:41:18:41 | v | semmle.label | v | +| main.rs:20:9:20:10 | l2 | semmle.label | l2 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:20:14:20:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:20:50:20:50 | v | semmle.label | v | +| main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:21:31:21:32 | l2 | semmle.label | l2 | +| main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | +| main.rs:24:38:24:39 | l2 | semmle.label | l2 | +| main.rs:29:9:29:10 | l4 | semmle.label | l4 | +| main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:29:60:29:60 | v | semmle.label | v | +| main.rs:30:13:30:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:30:31:30:32 | l4 | semmle.label | l4 | +| main.rs:32:9:32:10 | l5 | semmle.label | l5 | +| main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:32:60:32:89 | ... * ... | semmle.label | ... * ... | +| main.rs:33:13:33:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:33:31:33:32 | l5 | semmle.label | l5 | +| main.rs:35:9:35:10 | s6 | semmle.label | s6 | +| main.rs:36:9:36:10 | l6 | semmle.label | l6 | +| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:36:60:36:61 | s6 | semmle.label | s6 | +| main.rs:37:13:37:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:37:31:37:32 | l6 | semmle.label | l6 | +| main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | +| main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | +| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:50:31:50:53 | ... .0 | semmle.label | ... .0 | +| main.rs:50:41:50:41 | v | semmle.label | v | +| main.rs:51:13:51:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | +| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:51:31:51:57 | ... .0 | semmle.label | ... .0 | +| main.rs:51:41:51:45 | ... + ... | semmle.label | ... + ... | +| main.rs:53:13:53:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | +| main.rs:53:31:53:58 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:53:48:53:48 | v | semmle.label | v | +| main.rs:54:13:54:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | +| main.rs:54:31:54:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:54:48:54:53 | ... * ... | semmle.label | ... * ... | +| main.rs:58:9:58:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:58:10:58:11 | k1 | semmle.label | k1 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | semmle.label | l3.repeat(...) [Ok, tuple.0] | +| main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | semmle.label | ... .expect(...) [tuple.0] | +| main.rs:58:34:58:34 | v | semmle.label | v | +| main.rs:59:13:59:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:59:31:59:32 | k1 | semmle.label | k1 | +| main.rs:60:9:60:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:60:10:60:11 | k2 | semmle.label | k2 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | semmle.label | l3.extend(...) [Ok, tuple.0] | +| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:60:34:60:35 | k1 | semmle.label | k1 | +| main.rs:61:13:61:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:61:31:61:32 | k2 | semmle.label | k2 | +| main.rs:62:9:62:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:62:10:62:11 | k3 | semmle.label | k3 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | semmle.label | k1.extend(...) [Ok, tuple.0] | +| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:63:13:63:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:63:31:63:32 | k3 | semmle.label | k3 | +| main.rs:64:13:64:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | semmle.label | l3.extend_packed(...) [Ok] | +| main.rs:64:31:64:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:64:48:64:49 | k1 | semmle.label | k1 | +| main.rs:65:13:65:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | semmle.label | k1.extend_packed(...) [Ok] | +| main.rs:65:31:65:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:9:67:10 | l4 | semmle.label | l4 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:67:14:67:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:46:67:46 | v | semmle.label | v | +| main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:68:31:68:32 | l4 | semmle.label | l4 | +| main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | +| main.rs:77:9:77:16 | return v | semmle.label | return v | +| main.rs:81:38:81:45 | ...: usize | semmle.label | ...: usize | +| main.rs:82:9:82:10 | l1 | semmle.label | l1 | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:82:14:82:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:82:47:82:47 | v | semmle.label | v | +| main.rs:85:17:85:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:85:35:85:36 | l1 | semmle.label | l1 | +| main.rs:87:17:87:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:87:35:87:36 | l1 | semmle.label | l1 | +| main.rs:91:17:91:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:91:35:91:36 | l1 | semmle.label | l1 | +| main.rs:93:17:93:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:93:35:93:36 | l1 | semmle.label | l1 | +| main.rs:97:13:97:21 | mut v_mut | semmle.label | mut v_mut | +| main.rs:103:13:103:14 | l2 | semmle.label | l2 | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:103:18:103:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:103:51:103:55 | v_mut | semmle.label | v_mut | +| main.rs:104:17:104:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:104:35:104:36 | l2 | semmle.label | l2 | +| main.rs:106:13:106:14 | l3 | semmle.label | l3 | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:106:18:106:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:106:51:106:51 | v | semmle.label | v | +| main.rs:107:17:107:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:107:35:107:36 | l3 | semmle.label | l3 | +| main.rs:110:9:110:10 | l4 | semmle.label | l4 | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:110:14:110:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:110:47:110:67 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:110:61:110:61 | v | semmle.label | v | +| main.rs:111:13:111:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:111:31:111:32 | l4 | semmle.label | l4 | +| main.rs:113:9:113:10 | l5 | semmle.label | l5 | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:113:14:113:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:113:47:113:67 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:113:61:113:61 | v | semmle.label | v | +| main.rs:114:13:114:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:114:31:114:32 | l5 | semmle.label | l5 | +| main.rs:116:9:116:10 | l6 | semmle.label | l6 | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:116:14:116:72 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:116:47:116:62 | clamp(...) | semmle.label | clamp(...) | +| main.rs:116:53:116:53 | v | semmle.label | v | +| main.rs:117:13:117:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:117:31:117:32 | l6 | semmle.label | l6 | +| main.rs:119:13:119:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:119:31:119:32 | l1 | semmle.label | l1 | +| main.rs:123:13:123:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:123:31:123:32 | l1 | semmle.label | l1 | +| main.rs:128:29:128:36 | ...: usize | semmle.label | ...: usize | +| main.rs:137:9:137:10 | l2 | semmle.label | l2 | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:137:14:137:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:137:46:137:46 | v | semmle.label | v | +| main.rs:138:32:138:36 | alloc | semmle.label | alloc | +| main.rs:138:38:138:39 | l2 | semmle.label | l2 | +| main.rs:139:32:139:43 | alloc_zeroed | semmle.label | alloc_zeroed | +| main.rs:139:45:139:46 | l2 | semmle.label | l2 | +| main.rs:140:32:140:39 | allocate | semmle.label | allocate | +| main.rs:140:41:140:42 | l2 | semmle.label | l2 | +| main.rs:141:32:141:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:141:48:141:49 | l2 | semmle.label | l2 | +| main.rs:142:32:142:39 | allocate | semmle.label | allocate | +| main.rs:142:41:142:42 | l2 | semmle.label | l2 | +| main.rs:143:32:143:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:143:48:143:49 | l2 | semmle.label | l2 | +| main.rs:153:40:153:43 | grow | semmle.label | grow | +| main.rs:153:53:153:54 | l2 | semmle.label | l2 | +| main.rs:155:40:155:50 | grow_zeroed | semmle.label | grow_zeroed | +| main.rs:155:60:155:61 | l2 | semmle.label | l2 | +| main.rs:162:27:162:34 | ...: usize | semmle.label | ...: usize | +| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:164:26:164:26 | v | semmle.label | v | +| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:165:36:165:36 | v | semmle.label | v | +| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:167:30:167:30 | v | semmle.label | v | +| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:168:26:168:26 | v | semmle.label | v | +| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:169:31:169:31 | v | semmle.label | v | +| main.rs:211:9:211:9 | v | semmle.label | v | +| main.rs:211:13:211:26 | ...::args | semmle.label | ...::args | +| main.rs:211:13:211:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:211:13:211:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:214:34:214:34 | v | semmle.label | v | +| main.rs:215:42:215:42 | v | semmle.label | v | +| main.rs:216:36:216:36 | v | semmle.label | v | +| main.rs:217:27:217:27 | v | semmle.label | v | +| main.rs:218:25:218:25 | v | semmle.label | v | subpaths +| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index c2a1eb111c33..0af7d0eb5360 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -15,26 +15,26 @@ unsafe fn test_std_alloc_from_size(v: usize) { let _ = std::alloc::alloc(l1.align_to(8).unwrap()); let _ = std::alloc::alloc(l1.align_to(8).unwrap().pad_to_align()); let _ = std::alloc::alloc_zeroed(l1); - let _ = std::alloc::realloc(m1, l1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::realloc(m1, l1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? let _ = std::alloc::alloc(l3); let l4 = std::alloc::Layout::from_size_align_unchecked(v, 1); - let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l4); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l5 = std::alloc::Layout::from_size_align_unchecked(v * std::mem::size_of::(), std::mem::size_of::()); - let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let s6 = (std::mem::size_of::() * v) + 1; let l6 = std::alloc::Layout::from_size_align_unchecked(s6, 4); - let _ = std::alloc::alloc(l6); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l6); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] @@ -47,25 +47,25 @@ unsafe fn test_std_alloc_new_repeat_extend(v: usize) { let l2 = std::alloc::Layout::new::(); let _ = std::alloc::alloc(l2); let _ = std::alloc::alloc(l2.repeat(10).unwrap().0); - let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l2.repeat_packed(10).unwrap()); - let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(10).unwrap(); let _ = std::alloc::alloc(l3); let (k1, _offs1) = l3.repeat(v).expect("arithmetic overflow?"); - let _ = std::alloc::alloc(k1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let (k2, _offs2) = l3.extend(k1).unwrap(); - let _ = std::alloc::alloc(k2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let (k3, _offs3) = k1.extend(l3).unwrap(); - let _ = std::alloc::alloc(k3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l4 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l4); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } fn clamp(v: T, min: T, max: T) -> T { @@ -82,15 +82,15 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { let l1 = std::alloc::Layout::array::(v).unwrap(); if v < 100 { - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } if v == 100 { - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } { @@ -101,26 +101,26 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { } let l2 = std::alloc::Layout::array::(v_mut).unwrap(); - let _ = std::alloc::alloc(l2); + let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l4); + let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l6); + let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if v > 100 { return; } - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } use std::alloc::{GlobalAlloc, Allocator}; @@ -135,12 +135,12 @@ unsafe fn test_system_alloc(v: usize) { let _ = std::alloc::Global.allocate_zeroed(l1).unwrap(); let l2 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::System.alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::Global.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.allocate(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::Global.allocate(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(10).unwrap(); let m3 = std::alloc::System.alloc(l3); @@ -150,9 +150,9 @@ unsafe fn test_system_alloc(v: usize) { let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l4)).unwrap(); if v > 10 { if v % 2 == 0 { - let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } } else { let _ = std::alloc::System.shrink(m4, l4, l2).unwrap(); @@ -161,12 +161,12 @@ unsafe fn test_system_alloc(v: usize) { unsafe fn test_libc_alloc(v: usize) { let m1 = libc::malloc(256); - let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::malloc(v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::aligned_alloc(8, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = libc::aligned_alloc(v, 8); - let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::calloc(v, std::mem::size_of::()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::calloc(64, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::calloc(v, std::mem::size_of::()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::realloc(m1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_vectors(v: usize) { From e49c1afe72c249e32abd4740fcc0bb43c37648c0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 10:08:32 +0100 Subject: [PATCH 083/409] Rust: Add a few missing models. --- .../frameworks/stdlib/lang-core.model.yml | 3 + .../diagnostics/SummaryStats.expected | 2 +- .../UncontrolledAllocationSize.expected | 152 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 6 +- 4 files changed, 98 insertions(+), 65 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index 710949b07e0d..1f840626b3f1 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -31,6 +31,9 @@ extensions: - ["lang:core", "::extend", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] - ["lang:core", "::extend_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] - ["lang:core", "::extend_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::align_to", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:core", "::size", "Argument[self]", "ReturnValue", "taint", "manual"] # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index a8833f626807..787fc3ddbbea 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1675 | +| Taint edges - number of edges | 1677 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 4dcc0f1b5583..0d8c10db39fc 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,10 +1,13 @@ #select | main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | @@ -52,75 +55,87 @@ edges | main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | -| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:22 | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | +| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:22:31:22:53 | ... .unwrap(...) | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:23:31:23:53 | ... .unwrap(...) | main.rs:23:31:23:68 | ... .pad_to_align(...) | provenance | MaD:25 | +| main.rs:23:31:23:68 | ... .pad_to_align(...) | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | -| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | -| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | -| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size(...) | provenance | MaD:28 | +| main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | +| main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | +| main.rs:39:60:39:68 | l6.size(...) | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | +| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | -| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:27 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:30 | | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | -| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | | main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | -| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:19 | +| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:20 | | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | -| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:22 | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | -| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:18 | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:19 | | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | | main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:20 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | -| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | | main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | @@ -131,9 +146,9 @@ edges | main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | | main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | | main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | -| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | | main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | @@ -146,31 +161,31 @@ edges | main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | | main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | | main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | -| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | -| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | -| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | -| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:31 | +| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:34 | | main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | -| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | -| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:30 | +| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:33 | | main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | -| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | | main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | | main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | @@ -179,9 +194,9 @@ edges | main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | | main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | -| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | | main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | | main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | @@ -218,10 +233,10 @@ edges | main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | | main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | | main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:32 | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:26 | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:29 | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | | main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | | main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | @@ -245,22 +260,25 @@ models | 14 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; alloc-size; Argument[0] | | 15 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; alloc-size; Argument[1] | | 16 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | -| 17 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 18 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 19 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 20 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 21 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 22 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 23 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | -| 24 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 25 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 26 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | -| 27 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | -| 28 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | -| 29 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 30 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | -| 31 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | -| 32 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 17 | Summary: lang:core; ::align_to; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 18 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 19 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 20 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 21 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 22 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 23 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 24 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 25 | Summary: lang:core; ::pad_to_align; Argument[self]; ReturnValue; taint | +| 26 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 27 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 28 | Summary: lang:core; ::size; Argument[self]; ReturnValue; taint | +| 29 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | +| 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -271,6 +289,13 @@ nodes | main.rs:20:50:20:50 | v | semmle.label | v | | main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:21:31:21:32 | l2 | semmle.label | l2 | +| main.rs:22:13:22:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | +| main.rs:22:31:22:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:23:13:23:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | +| main.rs:23:31:23:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:23:31:23:68 | ... .pad_to_align(...) | semmle.label | ... .pad_to_align(...) | | main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | | main.rs:24:38:24:39 | l2 | semmle.label | l2 | | main.rs:29:9:29:10 | l4 | semmle.label | l4 | @@ -289,6 +314,11 @@ nodes | main.rs:36:60:36:61 | s6 | semmle.label | s6 | | main.rs:37:13:37:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:37:31:37:32 | l6 | semmle.label | l6 | +| main.rs:39:9:39:10 | l7 | semmle.label | l7 | +| main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:39:60:39:68 | l6.size(...) | semmle.label | l6.size(...) | +| main.rs:40:13:40:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:40:31:40:32 | l7 | semmle.label | l7 | | main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | | main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 0af7d0eb5360..d2b5c109fa77 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -19,8 +19,8 @@ unsafe fn test_std_alloc_from_size(v: usize) { let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? @@ -37,7 +37,7 @@ unsafe fn test_std_alloc_from_size(v: usize) { let _ = std::alloc::alloc(l6); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); - let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l7); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_new_repeat_extend(v: usize) { From 64aa4e8bae685efee1f4751c6bea20173dadb756 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Mar 2025 09:38:16 +0000 Subject: [PATCH 084/409] Rust: Ensure that the sinks for this query appear in metrics. --- rust/ql/src/queries/summary/Stats.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b415..119a53d7d722 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -15,6 +15,7 @@ private import codeql.rust.Concepts private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions +private import codeql.rust.security.UncontrolledAllocationSizeExtensions private import codeql.rust.security.regex.RegexInjectionExtensions /** From addc1d34d86860b220e674557ead9135dd60403c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Mar 2025 16:05:35 +0000 Subject: [PATCH 085/409] Rust: Add qhelp, examples, and tests of examples. --- .../CWE-770/UncontrolledAllocationSize.qhelp | 41 ++++ .../CWE-770/UncontrolledAllocationSizeBad.rs | 11 + .../CWE-770/UncontrolledAllocationSizeGood.rs | 17 ++ .../UncontrolledAllocationSize.expected | 210 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 52 +++++ 5 files changed, 255 insertions(+), 76 deletions(-) create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp new file mode 100644 index 000000000000..936c27619764 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp @@ -0,0 +1,41 @@ + + + + +

    Allocating memory with a size based on user input may allow arbitrary amounts of memory to be +allocated, leading to a crash or denial of service incident.

    + +

    If the user input is multiplied by a constant, such as the size of a type, the result may +overflow. In a build with the --release flag Rust performs two's complement wrapping, +with the result that less memory may be allocated than expected. This can lead to buffer overflow +incidents.

    + +     + + +

    Implement a guard to limit the amount of memory that is allocated, and reject the request if +the guard is not met. Ensure that any multiplications in the calculation cannot overflow, either +by guarding their inputs, or using a multiplication routine such as checked_mul that +does not wrap around.

    + +     + + +

    In the following example, an arbitrary amount of memory is allocated based on user input. In +addition, due to the multiplication operation the result may overflow if a very large value is +provided, leading to less memory being allocated than other parts of the program expect.

    + + +

    In the fixed example, the user input is checked against a maximum value. If the check fails an +error is returned, and both the multiplication and alloaction do not take place.

    + + +     + + +
  • The Rust Programming Language: Data Types - Integer Overflow.
    • + +     +     diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs new file mode 100644 index 000000000000..40794494f3bf --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs @@ -0,0 +1,11 @@ + +fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { + let num_bytes = user_input.parse::()? * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // BAD: uncontrolled allocation size + + Ok(buffer) + } +} diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs new file mode 100644 index 000000000000..c07584312890 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs @@ -0,0 +1,17 @@ + +const BUFFER_LIMIT: usize = 10 * 1024; + +fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { + let size = user_input.parse::()?; + if (size > BUFFER_LIMIT) { + return Err("Size exceeds limit".into()); + } + let num_bytes = size * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // GOOD + + Ok(buffer) + } +} diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 0d8c10db39fc..7ef8327b64ed 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,52 +1,54 @@ #select -| main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:22:13:22:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:23:13:23:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:40:13:40:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:54:13:54:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:59:13:59:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:61:13:61:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:63:13:63:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:64:13:64:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:65:13:65:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:68:13:68:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:85:17:85:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:87:17:87:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:91:17:91:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:93:17:93:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:104:17:104:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:107:17:107:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:111:13:111:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:114:13:114:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:117:13:117:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:119:13:119:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:123:13:123:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:138:32:138:36 | alloc | main.rs:211:13:211:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:139:32:139:43 | alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:140:32:140:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:141:32:141:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:142:32:142:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:143:32:143:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:153:40:153:43 | grow | main.rs:211:13:211:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:155:40:155:50 | grow_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:18:13:18:31 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:85:17:85:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:87:17:87:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:91:17:91:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:93:17:93:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:104:17:104:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:107:17:107:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:111:13:111:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:114:13:114:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:117:13:117:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:119:13:119:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:123:13:123:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:138:32:138:36 | alloc | main.rs:262:13:262:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:139:32:139:43 | alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:140:32:140:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:141:32:141:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:142:32:142:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:143:32:143:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:153:40:153:43 | grow | main.rs:262:13:262:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:155:40:155:50 | grow_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:229:22:229:38 | ...::alloc | main.rs:253:25:253:38 | ...::args | main.rs:229:22:229:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:253:25:253:38 | ...::args | user-provided value | +| main.rs:246:22:246:38 | ...::alloc | main.rs:254:26:254:39 | ...::args | main.rs:246:22:246:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:254:26:254:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -227,22 +229,49 @@ edges | main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | | main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:211:9:211:9 | v | main.rs:214:34:214:34 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:215:42:215:42 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:216:36:216:36 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | -| main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | -| main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | -| main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | -| main.rs:216:36:216:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | -| main.rs:217:27:217:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | -| main.rs:218:25:218:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +| main.rs:224:24:224:41 | ...: String | main.rs:225:21:225:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:225:9:225:17 | num_bytes | main.rs:227:54:227:62 | num_bytes | provenance | | +| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | main.rs:225:21:225:48 | TryExpr | provenance | | +| main.rs:225:21:225:48 | TryExpr | main.rs:225:9:225:17 | num_bytes | provenance | | +| main.rs:227:9:227:14 | layout | main.rs:229:40:229:45 | layout | provenance | | +| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | main.rs:227:18:227:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:227:18:227:75 | ... .unwrap(...) | main.rs:227:9:227:14 | layout | provenance | | +| main.rs:227:54:227:62 | num_bytes | main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:229:40:229:45 | layout | main.rs:229:22:229:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:237:25:237:42 | ...: String | main.rs:238:16:238:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:238:9:238:12 | size | main.rs:242:9:242:17 | num_bytes | provenance | | +| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | main.rs:238:16:238:43 | TryExpr | provenance | | +| main.rs:238:16:238:43 | TryExpr | main.rs:238:9:238:12 | size | provenance | | +| main.rs:242:9:242:17 | num_bytes | main.rs:244:54:244:62 | num_bytes | provenance | | +| main.rs:244:9:244:14 | layout | main.rs:246:40:246:45 | layout | provenance | | +| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | main.rs:244:18:244:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:244:18:244:75 | ... .unwrap(...) | main.rs:244:9:244:14 | layout | provenance | | +| main.rs:244:54:244:62 | num_bytes | main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:246:40:246:45 | layout | main.rs:246:22:246:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:253:25:253:38 | ...::args | main.rs:253:25:253:40 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:253:25:253:40 | ...::args(...) [element] | main.rs:253:25:253:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:253:25:253:47 | ... .nth(...) [Some] | main.rs:253:25:253:74 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:253:25:253:74 | ... .unwrap_or(...) | main.rs:224:24:224:41 | ...: String | provenance | | +| main.rs:254:26:254:39 | ...::args | main.rs:254:26:254:41 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:254:26:254:41 | ...::args(...) [element] | main.rs:254:26:254:48 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:254:26:254:48 | ... .nth(...) [Some] | main.rs:254:26:254:75 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:254:26:254:75 | ... .unwrap_or(...) | main.rs:237:25:237:42 | ...: String | provenance | | +| main.rs:262:9:262:9 | v | main.rs:265:34:265:34 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:266:42:266:42 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:267:36:267:36 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:268:27:268:27 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:269:25:269:25 | v | provenance | | +| main.rs:262:13:262:26 | ...::args | main.rs:262:13:262:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:262:13:262:28 | ...::args(...) [element] | main.rs:262:13:262:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:262:13:262:35 | ... .nth(...) [Some] | main.rs:262:13:262:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:262:13:262:65 | ... .unwrap_or(...) | main.rs:262:13:262:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:262:13:262:82 | ... .parse(...) [Ok] | main.rs:262:13:262:91 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:262:13:262:91 | ... .unwrap(...) | main.rs:262:9:262:9 | v | provenance | | +| main.rs:265:34:265:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:266:42:266:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:267:36:267:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | +| main.rs:268:27:268:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | +| main.rs:269:25:269:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | models | 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | | 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | @@ -461,17 +490,46 @@ nodes | main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:169:31:169:31 | v | semmle.label | v | -| main.rs:211:9:211:9 | v | semmle.label | v | -| main.rs:211:13:211:26 | ...::args | semmle.label | ...::args | -| main.rs:211:13:211:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:211:13:211:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:214:34:214:34 | v | semmle.label | v | -| main.rs:215:42:215:42 | v | semmle.label | v | -| main.rs:216:36:216:36 | v | semmle.label | v | -| main.rs:217:27:217:27 | v | semmle.label | v | -| main.rs:218:25:218:25 | v | semmle.label | v | +| main.rs:224:24:224:41 | ...: String | semmle.label | ...: String | +| main.rs:225:9:225:17 | num_bytes | semmle.label | num_bytes | +| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:225:21:225:48 | TryExpr | semmle.label | TryExpr | +| main.rs:227:9:227:14 | layout | semmle.label | layout | +| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:227:18:227:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:227:54:227:62 | num_bytes | semmle.label | num_bytes | +| main.rs:229:22:229:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:229:40:229:45 | layout | semmle.label | layout | +| main.rs:237:25:237:42 | ...: String | semmle.label | ...: String | +| main.rs:238:9:238:12 | size | semmle.label | size | +| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:238:16:238:43 | TryExpr | semmle.label | TryExpr | +| main.rs:242:9:242:17 | num_bytes | semmle.label | num_bytes | +| main.rs:244:9:244:14 | layout | semmle.label | layout | +| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:244:18:244:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:244:54:244:62 | num_bytes | semmle.label | num_bytes | +| main.rs:246:22:246:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:246:40:246:45 | layout | semmle.label | layout | +| main.rs:253:25:253:38 | ...::args | semmle.label | ...::args | +| main.rs:253:25:253:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:253:25:253:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:253:25:253:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:254:26:254:39 | ...::args | semmle.label | ...::args | +| main.rs:254:26:254:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:254:26:254:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:254:26:254:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:262:9:262:9 | v | semmle.label | v | +| main.rs:262:13:262:26 | ...::args | semmle.label | ...::args | +| main.rs:262:13:262:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:262:13:262:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:262:13:262:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:262:13:262:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:262:13:262:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:265:34:265:34 | v | semmle.label | v | +| main.rs:266:42:266:42 | v | semmle.label | v | +| main.rs:267:36:267:36 | v | semmle.label | v | +| main.rs:268:27:268:27 | v | semmle.label | v | +| main.rs:269:25:269:25 | v | semmle.label | v | subpaths | main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index d2b5c109fa77..a699767dc1a8 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -203,6 +203,57 @@ unsafe fn test_vectors(v: usize) { let _ = Vec::::from_raw_parts_in(m7, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] } +// --- examples from the qhelp --- + +struct Error { + msg: String, +} + +impl From for Error { + fn from(err: std::num::ParseIntError) -> Self { + Error { msg: "ParseIntError".to_string() } + } +} + +impl From<&str> for Error { + fn from(msg: &str) -> Self { + Error { msg: msg.to_string() } + } +} + +fn allocate_buffer_bad(user_input: String) -> Result<*mut u8, Error> { + let num_bytes = user_input.parse::()? * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=example1 + + Ok(buffer) + } +} + +const BUFFER_LIMIT: usize = 10 * 1024; + +fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { + let size = user_input.parse::()?; + if (size > BUFFER_LIMIT) { + return Err("Size exceeds limit".into()); + } + let num_bytes = size * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=example2 + + Ok(buffer) + } +} + +fn test_examples() { + allocate_buffer_bad(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example1 + allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example2 +} + // --- main --- fn main() { @@ -217,6 +268,7 @@ fn main() { test_system_alloc(v); test_libc_alloc(v); test_vectors(v); + test_examples(); } println!("--- end ---"); From cdd5cb05237dd1300945f4888af1a1236fe53063 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:28:10 +0100 Subject: [PATCH 086/409] Rust: More test cases for bounds / guards. --- .../UncontrolledAllocationSize.expected | 780 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 83 +- 2 files changed, 537 insertions(+), 326 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 7ef8327b64ed..cca67133563a 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,54 +1,66 @@ #select -| main.rs:18:13:18:31 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:21:13:21:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:22:13:22:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:23:13:23:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:30:13:30:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:33:13:33:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:37:13:37:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:40:13:40:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:50:13:50:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:51:13:51:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:53:13:53:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:54:13:54:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:59:13:59:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:61:13:61:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:63:13:63:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:64:13:64:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:65:13:65:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:68:13:68:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:85:17:85:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:87:17:87:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:91:17:91:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:93:17:93:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:104:17:104:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:107:17:107:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:111:13:111:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:114:13:114:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:117:13:117:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:119:13:119:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:123:13:123:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:138:32:138:36 | alloc | main.rs:262:13:262:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:139:32:139:43 | alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:140:32:140:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:141:32:141:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:142:32:142:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:143:32:143:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:153:40:153:43 | grow | main.rs:262:13:262:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:155:40:155:50 | grow_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:229:22:229:38 | ...::alloc | main.rs:253:25:253:38 | ...::args | main.rs:229:22:229:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:253:25:253:38 | ...::args | user-provided value | -| main.rs:246:22:246:38 | ...::alloc | main.rs:254:26:254:39 | ...::args | main.rs:246:22:246:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:254:26:254:39 | ...::args | user-provided value | +| main.rs:18:13:18:31 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:83:13:83:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:83:13:83:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:97:17:97:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:97:17:97:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:116:17:116:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:116:17:116:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:121:17:121:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:121:17:121:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:126:17:126:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:126:17:126:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:135:13:135:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:135:13:135:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:147:17:147:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:147:17:147:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:158:13:158:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:158:13:158:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:170:17:170:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:170:17:170:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:178:13:178:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:178:13:178:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:196:32:196:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:196:32:196:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:197:32:197:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:197:32:197:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:198:32:198:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:198:32:198:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:208:40:208:43 | grow | main.rs:317:13:317:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | +| main.rs:301:22:301:38 | ...::alloc | main.rs:309:26:309:39 | ...::args | main.rs:301:22:301:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:309:26:309:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -140,138 +152,210 @@ edges | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:97:13:97:21 | mut v_mut | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:106:51:106:51 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:110:61:110:61 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:113:61:113:61 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | -| main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | -| main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | -| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | -| main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | -| main.rs:87:35:87:36 | l1 | main.rs:87:17:87:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:87:35:87:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | -| main.rs:87:35:87:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | -| main.rs:91:35:91:36 | l1 | main.rs:91:17:91:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:91:35:91:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | -| main.rs:93:35:93:36 | l1 | main.rs:93:17:93:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | -| main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | -| main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | -| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | -| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | -| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:34 | -| main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | -| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:33 | -| main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | -| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | -| main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | -| main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:119:31:119:32 | l1 | main.rs:119:13:119:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:119:31:119:32 | l1 | main.rs:123:31:123:32 | l1 | provenance | | -| main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | -| main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | -| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | -| main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | -| main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | -| main.rs:139:45:139:46 | l2 | main.rs:140:41:140:42 | l2 | provenance | | -| main.rs:140:41:140:42 | l2 | main.rs:140:32:140:39 | allocate | provenance | MaD:6 Sink:MaD:6 | -| main.rs:140:41:140:42 | l2 | main.rs:141:48:141:49 | l2 | provenance | | -| main.rs:141:48:141:49 | l2 | main.rs:141:32:141:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | -| main.rs:141:48:141:49 | l2 | main.rs:142:41:142:42 | l2 | provenance | | -| main.rs:142:41:142:42 | l2 | main.rs:142:32:142:39 | allocate | provenance | MaD:1 Sink:MaD:1 | -| main.rs:142:41:142:42 | l2 | main.rs:143:48:143:49 | l2 | provenance | | -| main.rs:143:48:143:49 | l2 | main.rs:143:32:143:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | -| main.rs:143:48:143:49 | l2 | main.rs:153:53:153:54 | l2 | provenance | | -| main.rs:143:48:143:49 | l2 | main.rs:155:60:155:61 | l2 | provenance | | -| main.rs:153:53:153:54 | l2 | main.rs:153:40:153:43 | grow | provenance | MaD:8 Sink:MaD:8 | -| main.rs:155:60:155:61 | l2 | main.rs:155:40:155:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | -| main.rs:162:27:162:34 | ...: usize | main.rs:164:26:164:26 | v | provenance | | -| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:164:26:164:26 | v | main.rs:165:36:165:36 | v | provenance | | -| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:165:36:165:36 | v | main.rs:167:30:167:30 | v | provenance | | -| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:167:30:167:30 | v | main.rs:168:26:168:26 | v | provenance | | -| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | -| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:224:24:224:41 | ...: String | main.rs:225:21:225:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:225:9:225:17 | num_bytes | main.rs:227:54:227:62 | num_bytes | provenance | | -| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | main.rs:225:21:225:48 | TryExpr | provenance | | -| main.rs:225:21:225:48 | TryExpr | main.rs:225:9:225:17 | num_bytes | provenance | | -| main.rs:227:9:227:14 | layout | main.rs:229:40:229:45 | layout | provenance | | -| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | main.rs:227:18:227:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:227:18:227:75 | ... .unwrap(...) | main.rs:227:9:227:14 | layout | provenance | | -| main.rs:227:54:227:62 | num_bytes | main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:229:40:229:45 | layout | main.rs:229:22:229:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:237:25:237:42 | ...: String | main.rs:238:16:238:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:238:9:238:12 | size | main.rs:242:9:242:17 | num_bytes | provenance | | -| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | main.rs:238:16:238:43 | TryExpr | provenance | | -| main.rs:238:16:238:43 | TryExpr | main.rs:238:9:238:12 | size | provenance | | -| main.rs:242:9:242:17 | num_bytes | main.rs:244:54:244:62 | num_bytes | provenance | | -| main.rs:244:9:244:14 | layout | main.rs:246:40:246:45 | layout | provenance | | -| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | main.rs:244:18:244:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:244:18:244:75 | ... .unwrap(...) | main.rs:244:9:244:14 | layout | provenance | | -| main.rs:244:54:244:62 | num_bytes | main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:246:40:246:45 | layout | main.rs:246:22:246:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:253:25:253:38 | ...::args | main.rs:253:25:253:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:253:25:253:40 | ...::args(...) [element] | main.rs:253:25:253:47 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:253:25:253:47 | ... .nth(...) [Some] | main.rs:253:25:253:74 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:253:25:253:74 | ... .unwrap_or(...) | main.rs:224:24:224:41 | ...: String | provenance | | -| main.rs:254:26:254:39 | ...::args | main.rs:254:26:254:41 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:254:26:254:41 | ...::args(...) [element] | main.rs:254:26:254:48 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:254:26:254:48 | ... .nth(...) [Some] | main.rs:254:26:254:75 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:254:26:254:75 | ... .unwrap_or(...) | main.rs:237:25:237:42 | ...: String | provenance | | -| main.rs:262:9:262:9 | v | main.rs:265:34:265:34 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:266:42:266:42 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:267:36:267:36 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:268:27:268:27 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:269:25:269:25 | v | provenance | | -| main.rs:262:13:262:26 | ...::args | main.rs:262:13:262:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:262:13:262:28 | ...::args(...) [element] | main.rs:262:13:262:35 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:262:13:262:35 | ... .nth(...) [Some] | main.rs:262:13:262:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:262:13:262:65 | ... .unwrap_or(...) | main.rs:262:13:262:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:262:13:262:82 | ... .parse(...) [Ok] | main.rs:262:13:262:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:262:13:262:91 | ... .unwrap(...) | main.rs:262:9:262:9 | v | provenance | | -| main.rs:265:34:265:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | -| main.rs:266:42:266:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | -| main.rs:267:36:267:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | -| main.rs:268:27:268:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | -| main.rs:269:25:269:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +| main.rs:81:33:81:40 | ...: usize | main.rs:82:54:82:54 | v | provenance | | +| main.rs:82:9:82:14 | layout | main.rs:83:31:83:36 | layout | provenance | | +| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | main.rs:82:18:82:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:82:18:82:67 | ... .unwrap(...) | main.rs:82:9:82:14 | layout | provenance | | +| main.rs:82:54:82:54 | v | main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:83:31:83:36 | layout | main.rs:83:13:83:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | +| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:95:51:95:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:99:31:99:31 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:115:54:115:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:120:54:120:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:125:54:125:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:131:50:131:50 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:138:13:138:21 | mut v_mut | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:157:54:157:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:168:55:168:55 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:176:51:176:51 | v | provenance | | +| main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | +| main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | +| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:95:13:95:14 | l2 | main.rs:97:35:97:36 | l2 | provenance | | +| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | main.rs:95:18:95:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:95:18:95:61 | ... .unwrap(...) | main.rs:95:13:95:14 | l2 | provenance | | +| main.rs:95:51:95:51 | v | main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | +| main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:97:35:97:36 | l2 | main.rs:97:17:97:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:99:31:99:31 | v | main.rs:81:33:81:40 | ...: usize | provenance | | +| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | +| main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | +| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:115:13:115:14 | l4 | main.rs:116:35:116:36 | l4 | provenance | | +| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | main.rs:115:18:115:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:115:18:115:67 | ... .unwrap(...) | main.rs:115:13:115:14 | l4 | provenance | | +| main.rs:115:54:115:54 | v | main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:116:35:116:36 | l4 | main.rs:116:17:116:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:120:13:120:14 | l5 | main.rs:121:35:121:36 | l5 | provenance | | +| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | main.rs:120:18:120:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:120:18:120:67 | ... .unwrap(...) | main.rs:120:13:120:14 | l5 | provenance | | +| main.rs:120:54:120:54 | v | main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:121:35:121:36 | l5 | main.rs:121:17:121:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:125:13:125:14 | l6 | main.rs:126:35:126:36 | l6 | provenance | | +| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | main.rs:125:18:125:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:125:18:125:67 | ... .unwrap(...) | main.rs:125:13:125:14 | l6 | provenance | | +| main.rs:125:54:125:54 | v | main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:126:35:126:36 | l6 | main.rs:126:17:126:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:131:9:131:10 | l7 | main.rs:135:31:135:32 | l7 | provenance | | +| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | main.rs:131:14:131:63 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:131:14:131:63 | ... .unwrap(...) | main.rs:131:9:131:10 | l7 | provenance | | +| main.rs:131:50:131:50 | v | main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:135:31:135:32 | l7 | main.rs:135:13:135:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:138:13:138:21 | mut v_mut | main.rs:144:51:144:55 | v_mut | provenance | | +| main.rs:144:13:144:14 | l8 | main.rs:147:35:147:36 | l8 | provenance | | +| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | main.rs:144:18:144:65 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:144:18:144:65 | ... .unwrap(...) | main.rs:144:13:144:14 | l8 | provenance | | +| main.rs:144:51:144:55 | v_mut | main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | +| main.rs:147:35:147:36 | l8 | main.rs:147:17:147:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:157:9:157:11 | l12 | main.rs:158:31:158:33 | l12 | provenance | | +| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | main.rs:157:15:157:73 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:157:15:157:73 | ... .unwrap(...) | main.rs:157:9:157:11 | l12 | provenance | | +| main.rs:157:48:157:63 | clamp(...) | main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | provenance | | +| main.rs:157:54:157:54 | v | main.rs:157:48:157:63 | clamp(...) | provenance | | +| main.rs:158:31:158:33 | l12 | main.rs:158:13:158:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | +| main.rs:168:13:168:15 | l14 | main.rs:170:35:170:37 | l14 | provenance | | +| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | main.rs:168:19:168:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:168:19:168:68 | ... .unwrap(...) | main.rs:168:13:168:15 | l14 | provenance | | +| main.rs:168:55:168:55 | v | main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:170:35:170:37 | l14 | main.rs:170:17:170:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:176:9:176:11 | l15 | main.rs:178:31:178:33 | l15 | provenance | | +| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | main.rs:176:15:176:64 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:176:15:176:64 | ... .unwrap(...) | main.rs:176:9:176:11 | l15 | provenance | | +| main.rs:176:51:176:51 | v | main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:178:31:178:33 | l15 | main.rs:178:13:178:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | +| main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:192:14:192:56 | ... .unwrap(...) | main.rs:192:9:192:10 | l2 | provenance | | +| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | +| main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | +| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | +| main.rs:194:45:194:46 | l2 | main.rs:195:41:195:42 | l2 | provenance | | +| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:6 Sink:MaD:6 | +| main.rs:195:41:195:42 | l2 | main.rs:196:48:196:49 | l2 | provenance | | +| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | +| main.rs:196:48:196:49 | l2 | main.rs:197:41:197:42 | l2 | provenance | | +| main.rs:197:41:197:42 | l2 | main.rs:197:32:197:39 | allocate | provenance | MaD:1 Sink:MaD:1 | +| main.rs:197:41:197:42 | l2 | main.rs:198:48:198:49 | l2 | provenance | | +| main.rs:198:48:198:49 | l2 | main.rs:198:32:198:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | +| main.rs:198:48:198:49 | l2 | main.rs:208:53:208:54 | l2 | provenance | | +| main.rs:198:48:198:49 | l2 | main.rs:210:60:210:61 | l2 | provenance | | +| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:8 Sink:MaD:8 | +| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | +| main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | +| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | +| main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | +| main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | +| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:292:25:292:42 | ...: String | main.rs:293:16:293:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:293:9:293:12 | size | main.rs:297:9:297:17 | num_bytes | provenance | | +| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | main.rs:293:16:293:43 | TryExpr | provenance | | +| main.rs:293:16:293:43 | TryExpr | main.rs:293:9:293:12 | size | provenance | | +| main.rs:297:9:297:17 | num_bytes | main.rs:299:54:299:62 | num_bytes | provenance | | +| main.rs:299:9:299:14 | layout | main.rs:301:40:301:45 | layout | provenance | | +| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | main.rs:299:18:299:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:299:18:299:75 | ... .unwrap(...) | main.rs:299:9:299:14 | layout | provenance | | +| main.rs:299:54:299:62 | num_bytes | main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:301:40:301:45 | layout | main.rs:301:22:301:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | +| main.rs:309:26:309:39 | ...::args | main.rs:309:26:309:41 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:309:26:309:41 | ...::args(...) [element] | main.rs:309:26:309:48 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:309:26:309:48 | ... .nth(...) [Some] | main.rs:309:26:309:75 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:309:26:309:75 | ... .unwrap_or(...) | main.rs:292:25:292:42 | ...: String | provenance | | +| main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | +| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:317:13:317:91 | ... .unwrap(...) | main.rs:317:9:317:9 | v | provenance | | +| main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | +| main.rs:323:27:323:27 | v | main.rs:183:29:183:36 | ...: usize | provenance | | +| main.rs:324:25:324:25 | v | main.rs:217:27:217:34 | ...: usize | provenance | | models | 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | | 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | @@ -402,134 +486,206 @@ nodes | main.rs:68:31:68:32 | l4 | semmle.label | l4 | | main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | | main.rs:77:9:77:16 | return v | semmle.label | return v | -| main.rs:81:38:81:45 | ...: usize | semmle.label | ...: usize | -| main.rs:82:9:82:10 | l1 | semmle.label | l1 | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:82:14:82:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:82:47:82:47 | v | semmle.label | v | -| main.rs:85:17:85:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:85:35:85:36 | l1 | semmle.label | l1 | -| main.rs:87:17:87:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:87:35:87:36 | l1 | semmle.label | l1 | -| main.rs:91:17:91:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:91:35:91:36 | l1 | semmle.label | l1 | -| main.rs:93:17:93:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:93:35:93:36 | l1 | semmle.label | l1 | -| main.rs:97:13:97:21 | mut v_mut | semmle.label | mut v_mut | -| main.rs:103:13:103:14 | l2 | semmle.label | l2 | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:103:18:103:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:103:51:103:55 | v_mut | semmle.label | v_mut | -| main.rs:104:17:104:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:104:35:104:36 | l2 | semmle.label | l2 | -| main.rs:106:13:106:14 | l3 | semmle.label | l3 | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:106:18:106:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:106:51:106:51 | v | semmle.label | v | -| main.rs:107:17:107:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:107:35:107:36 | l3 | semmle.label | l3 | -| main.rs:110:9:110:10 | l4 | semmle.label | l4 | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:110:14:110:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:110:47:110:67 | ...::min(...) | semmle.label | ...::min(...) | -| main.rs:110:61:110:61 | v | semmle.label | v | -| main.rs:111:13:111:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:111:31:111:32 | l4 | semmle.label | l4 | -| main.rs:113:9:113:10 | l5 | semmle.label | l5 | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:113:14:113:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:113:47:113:67 | ...::max(...) | semmle.label | ...::max(...) | -| main.rs:113:61:113:61 | v | semmle.label | v | -| main.rs:114:13:114:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:114:31:114:32 | l5 | semmle.label | l5 | -| main.rs:116:9:116:10 | l6 | semmle.label | l6 | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:116:14:116:72 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:116:47:116:62 | clamp(...) | semmle.label | clamp(...) | -| main.rs:116:53:116:53 | v | semmle.label | v | -| main.rs:117:13:117:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:117:31:117:32 | l6 | semmle.label | l6 | -| main.rs:119:13:119:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:119:31:119:32 | l1 | semmle.label | l1 | -| main.rs:123:13:123:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:123:31:123:32 | l1 | semmle.label | l1 | -| main.rs:128:29:128:36 | ...: usize | semmle.label | ...: usize | -| main.rs:137:9:137:10 | l2 | semmle.label | l2 | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:137:14:137:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:137:46:137:46 | v | semmle.label | v | -| main.rs:138:32:138:36 | alloc | semmle.label | alloc | -| main.rs:138:38:138:39 | l2 | semmle.label | l2 | -| main.rs:139:32:139:43 | alloc_zeroed | semmle.label | alloc_zeroed | -| main.rs:139:45:139:46 | l2 | semmle.label | l2 | -| main.rs:140:32:140:39 | allocate | semmle.label | allocate | -| main.rs:140:41:140:42 | l2 | semmle.label | l2 | -| main.rs:141:32:141:46 | allocate_zeroed | semmle.label | allocate_zeroed | -| main.rs:141:48:141:49 | l2 | semmle.label | l2 | -| main.rs:142:32:142:39 | allocate | semmle.label | allocate | -| main.rs:142:41:142:42 | l2 | semmle.label | l2 | -| main.rs:143:32:143:46 | allocate_zeroed | semmle.label | allocate_zeroed | -| main.rs:143:48:143:49 | l2 | semmle.label | l2 | -| main.rs:153:40:153:43 | grow | semmle.label | grow | -| main.rs:153:53:153:54 | l2 | semmle.label | l2 | -| main.rs:155:40:155:50 | grow_zeroed | semmle.label | grow_zeroed | -| main.rs:155:60:155:61 | l2 | semmle.label | l2 | -| main.rs:162:27:162:34 | ...: usize | semmle.label | ...: usize | -| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:164:26:164:26 | v | semmle.label | v | -| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:165:36:165:36 | v | semmle.label | v | -| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:167:30:167:30 | v | semmle.label | v | -| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:168:26:168:26 | v | semmle.label | v | -| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:169:31:169:31 | v | semmle.label | v | -| main.rs:224:24:224:41 | ...: String | semmle.label | ...: String | -| main.rs:225:9:225:17 | num_bytes | semmle.label | num_bytes | -| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:225:21:225:48 | TryExpr | semmle.label | TryExpr | -| main.rs:227:9:227:14 | layout | semmle.label | layout | -| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:227:18:227:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:227:54:227:62 | num_bytes | semmle.label | num_bytes | -| main.rs:229:22:229:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:229:40:229:45 | layout | semmle.label | layout | -| main.rs:237:25:237:42 | ...: String | semmle.label | ...: String | -| main.rs:238:9:238:12 | size | semmle.label | size | -| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:238:16:238:43 | TryExpr | semmle.label | TryExpr | -| main.rs:242:9:242:17 | num_bytes | semmle.label | num_bytes | -| main.rs:244:9:244:14 | layout | semmle.label | layout | -| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:244:18:244:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:244:54:244:62 | num_bytes | semmle.label | num_bytes | -| main.rs:246:22:246:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:246:40:246:45 | layout | semmle.label | layout | -| main.rs:253:25:253:38 | ...::args | semmle.label | ...::args | -| main.rs:253:25:253:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:253:25:253:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:253:25:253:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:254:26:254:39 | ...::args | semmle.label | ...::args | -| main.rs:254:26:254:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:254:26:254:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:254:26:254:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:262:9:262:9 | v | semmle.label | v | -| main.rs:262:13:262:26 | ...::args | semmle.label | ...::args | -| main.rs:262:13:262:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:262:13:262:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:262:13:262:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:262:13:262:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:262:13:262:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:265:34:265:34 | v | semmle.label | v | -| main.rs:266:42:266:42 | v | semmle.label | v | -| main.rs:267:36:267:36 | v | semmle.label | v | -| main.rs:268:27:268:27 | v | semmle.label | v | -| main.rs:269:25:269:25 | v | semmle.label | v | +| main.rs:81:33:81:40 | ...: usize | semmle.label | ...: usize | +| main.rs:82:9:82:14 | layout | semmle.label | layout | +| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:82:18:82:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:82:54:82:54 | v | semmle.label | v | +| main.rs:83:13:83:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:83:31:83:36 | layout | semmle.label | layout | +| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | +| main.rs:87:9:87:14 | layout | semmle.label | layout | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:54:87:54 | v | semmle.label | v | +| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:88:31:88:36 | layout | semmle.label | layout | +| main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | +| main.rs:92:9:92:10 | l1 | semmle.label | l1 | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:92:47:92:47 | v | semmle.label | v | +| main.rs:95:13:95:14 | l2 | semmle.label | l2 | +| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:95:18:95:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:95:51:95:51 | v | semmle.label | v | +| main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:96:35:96:36 | l1 | semmle.label | l1 | +| main.rs:97:17:97:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:97:35:97:36 | l2 | semmle.label | l2 | +| main.rs:99:31:99:31 | v | semmle.label | v | +| main.rs:101:13:101:14 | l3 | semmle.label | l3 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:51:101:51 | v | semmle.label | v | +| main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:102:35:102:36 | l1 | semmle.label | l1 | +| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:103:35:103:36 | l3 | semmle.label | l3 | +| main.rs:105:33:105:33 | v | semmle.label | v | +| main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:109:35:109:36 | l1 | semmle.label | l1 | +| main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:111:35:111:36 | l1 | semmle.label | l1 | +| main.rs:115:13:115:14 | l4 | semmle.label | l4 | +| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:115:18:115:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:115:54:115:54 | v | semmle.label | v | +| main.rs:116:17:116:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:116:35:116:36 | l4 | semmle.label | l4 | +| main.rs:120:13:120:14 | l5 | semmle.label | l5 | +| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:120:18:120:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:120:54:120:54 | v | semmle.label | v | +| main.rs:121:17:121:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:121:35:121:36 | l5 | semmle.label | l5 | +| main.rs:125:13:125:14 | l6 | semmle.label | l6 | +| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:125:18:125:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:125:54:125:54 | v | semmle.label | v | +| main.rs:126:17:126:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:126:35:126:36 | l6 | semmle.label | l6 | +| main.rs:131:9:131:10 | l7 | semmle.label | l7 | +| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:131:14:131:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:131:50:131:50 | v | semmle.label | v | +| main.rs:135:13:135:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:135:31:135:32 | l7 | semmle.label | l7 | +| main.rs:138:13:138:21 | mut v_mut | semmle.label | mut v_mut | +| main.rs:144:13:144:14 | l8 | semmle.label | l8 | +| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:144:18:144:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:144:51:144:55 | v_mut | semmle.label | v_mut | +| main.rs:145:13:145:14 | l9 | semmle.label | l9 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:51:145:51 | v | semmle.label | v | +| main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:146:35:146:36 | l1 | semmle.label | l1 | +| main.rs:147:17:147:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:147:35:147:36 | l8 | semmle.label | l8 | +| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:148:35:148:36 | l9 | semmle.label | l9 | +| main.rs:151:9:151:11 | l10 | semmle.label | l10 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:151:62:151:62 | v | semmle.label | v | +| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:152:31:152:33 | l10 | semmle.label | l10 | +| main.rs:154:9:154:11 | l11 | semmle.label | l11 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:154:62:154:62 | v | semmle.label | v | +| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:155:31:155:33 | l11 | semmle.label | l11 | +| main.rs:157:9:157:11 | l12 | semmle.label | l12 | +| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:157:15:157:73 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:157:48:157:63 | clamp(...) | semmle.label | clamp(...) | +| main.rs:157:54:157:54 | v | semmle.label | v | +| main.rs:158:13:158:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:158:31:158:33 | l12 | semmle.label | l12 | +| main.rs:161:13:161:15 | l13 | semmle.label | l13 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:55:161:55 | v | semmle.label | v | +| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:162:35:162:37 | l13 | semmle.label | l13 | +| main.rs:168:13:168:15 | l14 | semmle.label | l14 | +| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:168:19:168:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:168:55:168:55 | v | semmle.label | v | +| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:169:35:169:37 | l13 | semmle.label | l13 | +| main.rs:170:17:170:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:170:35:170:37 | l14 | semmle.label | l14 | +| main.rs:176:9:176:11 | l15 | semmle.label | l15 | +| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:176:15:176:64 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:176:51:176:51 | v | semmle.label | v | +| main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:177:31:177:32 | l1 | semmle.label | l1 | +| main.rs:178:13:178:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:178:31:178:33 | l15 | semmle.label | l15 | +| main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | +| main.rs:192:9:192:10 | l2 | semmle.label | l2 | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:192:14:192:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:192:46:192:46 | v | semmle.label | v | +| main.rs:193:32:193:36 | alloc | semmle.label | alloc | +| main.rs:193:38:193:39 | l2 | semmle.label | l2 | +| main.rs:194:32:194:43 | alloc_zeroed | semmle.label | alloc_zeroed | +| main.rs:194:45:194:46 | l2 | semmle.label | l2 | +| main.rs:195:32:195:39 | allocate | semmle.label | allocate | +| main.rs:195:41:195:42 | l2 | semmle.label | l2 | +| main.rs:196:32:196:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:196:48:196:49 | l2 | semmle.label | l2 | +| main.rs:197:32:197:39 | allocate | semmle.label | allocate | +| main.rs:197:41:197:42 | l2 | semmle.label | l2 | +| main.rs:198:32:198:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:198:48:198:49 | l2 | semmle.label | l2 | +| main.rs:208:40:208:43 | grow | semmle.label | grow | +| main.rs:208:53:208:54 | l2 | semmle.label | l2 | +| main.rs:210:40:210:50 | grow_zeroed | semmle.label | grow_zeroed | +| main.rs:210:60:210:61 | l2 | semmle.label | l2 | +| main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize | +| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:219:26:219:26 | v | semmle.label | v | +| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:220:36:220:36 | v | semmle.label | v | +| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:222:30:222:30 | v | semmle.label | v | +| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:223:26:223:26 | v | semmle.label | v | +| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:224:31:224:31 | v | semmle.label | v | +| main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | +| main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | +| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:280:21:280:48 | TryExpr | semmle.label | TryExpr | +| main.rs:282:9:282:14 | layout | semmle.label | layout | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:282:18:282:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | +| main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:284:40:284:45 | layout | semmle.label | layout | +| main.rs:292:25:292:42 | ...: String | semmle.label | ...: String | +| main.rs:293:9:293:12 | size | semmle.label | size | +| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:293:16:293:43 | TryExpr | semmle.label | TryExpr | +| main.rs:297:9:297:17 | num_bytes | semmle.label | num_bytes | +| main.rs:299:9:299:14 | layout | semmle.label | layout | +| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:299:18:299:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:299:54:299:62 | num_bytes | semmle.label | num_bytes | +| main.rs:301:22:301:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:301:40:301:45 | layout | semmle.label | layout | +| main.rs:308:25:308:38 | ...::args | semmle.label | ...::args | +| main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:309:26:309:39 | ...::args | semmle.label | ...::args | +| main.rs:309:26:309:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:309:26:309:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:309:26:309:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:317:9:317:9 | v | semmle.label | v | +| main.rs:317:13:317:26 | ...::args | semmle.label | ...::args | +| main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:317:13:317:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:317:13:317:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:317:13:317:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:320:34:320:34 | v | semmle.label | v | +| main.rs:321:42:321:42 | v | semmle.label | v | +| main.rs:322:36:322:36 | v | semmle.label | v | +| main.rs:323:27:323:27 | v | semmle.label | v | +| main.rs:324:25:324:25 | v | semmle.label | v | subpaths -| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | +| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:157:48:157:63 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index a699767dc1a8..558979ebfc2c 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -78,13 +78,31 @@ fn clamp(v: T, min: T, max: T) -> T { } } -unsafe fn test_std_alloc_with_bounds(v: usize) { +unsafe fn test_fn_alloc_bounded(v: usize) { + let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 +} + +unsafe fn test_fn_alloc_unbounded(v: usize) { + let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 +} + +unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l1 = std::alloc::Layout::array::(v).unwrap(); if v < 100 { + let l2 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + + test_fn_alloc_bounded(v); } else { + let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + + test_fn_alloc_unbounded(v); } if v == 100 { @@ -93,6 +111,29 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } + if (v < limit) { + let l4 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } + + if (v < 2 * v) { // not a good bound + let l5 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + } + + if (true && v < limit && true) { + let l6 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } + + let mut l7; + if (v < 100) { + l7 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + } else { + l7 = std::alloc::Layout::from_size_align(100, 1).unwrap(); + } + let _ = std::alloc::alloc(l7); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + { let mut v_mut = v; @@ -100,27 +141,41 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { v_mut = 100; } - let l2 = std::alloc::Layout::array::(v_mut).unwrap(); - let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - - let l3 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let l8 = std::alloc::Layout::array::(v_mut).unwrap(); + let l9 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l8); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } - let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); + let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); + let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + + let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); + let _ = std::alloc::alloc(l12); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + + for i in 0..10 { + let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + if (v > 1000) { + continue; + } + + let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l14); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } - let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if v > 100 { return; } + let l15 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l15); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } use std::alloc::{GlobalAlloc, Allocator}; @@ -264,7 +319,7 @@ fn main() { unsafe { test_std_alloc_from_size(v); test_std_alloc_new_repeat_extend(v); - test_std_alloc_with_bounds(v); + test_std_alloc_with_bounds(v, 1000); test_system_alloc(v); test_libc_alloc(v); test_vectors(v); From f7d3a51f2728d3bb4769c1813b3ff455fd190e0c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:37:05 +0000 Subject: [PATCH 087/409] Rust: Implement barrier guard. --- .../UncontrolledAllocationSizeExtensions.qll | 20 +- .../UncontrolledAllocationSize.expected | 272 +----------------- .../test/query-tests/security/CWE-770/main.rs | 38 +-- 3 files changed, 41 insertions(+), 289 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index bb0ffbb4e3c1..9efffeee9ae3 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -7,6 +7,8 @@ import rust private import codeql.rust.Concepts private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.controlflow.ControlFlowGraph as Cfg +private import codeql.rust.controlflow.CfgNodes as CfgNodes /** * Provides default sources, sinks and barriers for detecting uncontrolled @@ -26,9 +28,25 @@ module UncontrolledAllocationSize { abstract class Barrier extends DataFlow::Node { } /** - * sink for uncontrolled allocation size from model data. + * A sink for uncontrolled allocation size from model data. */ private class ModelsAsDataSink extends Sink { ModelsAsDataSink() { sinkNode(this, ["alloc-size", "alloc-layout"]) } } + + /** + * A barrier for uncontrolled allocation size that is an guard / bound check. + */ + private class BoundCheckBarrier extends Barrier { + BoundCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } + } + + private predicate isBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { + // any comparison (`g` / `cmp`) guards the expression on either side (`node`) + exists(BinaryExpr cmp | + g = cmp.getACfgNode() and + [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and + branch = [true, false] + ) + } } diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index cca67133563a..e10c26338dce 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -18,29 +18,12 @@ | main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:83:13:83:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:83:13:83:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:97:17:97:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:97:17:97:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:116:17:116:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:116:17:116:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:121:17:121:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:121:17:121:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:126:17:126:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:126:17:126:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:135:13:135:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:135:13:135:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:147:17:147:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:147:17:147:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:158:13:158:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:158:13:158:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:170:17:170:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:170:17:170:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:178:13:178:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:178:13:178:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | @@ -60,7 +43,6 @@ | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | -| main.rs:301:22:301:38 | ...::alloc | main.rs:309:26:309:39 | ...::args | main.rs:301:22:301:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:309:26:309:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -151,133 +133,25 @@ edges | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | -| main.rs:81:33:81:40 | ...: usize | main.rs:82:54:82:54 | v | provenance | | -| main.rs:82:9:82:14 | layout | main.rs:83:31:83:36 | layout | provenance | | -| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | main.rs:82:18:82:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:82:18:82:67 | ... .unwrap(...) | main.rs:82:9:82:14 | layout | provenance | | -| main.rs:82:54:82:54 | v | main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:83:31:83:36 | layout | main.rs:83:13:83:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | -| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | -| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:95:51:95:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:99:31:99:31 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:115:54:115:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:120:54:120:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:125:54:125:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:131:50:131:50 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:138:13:138:21 | mut v_mut | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:157:54:157:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:168:55:168:55 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:176:51:176:51 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | | main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:95:13:95:14 | l2 | main.rs:97:35:97:36 | l2 | provenance | | -| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | main.rs:95:18:95:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:95:18:95:61 | ... .unwrap(...) | main.rs:95:13:95:14 | l2 | provenance | | -| main.rs:95:51:95:51 | v | main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:97:35:97:36 | l2 | main.rs:97:17:97:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:99:31:99:31 | v | main.rs:81:33:81:40 | ...: usize | provenance | | -| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | -| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | | main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | -| main.rs:115:13:115:14 | l4 | main.rs:116:35:116:36 | l4 | provenance | | -| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | main.rs:115:18:115:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:115:18:115:67 | ... .unwrap(...) | main.rs:115:13:115:14 | l4 | provenance | | -| main.rs:115:54:115:54 | v | main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:116:35:116:36 | l4 | main.rs:116:17:116:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:120:13:120:14 | l5 | main.rs:121:35:121:36 | l5 | provenance | | -| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | main.rs:120:18:120:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:120:18:120:67 | ... .unwrap(...) | main.rs:120:13:120:14 | l5 | provenance | | -| main.rs:120:54:120:54 | v | main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:121:35:121:36 | l5 | main.rs:121:17:121:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:125:13:125:14 | l6 | main.rs:126:35:126:36 | l6 | provenance | | -| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | main.rs:125:18:125:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:125:18:125:67 | ... .unwrap(...) | main.rs:125:13:125:14 | l6 | provenance | | -| main.rs:125:54:125:54 | v | main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:126:35:126:36 | l6 | main.rs:126:17:126:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:131:9:131:10 | l7 | main.rs:135:31:135:32 | l7 | provenance | | -| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | main.rs:131:14:131:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:131:14:131:63 | ... .unwrap(...) | main.rs:131:9:131:10 | l7 | provenance | | -| main.rs:131:50:131:50 | v | main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:135:31:135:32 | l7 | main.rs:135:13:135:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:138:13:138:21 | mut v_mut | main.rs:144:51:144:55 | v_mut | provenance | | -| main.rs:144:13:144:14 | l8 | main.rs:147:35:147:36 | l8 | provenance | | -| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | main.rs:144:18:144:65 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:144:18:144:65 | ... .unwrap(...) | main.rs:144:13:144:14 | l8 | provenance | | -| main.rs:144:51:144:55 | v_mut | main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | -| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | -| main.rs:147:35:147:36 | l8 | main.rs:147:17:147:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | -| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | -| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | -| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | -| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:157:9:157:11 | l12 | main.rs:158:31:158:33 | l12 | provenance | | -| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | main.rs:157:15:157:73 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:157:15:157:73 | ... .unwrap(...) | main.rs:157:9:157:11 | l12 | provenance | | -| main.rs:157:48:157:63 | clamp(...) | main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | provenance | | -| main.rs:157:54:157:54 | v | main.rs:157:48:157:63 | clamp(...) | provenance | | -| main.rs:158:31:158:33 | l12 | main.rs:158:13:158:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | -| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | -| main.rs:168:13:168:15 | l14 | main.rs:170:35:170:37 | l14 | provenance | | -| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | main.rs:168:19:168:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:168:19:168:68 | ... .unwrap(...) | main.rs:168:13:168:15 | l14 | provenance | | -| main.rs:168:55:168:55 | v | main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:170:35:170:37 | l14 | main.rs:170:17:170:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:176:9:176:11 | l15 | main.rs:178:31:178:33 | l15 | provenance | | -| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | main.rs:176:15:176:64 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:176:15:176:64 | ... .unwrap(...) | main.rs:176:9:176:11 | l15 | provenance | | -| main.rs:176:51:176:51 | v | main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:178:31:178:33 | l15 | main.rs:178:13:178:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | @@ -322,31 +196,17 @@ edges | main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:292:25:292:42 | ...: String | main.rs:293:16:293:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:293:9:293:12 | size | main.rs:297:9:297:17 | num_bytes | provenance | | -| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | main.rs:293:16:293:43 | TryExpr | provenance | | -| main.rs:293:16:293:43 | TryExpr | main.rs:293:9:293:12 | size | provenance | | -| main.rs:297:9:297:17 | num_bytes | main.rs:299:54:299:62 | num_bytes | provenance | | -| main.rs:299:9:299:14 | layout | main.rs:301:40:301:45 | layout | provenance | | -| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | main.rs:299:18:299:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:299:18:299:75 | ... .unwrap(...) | main.rs:299:9:299:14 | layout | provenance | | -| main.rs:299:54:299:62 | num_bytes | main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:301:40:301:45 | layout | main.rs:301:22:301:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:33 | | main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | -| main.rs:309:26:309:39 | ...::args | main.rs:309:26:309:41 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:309:26:309:41 | ...::args(...) [element] | main.rs:309:26:309:48 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:309:26:309:48 | ... .nth(...) [Some] | main.rs:309:26:309:75 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:309:26:309:75 | ... .unwrap_or(...) | main.rs:292:25:292:42 | ...: String | provenance | | | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:33 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | | main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | @@ -389,9 +249,7 @@ models | 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | -| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | -| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 33 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -484,131 +342,23 @@ nodes | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | -| main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | -| main.rs:77:9:77:16 | return v | semmle.label | return v | -| main.rs:81:33:81:40 | ...: usize | semmle.label | ...: usize | -| main.rs:82:9:82:14 | layout | semmle.label | layout | -| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:82:18:82:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:82:54:82:54 | v | semmle.label | v | -| main.rs:83:13:83:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:83:31:83:36 | layout | semmle.label | layout | -| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | -| main.rs:87:9:87:14 | layout | semmle.label | layout | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:87:54:87:54 | v | semmle.label | v | -| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | | main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | | main.rs:92:47:92:47 | v | semmle.label | v | -| main.rs:95:13:95:14 | l2 | semmle.label | l2 | -| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:95:18:95:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:95:51:95:51 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | -| main.rs:97:17:97:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:97:35:97:36 | l2 | semmle.label | l2 | -| main.rs:99:31:99:31 | v | semmle.label | v | -| main.rs:101:13:101:14 | l3 | semmle.label | l3 | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | -| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:103:35:103:36 | l3 | semmle.label | l3 | -| main.rs:105:33:105:33 | v | semmle.label | v | | main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:109:35:109:36 | l1 | semmle.label | l1 | | main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:111:35:111:36 | l1 | semmle.label | l1 | -| main.rs:115:13:115:14 | l4 | semmle.label | l4 | -| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:115:18:115:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:115:54:115:54 | v | semmle.label | v | -| main.rs:116:17:116:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:116:35:116:36 | l4 | semmle.label | l4 | -| main.rs:120:13:120:14 | l5 | semmle.label | l5 | -| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:120:18:120:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:120:54:120:54 | v | semmle.label | v | -| main.rs:121:17:121:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:121:35:121:36 | l5 | semmle.label | l5 | -| main.rs:125:13:125:14 | l6 | semmle.label | l6 | -| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:125:18:125:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:125:54:125:54 | v | semmle.label | v | -| main.rs:126:17:126:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:126:35:126:36 | l6 | semmle.label | l6 | -| main.rs:131:9:131:10 | l7 | semmle.label | l7 | -| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:131:14:131:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:131:50:131:50 | v | semmle.label | v | -| main.rs:135:13:135:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:135:31:135:32 | l7 | semmle.label | l7 | -| main.rs:138:13:138:21 | mut v_mut | semmle.label | mut v_mut | -| main.rs:144:13:144:14 | l8 | semmle.label | l8 | -| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:144:18:144:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:144:51:144:55 | v_mut | semmle.label | v_mut | -| main.rs:145:13:145:14 | l9 | semmle.label | l9 | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | -| main.rs:147:17:147:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:147:35:147:36 | l8 | semmle.label | l8 | -| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:148:35:148:36 | l9 | semmle.label | l9 | -| main.rs:151:9:151:11 | l10 | semmle.label | l10 | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | -| main.rs:151:62:151:62 | v | semmle.label | v | -| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:152:31:152:33 | l10 | semmle.label | l10 | -| main.rs:154:9:154:11 | l11 | semmle.label | l11 | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | -| main.rs:154:62:154:62 | v | semmle.label | v | -| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:155:31:155:33 | l11 | semmle.label | l11 | -| main.rs:157:9:157:11 | l12 | semmle.label | l12 | -| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:157:15:157:73 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:157:48:157:63 | clamp(...) | semmle.label | clamp(...) | -| main.rs:157:54:157:54 | v | semmle.label | v | -| main.rs:158:13:158:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:158:31:158:33 | l12 | semmle.label | l12 | -| main.rs:161:13:161:15 | l13 | semmle.label | l13 | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:161:55:161:55 | v | semmle.label | v | -| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:162:35:162:37 | l13 | semmle.label | l13 | -| main.rs:168:13:168:15 | l14 | semmle.label | l14 | -| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:168:19:168:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:168:55:168:55 | v | semmle.label | v | -| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:169:35:169:37 | l13 | semmle.label | l13 | -| main.rs:170:17:170:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:170:35:170:37 | l14 | semmle.label | l14 | -| main.rs:176:9:176:11 | l15 | semmle.label | l15 | -| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:176:15:176:64 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:176:51:176:51 | v | semmle.label | v | | main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:177:31:177:32 | l1 | semmle.label | l1 | -| main.rs:178:13:178:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:178:31:178:33 | l15 | semmle.label | l15 | | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | | main.rs:192:9:192:10 | l2 | semmle.label | l2 | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | @@ -656,25 +406,10 @@ nodes | main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | | main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | | main.rs:284:40:284:45 | layout | semmle.label | layout | -| main.rs:292:25:292:42 | ...: String | semmle.label | ...: String | -| main.rs:293:9:293:12 | size | semmle.label | size | -| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:293:16:293:43 | TryExpr | semmle.label | TryExpr | -| main.rs:297:9:297:17 | num_bytes | semmle.label | num_bytes | -| main.rs:299:9:299:14 | layout | semmle.label | layout | -| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:299:18:299:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:299:54:299:62 | num_bytes | semmle.label | num_bytes | -| main.rs:301:22:301:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:301:40:301:45 | layout | semmle.label | layout | | main.rs:308:25:308:38 | ...::args | semmle.label | ...::args | | main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | | main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | | main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:309:26:309:39 | ...::args | semmle.label | ...::args | -| main.rs:309:26:309:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:309:26:309:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:309:26:309:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | main.rs:317:9:317:9 | v | semmle.label | v | | main.rs:317:13:317:26 | ...::args | semmle.label | ...::args | | main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | @@ -688,4 +423,3 @@ nodes | main.rs:323:27:323:27 | v | semmle.label | v | | main.rs:324:25:324:25 | v | semmle.label | v | subpaths -| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:157:48:157:63 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 558979ebfc2c..e9cea0f604a7 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -80,12 +80,12 @@ fn clamp(v: T, min: T, max: T) -> T { unsafe fn test_fn_alloc_bounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ GOOD (bounded) } unsafe fn test_fn_alloc_unbounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { @@ -94,13 +94,13 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { if v < 100 { let l2 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2); // $ GOOD (bounded) test_fn_alloc_bounded(v); } else { let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 test_fn_alloc_unbounded(v); } @@ -113,17 +113,17 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { if (v < limit) { let l4 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l4); // $ GOOD (bounded) } if (v < 2 * v) { // not a good bound let l5 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } if (true && v < limit && true) { let l6 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l6); // $ GOOD (bounded) } let mut l7; @@ -132,7 +132,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } else { l7 = std::alloc::Layout::from_size_align(100, 1).unwrap(); } - let _ = std::alloc::alloc(l7); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l7); // $ GOOD (bounded) { let mut v_mut = v; @@ -144,30 +144,30 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l8 = std::alloc::Layout::array::(v_mut).unwrap(); let l9 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l8); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l8); // $ GOOD (bounded) + let _ = std::alloc::alloc(l9); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l10); // $ GOOD (bounded) let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l11); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l12); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l12); // $ GOOD (bounded) for i in 0..10 { let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 if (v > 1000) { continue; } let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l14); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ GOOD (bounded) + let _ = std::alloc::alloc(l14); // $ GOOD (bounded) } if v > 100 { @@ -175,7 +175,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } let l15 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l15); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l15); // $ GOOD (bounded) } use std::alloc::{GlobalAlloc, Allocator}; @@ -298,7 +298,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); unsafe { - let buffer = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=example2 + let buffer = std::alloc::alloc(layout); // $ GOOD (bounded) Ok(buffer) } @@ -306,7 +306,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { fn test_examples() { allocate_buffer_bad(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example1 - allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example2 + allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); } // --- main --- From 6a5a1001bbd1d4e72e4f3c14b5d6e2e181a2e59b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 17:27:36 +0100 Subject: [PATCH 088/409] Rust: Refine the barrier guard. --- .../UncontrolledAllocationSizeExtensions.qll | 59 +++++++++-- .../UncontrolledAllocationSize.expected | 99 ++++++++++++++++++- .../test/query-tests/security/CWE-770/main.rs | 14 +-- 3 files changed, 154 insertions(+), 18 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index 9efffeee9ae3..b8ab16090d19 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -35,18 +35,61 @@ module UncontrolledAllocationSize { } /** - * A barrier for uncontrolled allocation size that is an guard / bound check. + * A barrier for uncontrolled allocation size that is an upper bound check / guard. */ - private class BoundCheckBarrier extends Barrier { - BoundCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } + private class UpperBoundCheckBarrier extends Barrier { + UpperBoundCheckBarrier() { + this = DataFlow::BarrierGuard::getABarrierNode() + } } - private predicate isBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { - // any comparison (`g` / `cmp`) guards the expression on either side (`node`) - exists(BinaryExpr cmp | - g = cmp.getACfgNode() and + /** + * Gets the operand on the "greater" (or "greater-or-equal") side + * of this relational expression, that is, the side that is larger + * if the overall expression evaluates to `true`; for example on + * `x <= 20` this is the `20`, and on `y > 0` it is `y`. + */ + private Expr getGreaterOperand(BinaryExpr op) { + op.getOperatorName() = ["<", "<="] and + result = op.getRhs() + or + op.getOperatorName() = [">", ">="] and + result = op.getLhs() + } + + /** + * Gets the operand on the "lesser" (or "lesser-or-equal") side + * of this relational expression, that is, the side that is smaller + * if the overall expression evaluates to `true`; for example on + * `x <= 20` this is `x`, and on `y > 0` it is the `0`. + */ + private Expr getLesserOperand(BinaryExpr op) { + op.getOperatorName() = ["<", "<="] and + result = op.getLhs() + or + op.getOperatorName() = [">", ">="] and + result = op.getRhs() + } + + /** + * Holds if comparison `g` having result `branch` indicates an upper bound for the sub-expression + * `node`. For example when the comparison `x < 10` is true, we have an upper bound for `x`. + */ + private predicate isUpperBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { + exists(BinaryExpr cmp | g = cmp.getACfgNode() | + node = getLesserOperand(cmp).getACfgNode() and + branch = true + or + node = getGreaterOperand(cmp).getACfgNode() and + branch = false + or + cmp.getOperatorName() = "==" and + [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and + branch = true + or + cmp.getOperatorName() = "!=" and [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and - branch = [true, false] + branch = false ) } } diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index e10c26338dce..fa30dde511bc 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -18,11 +18,18 @@ | main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | @@ -133,7 +140,19 @@ edges | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | +| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | @@ -142,15 +161,45 @@ edges | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | | main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | @@ -197,7 +246,7 @@ edges | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:33 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | @@ -206,7 +255,7 @@ edges | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:33 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | | main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | @@ -249,7 +298,9 @@ models | 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 33 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -342,6 +393,13 @@ nodes | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | +| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | +| main.rs:87:9:87:14 | layout | semmle.label | layout | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:54:87:54 | v | semmle.label | v | +| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | @@ -349,14 +407,49 @@ nodes | main.rs:92:47:92:47 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | +| main.rs:101:13:101:14 | l3 | semmle.label | l3 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | +| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:103:35:103:36 | l3 | semmle.label | l3 | +| main.rs:105:33:105:33 | v | semmle.label | v | | main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:109:35:109:36 | l1 | semmle.label | l1 | | main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:111:35:111:36 | l1 | semmle.label | l1 | +| main.rs:145:13:145:14 | l9 | semmle.label | l9 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | +| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:148:35:148:36 | l9 | semmle.label | l9 | +| main.rs:151:9:151:11 | l10 | semmle.label | l10 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:151:62:151:62 | v | semmle.label | v | +| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:152:31:152:33 | l10 | semmle.label | l10 | +| main.rs:154:9:154:11 | l11 | semmle.label | l11 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:154:62:154:62 | v | semmle.label | v | +| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:155:31:155:33 | l11 | semmle.label | l11 | +| main.rs:161:13:161:15 | l13 | semmle.label | l13 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:55:161:55 | v | semmle.label | v | +| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:162:35:162:37 | l13 | semmle.label | l13 | +| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:169:35:169:37 | l13 | semmle.label | l13 | | main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:177:31:177:32 | l1 | semmle.label | l1 | | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index e9cea0f604a7..37533e746ed9 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -85,7 +85,7 @@ unsafe fn test_fn_alloc_bounded(v: usize) { unsafe fn test_fn_alloc_unbounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { @@ -100,7 +100,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } else { let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 test_fn_alloc_unbounded(v); } @@ -145,28 +145,28 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l9 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l8); // $ GOOD (bounded) - let _ = std::alloc::alloc(l9); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l10); // $ GOOD (bounded) + let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l11); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); let _ = std::alloc::alloc(l12); // $ GOOD (bounded) for i in 0..10 { let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if (v > 1000) { continue; } let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ GOOD (bounded) + let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l14); // $ GOOD (bounded) } From fb22d5587855a3183602a3b3c3e5c3410268bd2f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:12:30 +0100 Subject: [PATCH 089/409] Rust: Remove duplicate models. --- .../rust/frameworks/stdlib/lang-alloc.model.yml | 4 ---- .../CWE-770/UncontrolledAllocationSize.expected | 15 --------------- 2 files changed, 19 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 85cd97fb4629..999f711ba37d 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -19,7 +19,3 @@ extensions: - ["lang:alloc", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] - ["lang:alloc", "::grow", "Argument[2]", "alloc-layout", "manual"] - ["lang:alloc", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index fa30dde511bc..9cc7f803aac8 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -40,15 +40,10 @@ | main.rs:208:40:208:43 | grow | main.rs:317:13:317:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | @@ -223,19 +218,14 @@ edges | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | | main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | | main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | | main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | | main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | | main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | | main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | | main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | | main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | @@ -475,19 +465,14 @@ nodes | main.rs:210:60:210:61 | l2 | semmle.label | l2 | | main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize | | main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | | main.rs:219:26:219:26 | v | semmle.label | v | | main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | | main.rs:220:36:220:36 | v | semmle.label | v | | main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | | main.rs:222:30:222:30 | v | semmle.label | v | | main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | | main.rs:223:26:223:26 | v | semmle.label | v | | main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:224:31:224:31 | v | semmle.label | v | | main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | | main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | From ff2a1ca961b95881bbff2b164e6d50e8a2f91628 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:31:13 +0000 Subject: [PATCH 090/409] Rust: Group the data in rust/summary/summary-statistics. --- rust/ql/src/queries/summary/SummaryStats.ql | 37 +++++++++++++++------ 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql index 69ab796c8696..d9c88a7c56ed 100644 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ b/rust/ql/src/queries/summary/SummaryStats.ql @@ -9,7 +9,6 @@ import rust import codeql.rust.Concepts import codeql.rust.security.SensitiveData -import codeql.rust.security.WeakSensitiveDataHashingExtensions import codeql.rust.Diagnostics import Stats import TaintReach @@ -22,13 +21,14 @@ class CrateElement extends Element { } } -from string key, int value -where +predicate elementStats(string key, int value) { key = "Elements extracted" and value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) or key = "Elements unextracted" and value = count(Unextracted e) - or +} + +predicate extractionStats(string key, int value) { key = "Extraction errors" and value = count(ExtractionError e) or key = "Extraction warnings" and value = count(ExtractionWarning w) @@ -53,6 +53,14 @@ where or key = "Lines of user code extracted" and value = getLinesOfUserCode() or + key = "Macro calls - total" and value = count(MacroCall mc) + or + key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) + or + key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) +} + +predicate inconsistencyStats(string key, int value) { key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() or key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() @@ -60,13 +68,9 @@ where key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() or key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) - or +} + +predicate taintStats(string key, int value) { key = "Taint sources - active" and value = count(ActiveThreatModelSource s) or key = "Taint sources - disabled" and @@ -84,4 +88,15 @@ where or key = "Taint sinks - cryptographic operations" and value = count(Cryptography::CryptographicOperation o) +} + +from string key, int value +where + elementStats(key, value) + or + extractionStats(key, value) + or + inconsistencyStats(key, value) + or + taintStats(key, value) select key, value order by key From 8737acb6a95715602f92a4699421cc1c61770cfe Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Mon, 31 Mar 2025 20:42:03 +0200 Subject: [PATCH 091/409] Update actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql Co-authored-by: Andrew Eisenberg --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index 90feab533a47..9676e942f7ce 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in priviledged context + * @name Checkout of untrusted code in a priviledged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 1186699269225a58ea4a8a0b79e1940ef4afc9b1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 00:25:24 +0000 Subject: [PATCH 092/409] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 2 +- csharp/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index 21bf90cae725..8ec9be900605 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -42,5 +42,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7, SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5 -System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5941,6300 +System,54,47,12255,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5955,6300 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,, diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst index 3288a1fbaa9a..64adc5839430 100644 --- a/csharp/documentation/library-coverage/coverage.rst +++ b/csharp/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ C# framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting` `ServiceStack `_,"``ServiceStack.*``, ``ServiceStack``",,7,194, - System,"``System.*``, ``System``",47,12241,54,5 + System,"``System.*``, ``System``",47,12255,54,5 Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4 - Totals,,107,14520,400,9 + Totals,,107,14534,400,9 From ba26953f0b66d60239574b0b0bb68733a11cfd49 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 12:02:43 +0100 Subject: [PATCH 093/409] C#: Update generated .NET 9 models. --- csharp/ql/lib/ext/generated/System.Net.Http.model.yml | 5 +---- csharp/ql/lib/ext/generated/System.model.yml | 9 --------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/csharp/ql/lib/ext/generated/System.Net.Http.model.yml b/csharp/ql/lib/ext/generated/System.Net.Http.model.yml index d080bab51f39..90bc48a115f4 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Http.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Http.model.yml @@ -44,10 +44,7 @@ extensions: - ["System.Net.Http", "HttpMethod", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpMethod._method]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpMethod", False, "get_Method", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpMethod._method]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpRequestException", False, "HttpRequestException", "(System.String,System.Exception,System.Nullable)", "", "Argument[2]", "Argument[this].Property[System.Net.Http.HttpRequestException.StatusCode]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method]", "ReturnValue", "taint", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri]", "ReturnValue", "taint", "dfc-generated"] + - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http", "HttpRequestMessage", False, "get_Properties", "()", "", "Argument[this].Property[System.Net.Http.HttpRequestMessage.Options]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpRequestOptions", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http", "HttpRequestOptions", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.model.yml b/csharp/ql/lib/ext/generated/System.model.yml index b594d40ba1b6..03b23b02725e 100644 --- a/csharp/ql/lib/ext/generated/System.model.yml +++ b/csharp/ql/lib/ext/generated/System.model.yml @@ -746,13 +746,6 @@ extensions: - ["System", "Uri", False, "get_LocalPath", "()", "", "Argument[this].SyntheticField[System.Uri._string]", "ReturnValue", "value", "dfc-generated"] - ["System", "Uri", False, "get_Scheme", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "get_UserInfo", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.UriBuilder._uri]", "taint", "dfc-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.Uri)", "", "Argument[0]", "Argument[this].SyntheticField[System.UriBuilder._uri]", "value", "dfc-generated"] - - ["System", "UriBuilder", False, "get_Uri", "()", "", "Argument[this].SyntheticField[System.UriBuilder._uri]", "ReturnValue", "value", "dfc-generated"] - ["System", "UriParser", False, "Register", "(System.UriParser,System.String,System.Int32)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System", "UriParser", True, "GetComponents", "(System.Uri,System.UriComponents,System.UriFormat)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "UriParser", True, "OnNewUri", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] @@ -5395,8 +5388,6 @@ extensions: - ["System", "Uri", "op_Inequality", "(System.Uri,System.Uri)", "summary", "df-generated"] - ["System", "UriBuilder", "Equals", "(System.Object)", "summary", "df-generated"] - ["System", "UriBuilder", "GetHashCode", "()", "summary", "df-generated"] - - ["System", "UriBuilder", "ToString", "()", "summary", "df-generated"] - - ["System", "UriBuilder", "UriBuilder", "(System.String,System.String,System.Int32)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.String)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.String,System.Exception)", "summary", "df-generated"] From 2487f7734b874d380e3299250f2f21737c27beba Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 12:55:37 +0100 Subject: [PATCH 094/409] C#: Update the generated .NET 9 models. --- .../ILLink.RoslynAnalyzer.DataFlow.model.yml | 6 +- .../generated/Internal.TypeSystem.model.yml | 24 +++--- .../Microsoft.Diagnostics.Tools.Pgo.model.yml | 6 +- ...guration.Binder.SourceGeneration.model.yml | 9 +- ...crosoft.Extensions.Configuration.model.yml | 2 +- ...t.Extensions.Diagnostics.Metrics.model.yml | 2 +- .../Microsoft.Extensions.Primitives.model.yml | 4 +- .../ext/generated/Microsoft.Interop.model.yml | 26 +++--- ...oft.VisualBasic.CompilerServices.model.yml | 6 +- .../generated/Microsoft.VisualBasic.model.yml | 12 +-- .../ext/generated/Mono.Linker.Steps.model.yml | 6 +- .../lib/ext/generated/Mono.Linker.model.yml | 6 +- .../ext/generated/System.Buffers.model.yml | 46 +++++----- .../System.CodeDom.Compiler.model.yml | 12 +-- .../System.Collections.Concurrent.model.yml | 12 +-- .../System.Collections.Frozen.model.yml | 8 +- .../System.Collections.Generic.model.yml | 34 ++++---- .../System.Collections.Immutable.model.yml | 67 +++++++-------- .../System.Collections.ObjectModel.model.yml | 5 +- .../generated/System.Collections.model.yml | 3 +- ...mponentModel.Composition.Hosting.model.yml | 6 +- ...odel.Composition.ReflectionModel.model.yml | 2 +- .../System.Composition.Hosting.Core.model.yml | 6 +- .../generated/System.Composition.model.yml | 10 +-- .../System.Configuration.Internal.model.yml | 7 +- .../generated/System.Data.Common.model.yml | 2 +- .../System.Diagnostics.Tracing.model.yml | 7 +- .../generated/System.Diagnostics.model.yml | 15 ++-- .../ext/generated/System.Dynamic.model.yml | 2 +- .../generated/System.Formats.Asn1.model.yml | 6 +- .../generated/System.IO.Enumeration.model.yml | 4 +- .../ql/lib/ext/generated/System.IO.model.yml | 4 +- .../System.Net.Http.Headers.model.yml | 12 +-- .../ext/generated/System.Net.Mail.model.yml | 22 ++--- .../generated/System.Net.Sockets.model.yml | 24 +++--- .../ext/generated/System.Numerics.model.yml | 4 +- .../System.Reflection.Emit.model.yml | 1 + ...stem.Reflection.Metadata.Ecma335.model.yml | 12 +-- .../System.Reflection.Metadata.model.yml | 2 +- ...em.Reflection.PortableExecutable.model.yml | 2 +- .../ext/generated/System.Reflection.model.yml | 4 - .../ext/generated/System.Resources.model.yml | 2 +- .../System.Runtime.CompilerServices.model.yml | 84 ++++++++----------- ...time.InteropServices.Marshalling.model.yml | 4 +- .../System.Runtime.InteropServices.model.yml | 17 ++-- .../System.Runtime.Intrinsics.model.yml | 8 +- ...time.Serialization.DataContracts.model.yml | 4 +- .../System.Runtime.Serialization.model.yml | 4 +- ...ystem.Security.Cryptography.Pkcs.model.yml | 10 +-- ...System.Security.Cryptography.Xml.model.yml | 2 +- .../System.Text.Json.Nodes.model.yml | 4 +- .../System.Text.Json.Serialization.model.yml | 3 +- .../ext/generated/System.Text.Json.model.yml | 26 +++--- .../System.Text.RegularExpressions.model.yml | 2 +- .../generated/System.Text.Unicode.model.yml | 4 +- .../System.Threading.RateLimiting.model.yml | 4 +- .../System.Threading.Tasks.Dataflow.model.yml | 6 +- .../ext/generated/System.Threading.model.yml | 40 +++++---- .../System.Xml.Serialization.model.yml | 5 +- .../System.Xml.Xsl.Runtime.model.yml | 11 +-- .../ql/lib/ext/generated/System.Xml.model.yml | 12 +-- csharp/ql/lib/ext/generated/System.model.yml | 28 +++---- 62 files changed, 348 insertions(+), 382 deletions(-) diff --git a/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml b/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml index 7bec23ae842a..a70583ae7d05 100644 --- a/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml +++ b/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml @@ -11,9 +11,9 @@ extensions: - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "CreateProxyBranch", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch)", "", "Argument[0].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch.Source]", "ReturnValue.Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Source].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block]", "value", "dfc-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "FirstBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "LastBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Blocks", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Entry", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "And", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml b/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml index be631bb427c3..e6b9fb39e71a 100644 --- a/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml +++ b/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml @@ -91,7 +91,7 @@ extensions: - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "AddOrGetExisting", "(TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "GetOrCreateValue", "(TKey)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "GetValueIfExists", "(TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[2]", "Argument[this].Property[Internal.TypeSystem.MarshalAsDescriptor.SizeParamIndex]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[3]", "Argument[this].Property[Internal.TypeSystem.MarshalAsDescriptor.SizeConst]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[4]", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._marshallerType]", "value", "dfc-generated"] @@ -99,9 +99,6 @@ extensions: - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "get_Cookie", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._cookie]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "get_MarshallerType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._marshallerType]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", False, "CalculateFieldBaseOffset", "(Internal.TypeSystem.MetadataType,System.Boolean,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "AlignBaseOffsetIfNecessary", "(Internal.TypeSystem.MetadataType,Internal.TypeSystem.LayoutInt,System.Boolean,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "FinalizeRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "PrepareRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MetadataType", False, "get_VirtualMethodImplsForType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataType", True, "ComputeVirtualMethodImplsForType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataType", True, "GetNestedTypes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -111,8 +108,8 @@ extensions: - ["Internal.TypeSystem", "MetadataTypeSystemContext", True, "SetSystemModule", "(Internal.TypeSystem.ModuleDesc)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "EnumAllVirtualSlots", "(Internal.TypeSystem.MetadataType)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "FindSlotDefiningMethodForVirtualMethod", "(Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MethodDelegator", False, "MethodDelegator", "(Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[this].Field[Internal.TypeSystem.MethodDelegator._wrappedMethod]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MethodDelegator", True, "get_Context", "()", "", "Argument[this].Field[Internal.TypeSystem.MethodDelegator._wrappedMethod].Property[Internal.TypeSystem.TypeSystemEntity.Context]", "ReturnValue", "value", "dfc-generated"] @@ -276,10 +273,10 @@ extensions: - ["Internal.TypeSystem", "TypeSystemHelpers", False, "InstantiateAsOpen", "(Internal.TypeSystem.TypeDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodTarget", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodTargetWithVariance", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "TypeWithRepeatedFields", "(Internal.TypeSystem.MetadataType)", "", "Argument[0]", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType]", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_ContainingType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.ContainingType]", "ReturnValue", "value", "dfc-generated"] @@ -290,10 +287,10 @@ extensions: - ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", False, "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "(Internal.TypeSystem.FieldLayoutAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ComputeAllVirtualSlots", "(Internal.TypeSystem.TypeDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "FindVirtualFunctionTargetMethodOnObjectType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -575,6 +572,7 @@ extensions: - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_SizeConst", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_SizeParamIndex", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_Type", "()", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "AlignBaseOffsetIfNecessary", "(Internal.TypeSystem.MetadataType,Internal.TypeSystem.LayoutInt,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeAutoFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeContainsGCPointers", "(Internal.TypeSystem.DefType)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeExplicitFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] @@ -583,6 +581,8 @@ extensions: - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeSequentialFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeStaticFieldLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.StaticLayoutKind)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeValueTypeShapeCharacteristics", "(Internal.TypeSystem.DefType)", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "FinalizeRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "PrepareRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "FindMethodsImplWithMatchingDeclName", "(System.String)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "GetClassLayout", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "GetInlineArrayLength", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml index b80511d28afe..0fd217179449 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml @@ -20,9 +20,7 @@ extensions: - ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing", False, "MapNodes", "(System.Func)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "KeyValueMap", "(TKey[],TValue[])", "", "Argument[1]", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "LookupRange", "(TKey,TKey)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "TryLookup", "(TKey,TValue)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData32", False, "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData32,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData64", False, "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData64,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "TryLookup", "(TKey,TValue)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", False, "FindBellmanFordCycle", "(Microsoft.Diagnostics.Tools.Pgo.Node)", "", "Argument[0].Field[Microsoft.Diagnostics.Tools.Pgo.Node.MetaData].Field[Microsoft.Diagnostics.Tools.Pgo.NodeMetaData.PredEdge]", "ReturnValue.Property[System.Tuple`2.Item1].Element", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", False, "AddInEdge", "(Microsoft.Diagnostics.Tools.Pgo.Edge)", "", "Argument[0]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Node.InEdgeList].Element", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", False, "AddOutEdge", "(Microsoft.Diagnostics.Tools.Pgo.Edge)", "", "Argument[0]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Node.OutEdgeList].Element", "value", "dfc-generated"] @@ -41,6 +39,8 @@ extensions: - ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing", "Perform", "(System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "LbrEntry32", "ToString", "()", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "LbrEntry64", "ToString", "()", "summary", "df-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData32", "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData32,System.Int32)", "summary", "df-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData64", "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData64,System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", "FindMinCostCirculation", "(Microsoft.Diagnostics.Tools.Pgo.CirculationGraph,System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", "FindNegativeCycle", "(Microsoft.Diagnostics.Tools.Pgo.CirculationGraph)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", "NetInFlow", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml index 3896f91e4b42..feff9830f60d 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml @@ -6,14 +6,9 @@ extensions: data: - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "AsConfigWithChildren", "(Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleLoggerOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleLoggerOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.JsonConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.JsonConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.SimpleConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.SimpleConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Encodings.Web.JavaScriptEncoder,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Json.JsonWriterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_ConsoleFormatterOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_ConsoleLoggerOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_JsonConsoleFormatterOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] @@ -35,6 +30,8 @@ extensions: pack: codeql/csharp-all extensible: neutralModel data: + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Encodings.Web.JavaScriptEncoder,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "summary", "df-generated"] + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Json.JsonWriterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "GetValueCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Type,System.String)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "ParseBool", "(System.String,System.String)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "ParseChar", "(System.String,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml index abd92a302aee..0dddff60e785 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml @@ -7,7 +7,7 @@ extensions: - ["Microsoft.Extensions.Configuration", "ChainedBuilderExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedBuilderExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "ChainedConfigurationProvider", "(Microsoft.Extensions.Configuration.ChainedConfigurationSource)", "", "Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration]", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "TryGet", "(System.String,System.String)", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "ReturnValue", "taint", "dfc-generated"] + - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "TryGet", "(System.String,System.String)", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "Argument[1]", "taint", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "get_Configuration", "()", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ConfigurationBinder", False, "Get", "(Microsoft.Extensions.Configuration.IConfiguration,System.Type)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration", "ConfigurationBinder", False, "Get", "(Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml index 00fd3977b498..7d360bace1c1 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml @@ -5,7 +5,7 @@ extensions: extensible: summaryModel data: - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "Initialize", "(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "InstrumentPublished", "(System.Diagnostics.Metrics.Instrument,System.Object)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "InstrumentPublished", "(System.Diagnostics.Metrics.Instrument,System.Object)", "", "Argument[this]", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderConfigurationExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder,Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderExtensions", False, "AddListener", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder,Microsoft.Extensions.Diagnostics.Metrics.IMetricsListener)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderExtensions", False, "AddListener", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml index 001d2a74593a..21b186db2162 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml @@ -18,13 +18,12 @@ extensions: - ["Microsoft.Extensions.Primitives", "StringSegment", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer]", "ReturnValue", "taint", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringSegment", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringSegment", False, "get_Value", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer]", "ReturnValue", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringTokenizer)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringTokenizer)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(Microsoft.Extensions.Primitives.StringSegment,System.Char[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(Microsoft.Extensions.Primitives.StringSegment,System.Char[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(System.String,System.Char[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringValues)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -87,6 +86,7 @@ extensions: - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", "MoveNext", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", "Reset", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Dispose", "()", "summary", "df-generated"] + - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Enumerator", "(Microsoft.Extensions.Primitives.StringValues)", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "MoveNext", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Reset", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues", "op_Equality", "(Microsoft.Extensions.Primitives.StringValues,Microsoft.Extensions.Primitives.StringValues)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml index 906a985116b5..4981aa7e92ba 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml @@ -19,11 +19,11 @@ extensions: - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.InSupport]", "value", "dfc-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.OutSupport]", "value", "dfc-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.InOutSupport]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "GetSupport", "(Microsoft.Interop.ByValueContentsMarshalKind,Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "GetSupport", "(Microsoft.Interop.ByValueContentsMarshalKind,Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "ByValueMarshalKindSupportInfo", "(Microsoft.Interop.ByValueMarshalKindSupport,System.String)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+NotRecommended.Details]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+NotSupported.NotSupportedDetails]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+UnnecessaryData.UnnecessaryDataDetails]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+NotRecommended.Details]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+NotSupported.NotSupportedDetails]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+UnnecessaryData.UnnecessaryDataDetails]", "value", "dfc-generated"] - ["Microsoft.Interop", "CharMarshallingGeneratorResolver", False, "CharMarshallingGeneratorResolver", "(System.Boolean,System.String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "CharMarshallingInfoProvider", False, "CharMarshallingInfoProvider", "(Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "CollectionExtensions", False, "ToSequenceEqualImmutableArray", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.Property[Microsoft.Interop.SequenceEqualImmutableArray`1.Comparer]", "value", "dfc-generated"] @@ -80,8 +80,8 @@ extensions: - ["Microsoft.Interop", "DiagnosticOr", False, "WithValue", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Interop", "DiagnosticOr", True, "get_Diagnostics", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Interop", "DiagnosticOr", True, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForElementName", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForParamIndex", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForElementName", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForParamIndex", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "Forwarder", False, "AsNativeType", "(Microsoft.Interop.TypePositionInfo)", "", "Argument[0].Property[Microsoft.Interop.TypePositionInfo.ManagedType]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Interop", "GeneratorDiagnostic+NotRecommended", False, "ToDiagnosticInfo", "(Microsoft.CodeAnalysis.DiagnosticDescriptor,Microsoft.CodeAnalysis.Location,System.String)", "", "Argument[0]", "ReturnValue.Property[Microsoft.Interop.DiagnosticInfo.Descriptor]", "value", "dfc-generated"] - ["Microsoft.Interop", "GeneratorDiagnostic+NotRecommended", False, "ToDiagnosticInfo", "(Microsoft.CodeAnalysis.DiagnosticDescriptor,Microsoft.CodeAnalysis.Location,System.String)", "", "Argument[1]", "ReturnValue.Property[Microsoft.Interop.DiagnosticInfo.Location]", "value", "dfc-generated"] @@ -118,11 +118,11 @@ extensions: - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryGetMarshallersFromEntryTypeIgnoringElements", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,Microsoft.CodeAnalysis.Compilation,System.Action,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryGetValueMarshallersFromEntryType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,Microsoft.CodeAnalysis.Compilation,System.Action,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[4]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[4]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[3]", "value", "dfc-generated"] - ["Microsoft.Interop", "MarshalAsArrayInfo", False, "MarshalAsArrayInfo", "(System.Runtime.InteropServices.UnmanagedType,Microsoft.Interop.CharEncoding,System.Runtime.InteropServices.UnmanagedType,Microsoft.Interop.CountInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.MarshalAsArrayInfo.CountInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "MarshalAsAttributeParser", False, "MarshalAsAttributeParser", "(Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "MarshalAsAttributeParser", False, "MarshalAsAttributeParser", "(Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] @@ -156,9 +156,9 @@ extensions: - ["Microsoft.Interop", "MethodSignatureDiagnosticLocations", False, "MethodSignatureDiagnosticLocations", "(System.String,System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.Location)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.MethodSignatureDiagnosticLocations.ManagedParameterLocations]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureDiagnosticLocations", False, "MethodSignatureDiagnosticLocations", "(System.String,System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.Location)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.MethodSignatureDiagnosticLocations.FallbackLocation]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "MethodSignatureElementInfoProvider", "(Microsoft.CodeAnalysis.Compilation,Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.CodeAnalysis.IMethodSymbol,System.Collections.Immutable.ImmutableArray)", "", "Argument[2]", "Argument[this].SyntheticField[Microsoft.Interop.MethodSignatureElementInfoProvider._method]", "value", "dfc-generated"] - - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[this].SyntheticField[Microsoft.Interop.MethodSignatureElementInfoProvider._method].Property[Microsoft.CodeAnalysis.IMethodSymbol.ReturnType]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForParamIndex", "(Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForParamIndex", "(Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeLinearCollectionMarshallingInfo", False, "NativeLinearCollectionMarshallingInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers,Microsoft.Interop.CountInfo,Microsoft.Interop.ManagedTypeInfo)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.NativeLinearCollectionMarshallingInfo.ElementCountInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeLinearCollectionMarshallingInfo", False, "NativeLinearCollectionMarshallingInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers,Microsoft.Interop.CountInfo,Microsoft.Interop.ManagedTypeInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.NativeLinearCollectionMarshallingInfo.PlaceholderTypeParameter]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeMarshallingAttributeInfo", False, "NativeMarshallingAttributeInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.NativeMarshallingAttributeInfo.EntryPointType]", "value", "dfc-generated"] @@ -191,8 +191,8 @@ extensions: - ["Microsoft.Interop", "StubIdentifierContext", True, "GetIdentifiers", "(Microsoft.Interop.TypePositionInfo)", "", "Argument[0].Property[Microsoft.Interop.TypePositionInfo.InstanceIdentifier]", "ReturnValue.Field[System.ValueTuple`2.Item2]", "taint", "dfc-generated"] - ["Microsoft.Interop", "SyntaxEquivalentNode", False, "SyntaxEquivalentNode", "(T)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.SyntaxEquivalentNode`1.Node]", "value", "dfc-generated"] - ["Microsoft.Interop", "SyntaxExtensions", False, "AddToModifiers", "(Microsoft.CodeAnalysis.SyntaxTokenList,Microsoft.CodeAnalysis.CSharp.SyntaxKind)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.SyntaxNode.Parent].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "Argument[1]", "value", "dfc-generated"] + - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.SyntaxNode.Parent].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Interop", "SyntaxExtensions", False, "NestFixedStatements", "(System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.CSharp.Syntax.StatementSyntax)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Interop", "SzArrayType", False, "SzArrayType", "(Microsoft.Interop.ManagedTypeInfo)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.SzArrayType.ElementTypeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "TypePositionInfo", False, "CreateForParameter", "(Microsoft.CodeAnalysis.IParameterSymbol,Microsoft.Interop.MarshallingInfo,Microsoft.CodeAnalysis.Compilation)", "", "Argument[0].Property[Microsoft.CodeAnalysis.ISymbol.Name]", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.InstanceIdentifier]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml index 043830b1d67c..5123bb497245 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml @@ -1,10 +1,5 @@ # THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. extensions: - - addsTo: - pack: codeql/csharp-all - extensible: summaryModel - data: - - ["Microsoft.VisualBasic.CompilerServices", "StringType", False, "MidStmtStr", "(System.String,System.Int32,System.Int32,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -197,6 +192,7 @@ extensions: - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromShort", "(System.Int16)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromSingle", "(System.Single)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromSingle", "(System.Single,System.Globalization.NumberFormatInfo)", "summary", "df-generated"] + - ["Microsoft.VisualBasic.CompilerServices", "StringType", "MidStmtStr", "(System.String,System.Int32,System.Int32,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrCmp", "(System.String,System.String,System.Boolean)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrLike", "(System.String,System.String,Microsoft.VisualBasic.CompareMethod)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrLikeBinary", "(System.String,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml index f471594f30fc..4c9c289866ae 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml @@ -4,12 +4,6 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.String,System.Int64,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.ValueType,System.Int64)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGetObject", "(System.Int32,System.Object,System.Int64)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "Input", "(System.Int32,System.Object)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "Input", "(System.Int32,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.VisualBasic", "VBCodeProvider", False, "VBCodeProvider", "(System.Collections.Generic.IDictionary)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -111,6 +105,7 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "FileClose", "(System.Int32[])", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileCopy", "(System.String,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileDateTime", "(System.String)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Boolean,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Byte,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Char,System.Int64)", "summary", "df-generated"] @@ -121,6 +116,9 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Int32,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Int64,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Single,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.String,System.Int64,System.Boolean)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.ValueType,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGetObject", "(System.Int32,System.Object,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileLen", "(System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileOpen", "(System.Int32,System.String,Microsoft.VisualBasic.OpenMode,Microsoft.VisualBasic.OpenAccess,Microsoft.VisualBasic.OpenShare,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FilePut", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "summary", "df-generated"] @@ -150,7 +148,9 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int16)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Object)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Single)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "InputString", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Kill", "(System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "LOF", "(System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml b/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml index f72895d03e29..0e6f2465ec01 100644 --- a/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml +++ b/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml @@ -51,9 +51,7 @@ extensions: - ["Mono.Linker.Steps", "MarkStep", False, "get_Tracer", "()", "", "Argument[this].SyntheticField[Mono.Linker.Steps.MarkStep._context].Property[Mono.Linker.LinkContext.Tracer]", "ReturnValue", "value", "dfc-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkAssembly", "(Mono.Cecil.AssemblyDefinition,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkEvent", "(Mono.Cecil.EventDefinition,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue.Property[Mono.Linker.MessageOrigin.FileName]", "value", "dfc-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3].Property[Mono.Linker.MessageOrigin.Provider]", "ReturnValue.Property[Mono.Linker.MessageOrigin.Provider]", "value", "dfc-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkInterfaceImplementation", "(Mono.Cecil.InterfaceImplementation,Mono.Linker.MessageOrigin,System.Nullable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkMethod", "(Mono.Cecil.MethodReference,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkMethod", "(Mono.Cecil.MethodReference,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -85,7 +83,7 @@ extensions: - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ProcessLinkerXmlBase", "(Mono.Linker.LinkContext,System.IO.Stream,System.String)", "", "Argument[2]", "Argument[this].Field[Mono.Linker.Steps.ProcessLinkerXmlBase._xmlDocumentLocation]", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ProcessTypeChildren", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ToString", "()", "", "Argument[this].Field[Mono.Linker.Steps.ProcessLinkerXmlBase._xmlDocumentLocation]", "ReturnValue", "taint", "dfc-generated"] - - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "TryConvertValue", "(System.String,Mono.Cecil.TypeReference,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "TryConvertValue", "(System.String,Mono.Cecil.TypeReference,System.Object)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessEvent", "(Mono.Cecil.TypeDefinition,Mono.Cecil.EventDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessEvent", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[0].Property[Mono.Cecil.TypeDefinition.Events].Element", "Argument[this].Field[Mono.Linker.Steps.DescriptorMarker._preservedMembers].Element", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessField", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator)", "", "Argument[0].Property[Mono.Cecil.TypeDefinition.Fields].Element", "Argument[this].Field[Mono.Linker.Steps.DescriptorMarker._preservedMembers].Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Mono.Linker.model.yml b/csharp/ql/lib/ext/generated/Mono.Linker.model.yml index 6519e273f0c2..f48ad4aa4115 100644 --- a/csharp/ql/lib/ext/generated/Mono.Linker.model.yml +++ b/csharp/ql/lib/ext/generated/Mono.Linker.model.yml @@ -96,7 +96,7 @@ extensions: - ["Mono.Linker", "MessageContainer", False, "CreateCustomWarningMessage", "(Mono.Linker.LinkContext,System.String,System.Int32,Mono.Linker.MessageOrigin,Mono.Linker.WarnVersion,System.String)", "", "Argument[5]", "ReturnValue.Property[Mono.Linker.MessageContainer.SubCategory]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "CreateDiagnosticMessage", "(System.String)", "", "Argument[0]", "ReturnValue.Property[Mono.Linker.MessageContainer.Text]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "CreateInfoMessage", "(System.String)", "", "Argument[0]", "ReturnValue.Property[Mono.Linker.MessageContainer.Text]", "value", "dfc-generated"] - - ["Mono.Linker", "MessageContainer", False, "IsWarningMessage", "(System.Nullable)", "", "Argument[this].Property[Mono.Linker.MessageContainer.Code]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker", "MessageContainer", False, "IsWarningMessage", "(System.Nullable)", "", "Argument[this].Property[Mono.Linker.MessageContainer.Code]", "Argument[0]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.Origin].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.SubCategory]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.Text]", "ReturnValue", "taint", "dfc-generated"] @@ -113,8 +113,8 @@ extensions: - ["Mono.Linker", "MessageOrigin", False, "ToString", "()", "", "Argument[this].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageOrigin", False, "WithInstructionOffset", "(System.Int32)", "", "Argument[this].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue.Property[Mono.Linker.MessageOrigin.FileName]", "value", "dfc-generated"] - ["Mono.Linker", "MessageOrigin", False, "WithInstructionOffset", "(System.Int32)", "", "Argument[this].Property[Mono.Linker.MessageOrigin.Provider]", "ReturnValue.Property[Mono.Linker.MessageOrigin.Provider]", "value", "dfc-generated"] - - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetEvent", "(Mono.Cecil.MethodDefinition,Mono.Cecil.EventDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetProperty", "(Mono.Cecil.MethodDefinition,Mono.Cecil.PropertyDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetEvent", "(Mono.Cecil.MethodDefinition,Mono.Cecil.EventDefinition)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetProperty", "(Mono.Cecil.MethodDefinition,Mono.Cecil.PropertyDefinition)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Mono.Linker", "MethodIL", False, "Create", "(Mono.Cecil.Cil.MethodBody)", "", "Argument[0]", "ReturnValue.Field[Mono.Linker.MethodIL.Body]", "value", "dfc-generated"] - ["Mono.Linker", "MethodIL", False, "get_ExceptionHandlers", "()", "", "Argument[this].Field[Mono.Linker.MethodIL.Body].Property[Mono.Cecil.Cil.MethodBody.ExceptionHandlers]", "ReturnValue", "value", "dfc-generated"] - ["Mono.Linker", "MethodIL", False, "get_Instructions", "()", "", "Argument[this].Field[Mono.Linker.MethodIL.Body].Property[Mono.Cecil.Cil.MethodBody.Instructions]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Buffers.model.yml b/csharp/ql/lib/ext/generated/System.Buffers.model.yml index 0f351ff18d13..ff472f7b0cf1 100644 --- a/csharp/ql/lib/ext/generated/System.Buffers.model.yml +++ b/csharp/ql/lib/ext/generated/System.Buffers.model.yml @@ -33,37 +33,30 @@ extensions: - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.Int64)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.SequencePosition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.SequencePosition)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "ReadOnlySequence", False, "TryGet", "(System.SequencePosition,System.ReadOnlyMemory,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Buffers", "ReadOnlySequence", False, "get_FirstSpan", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SearchValues", False, "Create", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SearchValues", False, "Create", "(System.ReadOnlySpan,System.StringComparison)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SequenceReader", False, "SequenceReader", "(System.Buffers.ReadOnlySequence)", "", "Argument[0]", "Argument[this].Property[System.Buffers.SequenceReader`1.Sequence]", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "TryCopyTo", "(System.Span)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "TryCopyTo", "(System.Span)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryPeek", "(System.Int64,T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryPeek", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryRead", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadExact", "(System.Int32,System.Buffers.ReadOnlySequence)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,T,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryPeek", "(System.Int64,T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[1]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryPeek", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryRead", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadExact", "(System.Int32,System.Buffers.ReadOnlySequence)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,T,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "get_UnreadSequence", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SequenceReader", False, "get_UnreadSpan", "()", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int16)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int16)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -137,6 +130,7 @@ extensions: - ["System.Buffers", "ReadOnlySequence", "Slice", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "Slice", "(System.Int64,System.Int64)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "ToString", "()", "summary", "df-generated"] + - ["System.Buffers", "ReadOnlySequence", "TryGet", "(System.SequencePosition,System.ReadOnlyMemory,System.Boolean)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_End", "()", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_First", "()", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_IsEmpty", "()", "summary", "df-generated"] @@ -162,6 +156,12 @@ extensions: - ["System.Buffers", "SequenceReader", "get_Position", "()", "summary", "df-generated"] - ["System.Buffers", "SequenceReader", "get_Remaining", "()", "summary", "df-generated"] - ["System.Buffers", "SequenceReader", "get_Sequence", "()", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int16)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int32)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int64)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int16)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int32)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int64)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "Equals", "(System.Buffers.StandardFormat)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "Equals", "(System.Object)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "GetHashCode", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml b/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml index 91d655f6d3bb..9a760ddfa431 100644 --- a/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml +++ b/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml @@ -126,14 +126,6 @@ extensions: - ["System.CodeDom.Compiler", "CompilerParameters", False, "CompilerParameters", "(System.String[],System.String,System.Boolean)", "", "Argument[0].Element", "Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "CompilerParameters", False, "CompilerParameters", "(System.String[],System.String,System.Boolean)", "", "Argument[1]", "Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "CompilerResults", False, "CompilerResults", "(System.CodeDom.Compiler.TempFileCollection)", "", "Argument[0]", "Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles]", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[5]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "GeneratedCodeAttribute", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "GeneratedCodeAttribute", "(System.String,System.String)", "", "Argument[1]", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "get_Tool", "()", "", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool]", "ReturnValue", "value", "dfc-generated"] @@ -297,6 +289,10 @@ extensions: - ["System.CodeDom.Compiler", "CompilerResults", "get_Errors", "()", "summary", "df-generated"] - ["System.CodeDom.Compiler", "CompilerResults", "get_Output", "()", "summary", "df-generated"] - ["System.CodeDom.Compiler", "Executor", "ExecWait", "(System.String,System.CodeDom.Compiler.TempFileCollection)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromFile", "(System.CodeDom.Compiler.CompilerParameters,System.String)", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromFileBatch", "(System.CodeDom.Compiler.CompilerParameters,System.String[])", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromSource", "(System.CodeDom.Compiler.CompilerParameters,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml index 9834bace34d5..132289292317 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml @@ -13,8 +13,8 @@ extensions: - ["System.Collections.Concurrent", "BlockingCollection", False, "TryAdd", "(T,System.TimeSpan)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentBag", False, "ToArray", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryAdd", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryPeek", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryTake", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryPeek", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryTake", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[0]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "dfc-generated"] @@ -35,14 +35,14 @@ extensions: - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "TryGetAlternateLookup", "(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "TryGetAlternateLookup", "(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "get_Comparer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "ConcurrentStack", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPopRange", "(T[])", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0].Element", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPopRange", "(T[],System.Int32,System.Int32)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryTake", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryTake", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "OrderablePartitioner", True, "GetDynamicPartitions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "Partitioner", False, "Create", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "Partitioner", False, "Create", "(System.Collections.Generic.IEnumerable,System.Collections.Concurrent.EnumerablePartitionerOptions)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml index daea37e28ca7..ae675a172a80 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml @@ -11,7 +11,7 @@ extensions: - ["System.Collections.Frozen", "FrozenDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Frozen.FrozenDictionary`2+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "GetAlternateLookup", "()", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenDictionary", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenDictionary+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenDictionary", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenDictionary+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "Create", "(System.Collections.Generic.IEqualityComparer,System.ReadOnlySpan)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] @@ -19,13 +19,13 @@ extensions: - ["System.Collections.Frozen", "FrozenSet", False, "ToFrozenSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "Contains", "(TAlternate)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "CopyTo", "(System.Span)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "GetAlternateLookup", "()", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenSet", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenSet+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenSet", False, "TryGetValue", "(T,T)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenSet", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenSet+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenSet", False, "TryGetValue", "(T,T)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "get_Items", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml index ad2383f1d6b5..325945f59044 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml @@ -16,7 +16,7 @@ extensions: - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeFileAssets", "(System.Collections.Generic.IEnumerable,System.String)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeGroup", "(System.Collections.Generic.IEnumerable,System.String)", "", "Argument[0].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault", "(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "CollectionExtensions", False, "Remove", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "CollectionExtensions", False, "Remove", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[0].Element", "Argument[2]", "taint", "df-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "TryAdd", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[1]", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "TryAdd", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[2]", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "Dictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -35,13 +35,14 @@ extensions: - ["System.Collections.Generic", "HashSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "HashSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "HashSet", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "HashSet", False, "TryGetValue", "(T,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "HashSet", False, "TryGetValue", "(T,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "HashSet", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].Property[System.Collections.Generic.HashSet`1.Comparer]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "HashSet", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "Create", "(TKey,TValue)", "", "Argument[0]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "Create", "(TKey,TValue)", "", "Argument[1]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "get_Key", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "LinkedList+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.LinkedList`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] @@ -91,9 +92,9 @@ extensions: - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Int32,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "Remove", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "Remove", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue,System.Int32)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Keys", "()", "", "Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Keys]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Values", "()", "", "Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Values]", "ReturnValue", "value", "dfc-generated"] @@ -108,17 +109,20 @@ extensions: - ["System.Collections.Generic", "PriorityQueue", False, "PriorityQueue", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "value", "dfc-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "PriorityQueue", "(System.Int32,System.Collections.Generic.IComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "value", "dfc-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "Argument[3]", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "Queue", False, "Dequeue", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue", False, "Enqueue", "(T)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue", False, "Queue", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "value", "dfc-generated"] - - ["System.Collections.Generic", "Queue", False, "TryDequeue", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "Queue", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "Queue", False, "TryDequeue", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Generic", "Queue", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -135,7 +139,7 @@ extensions: - ["System.Collections.Generic", "SortedList", False, "GetValueAtIndex", "(System.Int32)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "SetValueAtIndex", "(System.Int32,TValue)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "SortedList", "(System.Collections.Generic.IComparer)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "SortedList", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "SortedList", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "SortedSet", False, "CopyTo", "(T[])", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "Argument[0].Element", "value", "dfc-generated"] @@ -145,7 +149,7 @@ extensions: - ["System.Collections.Generic", "SortedSet", False, "SortedSet", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Generic", "SortedSet", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] - - ["System.Collections.Generic", "SortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "SortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[this].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] @@ -162,8 +166,8 @@ extensions: - ["System.Collections.Generic", "Stack", False, "Push", "(T)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Stack", False, "Stack", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Stack", False, "ToArray", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Collections.Generic", "Stack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "Stack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "Stack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Generic", "Stack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "Argument[0]", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel diff --git a/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml index 66a9ffc79581..c2b0ddb02cdc 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml @@ -142,8 +142,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToImmutableDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToImmutableDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Collections.Generic.IEqualityComparer)", "", "Argument[1].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "GetValueOrDefault", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "Clear", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] @@ -152,8 +151,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", False, "SetItem", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer]", "value", "dfc-generated"] @@ -171,7 +169,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToImmutableHashSet", "(System.Collections.Generic.IEnumerable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToImmutableHashSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "Except", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -179,45 +177,25 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", False, "Remove", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableHashSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableHashSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "WithComparer", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "get_KeyComparer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[1]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[1]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Enqueue", "(System.Collections.Immutable.ImmutableQueue,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[3]", "Argument[2].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedCompareExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedInitialize", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Push", "(System.Collections.Immutable.ImmutableStack,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryDequeue", "(System.Collections.Immutable.ImmutableQueue,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryPop", "(System.Collections.Immutable.ImmutableStack,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] @@ -281,9 +259,11 @@ extensions: - ["System.Collections.Immutable", "ImmutableQueue", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "CreateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(System.Collections.Immutable.IImmutableQueue,T)", "", "Argument[0].Element", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(System.Collections.Immutable.IImmutableQueue,T)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Enqueue", "(T)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Peek", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] @@ -318,8 +298,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToImmutableSortedDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Func,System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToImmutableSortedDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Func,System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[2].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "GetValueOrDefault", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "Clear", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "Clear", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "value", "dfc-generated"] @@ -330,9 +309,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "value", "dfc-generated"] @@ -357,8 +335,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedSet", False, "ToImmutableSortedSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IComparer)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "IntersectWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "get_Max", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "get_Min", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] @@ -372,8 +350,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "df-generated"] @@ -385,11 +363,12 @@ extensions: - ["System.Collections.Immutable", "ImmutableStack", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "CreateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(System.Collections.Immutable.IImmutableStack,T)", "", "Argument[0].Element", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(System.Collections.Immutable.IImmutableStack,T)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Peek", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Push", "(T)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Push", "(T)", "", "Argument[this]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "value", "dfc-generated"] @@ -525,6 +504,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "Remove", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "RemoveRange", "(System.Collections.Generic.IEnumerable)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "ToImmutable", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_IsFixedSize", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_IsReadOnly", "()", "summary", "df-generated"] @@ -539,6 +519,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_IsEmpty", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_IsFixedSize", "()", "summary", "df-generated"] @@ -582,6 +563,18 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsEmpty", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsReadOnly", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsSynchronized", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Enqueue", "(System.Collections.Immutable.ImmutableQueue,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedCompareExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedInitialize", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Push", "(System.Collections.Immutable.ImmutableStack,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryDequeue", "(System.Collections.Immutable.ImmutableQueue,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryPop", "(System.Collections.Immutable.ImmutableStack,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Update", "(T,System.Func)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "Create", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "CreateBuilder", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "IndexOf", "(System.Collections.Immutable.IImmutableList,T)", "summary", "df-generated"] @@ -679,6 +672,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "Remove", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "RemoveRange", "(System.Collections.Generic.IEnumerable)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "ToImmutable", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "ValueRef", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "get_IsFixedSize", "()", "summary", "df-generated"] @@ -694,6 +688,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "ValueRef", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "get_IsEmpty", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml b/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml index f201af698cf1..3929a6f55ebe 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml @@ -11,8 +11,7 @@ extensions: - ["System.Collections.ObjectModel", "Collection", True, "InsertItem", "(System.Int32,T)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "Collection", True, "SetItem", "(System.Int32,T)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "KeyedCollection", "(System.Collections.Generic.IEqualityComparer,System.Int32)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer]", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "CreateCollection", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -20,7 +19,6 @@ extensions: - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "ReadOnlyCollection", "(System.Collections.Generic.IList)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "get_Items", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "get_SyncRoot", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list].Property[System.Collections.ICollection.SyncRoot]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "ReadOnlyDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlySet", False, "ReadOnlySet", "(System.Collections.Generic.ISet)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlySet`1._set]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlySet", False, "get_Set", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlySet`1._set]", "ReturnValue", "value", "dfc-generated"] @@ -95,6 +93,7 @@ extensions: - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_Empty", "()", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_IsFixedSize", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.model.yml b/csharp/ql/lib/ext/generated/System.Collections.model.yml index 1d91a7122d10..a8bb9e228d74 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.model.yml @@ -32,7 +32,8 @@ extensions: - ["System.Collections", "DictionaryBase", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections", "DictionaryBase", False, "get_SyncRoot", "()", "", "Argument[this].Property[System.Collections.DictionaryBase.InnerHashtable].Property[System.Collections.Hashtable.SyncRoot]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections", "DictionaryBase", True, "OnGet", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections", "DictionaryEntry", False, "DictionaryEntry", "(System.Object,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections", "DictionaryEntry", False, "DictionaryEntry", "(System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Collections", "Hashtable", False, "Hashtable", "(System.Int32,System.Single,System.Collections.IEqualityComparer)", "", "Argument[2]", "Argument[this].SyntheticField[System.Collections.Hashtable._keycomparer]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml index 696919b57fc9..609d0a062b1c 100644 --- a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml +++ b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml @@ -27,8 +27,8 @@ extensions: - ["System.ComponentModel.Composition.Hosting", "AssemblyCatalog", False, "get_DisplayName", "()", "", "Argument[this].Property[System.ComponentModel.Composition.Hosting.AssemblyCatalog.Assembly].Property[System.Reflection.Assembly.FullName]", "ReturnValue", "taint", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "AssemblyCatalog", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.AssemblyCatalog._assembly].Property[System.Reflection.Assembly.FullName]", "ReturnValue", "taint", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "AtomicComposition", "(System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,System.Boolean,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,System.Boolean,T)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExportProvider", False, "CatalogExportProvider", "(System.ComponentModel.Composition.Primitives.ComposablePartCatalog,System.ComponentModel.Composition.Hosting.CompositionOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.CatalogExportProvider._catalog]", "value", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExportProvider", False, "get_Catalog", "()", "", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.CatalogExportProvider._catalog]", "ReturnValue", "value", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExtensions", False, "CreateCompositionService", "(System.ComponentModel.Composition.Primitives.ComposablePartCatalog)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] @@ -88,7 +88,7 @@ extensions: - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "GetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "GetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "Argument[2].Element", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", True, "GetExportsCore", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", True, "GetExportsCore", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportsChangeEventArgs", False, "ExportsChangeEventArgs", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.ExportsChangeEventArgs._addedExports].Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml index 28167ef8f898..997e5b8d7620 100644 --- a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml +++ b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml @@ -28,7 +28,7 @@ extensions: - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetImportingMember", "(System.ComponentModel.Composition.Primitives.ImportDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetImportingParameter", "(System.ComponentModel.Composition.Primitives.ImportDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetPartType", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "TryMakeGenericPartDefinition", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "TryMakeGenericPartDefinition", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel diff --git a/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml b/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml index 317430047235..06563c58f57e 100644 --- a/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml +++ b/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml @@ -9,7 +9,7 @@ extensions: - ["System.Composition.Hosting.Core", "CompositionContract", False, "CompositionContract", "(System.Type,System.String,System.Collections.Generic.IDictionary)", "", "Argument[1]", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "CompositionContract", "(System.Type,System.String,System.Collections.Generic.IDictionary)", "", "Argument[2]", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._metadataConstraints]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition.Hosting.Core", "CompositionContract", False, "TryUnwrapMetadataConstraint", "(System.String,T,System.Composition.Hosting.Core.CompositionContract)", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "CompositionContract", False, "TryUnwrapMetadataConstraint", "(System.String,T,System.Composition.Hosting.Core.CompositionContract)", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "Argument[2].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "get_ContractName", "()", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "ReturnValue", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "get_MetadataConstraints", "()", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._metadataConstraints]", "ReturnValue", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionDependency", False, "Missing", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] @@ -28,8 +28,8 @@ extensions: - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveDependencies", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveRequiredDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveRequiredDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] - - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] - - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[0]", "Argument[3].SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[1]", "Argument[3].SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", True, "GetPromises", "(System.Composition.Hosting.Core.CompositionContract)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Composition.Hosting.Core", "ExportDescriptor", False, "Create", "(System.Composition.Hosting.Core.CompositeActivator,System.Collections.Generic.IDictionary)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.DirectExportDescriptor._activator]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "ExportDescriptor", False, "Create", "(System.Composition.Hosting.Core.CompositeActivator,System.Collections.Generic.IDictionary)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.DirectExportDescriptor._metadata]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Composition.model.yml b/csharp/ql/lib/ext/generated/System.Composition.model.yml index 06147b3a3cde..a9f25ed2b819 100644 --- a/csharp/ql/lib/ext/generated/System.Composition.model.yml +++ b/csharp/ql/lib/ext/generated/System.Composition.model.yml @@ -13,11 +13,11 @@ extensions: - ["System.Composition", "CompositionContext", False, "GetExports", "(System.Type,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Composition", "CompositionContext", False, "GetExports", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Composition", "CompositionContext", False, "GetExports", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.String,TExport)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(TExport)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", True, "TryGetExport", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.String,System.Object)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.String,TExport)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(TExport)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", True, "TryGetExport", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Composition", "Export", False, "Export", "(T,System.Action)", "", "Argument[0]", "Argument[this].Property[System.Composition.Export`1.Value]", "value", "dfc-generated"] - ["System.Composition", "ExportAttribute", False, "ExportAttribute", "(System.String,System.Type)", "", "Argument[0]", "Argument[this].Property[System.Composition.ExportAttribute.ContractName]", "value", "dfc-generated"] - ["System.Composition", "ExportFactory", False, "ExportFactory", "(System.Func>,TMetadata)", "", "Argument[1]", "Argument[this].Property[System.Composition.ExportFactory`2.Metadata]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml b/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml index 6804ecaa5140..3a1c350c831a 100644 --- a/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml +++ b/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml @@ -15,12 +15,11 @@ extensions: - ["System.Configuration.Internal", "IInternalConfigHost", True, "GetStreamNameForConfigSource", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "GetStreamNameForConfigSource", "(System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "Init", "(System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[4].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[4].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForRead", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForRead", "(System.String,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object,System.Boolean)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object,System.Boolean)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "GetLkgSection", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "GetSection", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "get_ConfigPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Data.Common.model.yml b/csharp/ql/lib/ext/generated/System.Data.Common.model.yml index 3725f8b01f60..7afa26ad8bac 100644 --- a/csharp/ql/lib/ext/generated/System.Data.Common.model.yml +++ b/csharp/ql/lib/ext/generated/System.Data.Common.model.yml @@ -63,7 +63,7 @@ extensions: - ["System.Data.Common", "DbConnectionStringBuilder", False, "ToString", "()", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString]", "ReturnValue", "value", "dfc-generated"] - ["System.Data.Common", "DbConnectionStringBuilder", False, "ToString", "()", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element", "ReturnValue", "taint", "dfc-generated"] - ["System.Data.Common", "DbConnectionStringBuilder", True, "GetProperties", "(System.Collections.Hashtable)", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - - ["System.Data.Common", "DbConnectionStringBuilder", True, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Data.Common", "DbConnectionStringBuilder", True, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataSet,System.Data.SchemaType,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataSet,System.Data.SchemaType,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataTable,System.Data.SchemaType)", "", "Argument[0]", "ReturnValue.Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml b/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml index c46a5557d935..163a1ecfaad3 100644 --- a/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml +++ b/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml @@ -16,12 +16,6 @@ extensions: - ["System.Diagnostics.Tracing", "EventSource", False, "GetTrait", "(System.String)", "", "Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "SendCommand", "(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary)", "", "Argument[2]", "Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "add_EventCommandExecuted", "(System.EventHandler)", "", "Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands]", "Argument[0].Parameter[1]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "add_EventCommandExecuted", "(System.EventHandler)", "", "Argument[this]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "get_ConstructionException", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -72,6 +66,7 @@ extensions: - ["System.Diagnostics.Tracing", "EventSource", "SetCurrentThreadActivityId", "(System.Guid,System.Guid)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions)", "summary", "df-generated"] + - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "WriteEvent", "(System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml b/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml index 4247cfb9bd19..5b8633ea45de 100644 --- a/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml @@ -63,18 +63,11 @@ extensions: - ["System.Diagnostics", "ActivitySpanId", False, "ToHexString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivitySpanId", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTagsCollection+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics", "ActivityTagsCollection", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Diagnostics", "ActivityTagsCollection", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTraceId", False, "ToHexString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTraceId", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "CorrelationManager", False, "get_LogicalOperationStack", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "DataReceivedEventArgs", False, "get_Data", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", False, "DiagnosticListener", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Diagnostics.DiagnosticListener.Name]", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", False, "ToString", "()", "", "Argument[this].Property[System.Diagnostics.DiagnosticListener.Name]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", True, "Subscribe", "(System.IObserver>)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -325,6 +318,8 @@ extensions: - ["System.Diagnostics", "Debug+WriteIfInterpolatedStringHandler", "AppendLiteral", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug+WriteIfInterpolatedStringHandler", "WriteIfInterpolatedStringHandler", "(System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String,System.String,System.Object[])", "summary", "df-generated"] @@ -341,6 +336,8 @@ extensions: - ["System.Diagnostics", "Debug", "Write", "(System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Write", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Write", "(System.String,System.String)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Object)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.String)", "summary", "df-generated"] @@ -350,6 +347,8 @@ extensions: - ["System.Diagnostics", "Debug", "WriteLine", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLine", "(System.String,System.Object[])", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLine", "(System.String,System.String)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Object)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Dynamic.model.yml b/csharp/ql/lib/ext/generated/System.Dynamic.model.yml index f9445abc171b..a501617834f3 100644 --- a/csharp/ql/lib/ext/generated/System.Dynamic.model.yml +++ b/csharp/ql/lib/ext/generated/System.Dynamic.model.yml @@ -24,7 +24,7 @@ extensions: - ["System.Dynamic", "DynamicMetaObject", False, "get_Value", "()", "", "Argument[this].SyntheticField[System.Dynamic.DynamicMetaObject._value]", "ReturnValue", "value", "dfc-generated"] - ["System.Dynamic", "DynamicMetaObjectBinder", False, "Bind", "(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget)", "", "Argument[2]", "ReturnValue.Property[System.Linq.Expressions.ConditionalExpression.IfTrue].Property[System.Linq.Expressions.GotoExpression.Target]", "value", "dfc-generated"] - ["System.Dynamic", "DynamicMetaObjectBinder", False, "Bind", "(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget)", "", "Argument[2]", "ReturnValue.Property[System.Linq.Expressions.GotoExpression.Target]", "value", "dfc-generated"] - - ["System.Dynamic", "ExpandoObject", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Dynamic", "ExpandoObject", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Dynamic", "GetIndexBinder", False, "GetIndexBinder", "(System.Dynamic.CallInfo)", "", "Argument[0]", "Argument[this].Property[System.Dynamic.GetIndexBinder.CallInfo]", "value", "dfc-generated"] - ["System.Dynamic", "GetIndexBinder", True, "FallbackGetIndex", "(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject[],System.Dynamic.DynamicMetaObject)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Dynamic", "GetMemberBinder", False, "GetMemberBinder", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this].Property[System.Dynamic.GetMemberBinder.Name]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml b/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml index 668e91308c03..1765a5702808 100644 --- a/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml +++ b/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml @@ -11,9 +11,9 @@ extensions: - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadBitString", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadCharacterStringBytes", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadOctetString", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveBitString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveCharacterStringBytes", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveOctetString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveBitString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[3].Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveCharacterStringBytes", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32)", "", "Argument[0].Element", "Argument[3].Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveOctetString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[2].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnReader", False, "AsnReader", "(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Formats.Asn1", "AsnReader", False, "AsnReader", "(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Formats.Asn1", "AsnReader", False, "ReadBitString", "(System.Int32,System.Nullable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml b/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml index d61db4da1900..75c8fa285637 100644 --- a/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml +++ b/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml @@ -9,8 +9,6 @@ extensions: - ["System.IO.Enumeration", "FileSystemEntry", False, "get_FileName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", False, "get_Current", "()", "", "Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.IO.Enumeration", "FileSystemEnumerator", True, "ShouldIncludeEntry", "(System.IO.Enumeration.FileSystemEntry)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.IO.Enumeration", "FileSystemEnumerator", True, "ShouldRecurseIntoEntry", "(System.IO.Enumeration.FileSystemEntry)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.IO.Enumeration", "FileSystemName", False, "TranslateWin32Expression", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all @@ -32,6 +30,8 @@ extensions: - ["System.IO.Enumeration", "FileSystemEnumerator", "MoveNext", "()", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "OnDirectoryFinished", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "Reset", "()", "summary", "df-generated"] + - ["System.IO.Enumeration", "FileSystemEnumerator", "ShouldIncludeEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] + - ["System.IO.Enumeration", "FileSystemEnumerator", "ShouldRecurseIntoEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "TransformEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemName", "MatchesSimpleExpression", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemName", "MatchesWin32Expression", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.IO.model.yml b/csharp/ql/lib/ext/generated/System.IO.model.yml index bebdbcfee06d..b8ead94c65f5 100644 --- a/csharp/ql/lib/ext/generated/System.IO.model.yml +++ b/csharp/ql/lib/ext/generated/System.IO.model.yml @@ -139,7 +139,7 @@ extensions: - ["System.IO", "FileSystemWatcher", False, "OnDeleted", "(System.IO.FileSystemEventArgs)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "FileSystemWatcher", False, "get_Filters", "()", "", "Argument[this].SyntheticField[System.IO.FileSystemWatcher._filters]", "ReturnValue", "value", "dfc-generated"] - ["System.IO", "MemoryStream", True, "GetBuffer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.IO", "MemoryStream", True, "TryGetBuffer", "(System.ArraySegment)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.IO", "MemoryStream", True, "TryGetBuffer", "(System.ArraySegment)", "", "Argument[this]", "Argument[0].Element", "taint", "df-generated"] - ["System.IO", "MemoryStream", True, "WriteAsync", "(System.ReadOnlyMemory,System.Threading.CancellationToken)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "Argument[this]", "taint", "dfc-generated"] - ["System.IO", "MemoryStream", True, "WriteTo", "(System.IO.Stream)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.IO", "Path", False, "ChangeExtension", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -272,7 +272,6 @@ extensions: - ["System.IO", "UnmanagedMemoryAccessor", False, "Initialize", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", False, "UnmanagedMemoryAccessor", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", False, "UnmanagedMemoryAccessor", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.IO", "UnmanagedMemoryAccessor", False, "Write", "(System.Int64,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "Initialize", "(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "Initialize", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "UnmanagedMemoryStream", "(System.Byte*,System.Int64)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -751,6 +750,7 @@ extensions: - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt16)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt32)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt64)", "summary", "df-generated"] + - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,T)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "WriteArray", "(System.Int64,T[],System.Int32,System.Int32)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "get_CanRead", "()", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "get_CanWrite", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml b/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml index 1e286f91b9be..b8f860c2f516 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml @@ -27,8 +27,8 @@ extensions: - ["System.Net.Http.Headers", "HttpHeaders", False, "get_NonValidated", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValue", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValues", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValue", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"] + - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValues", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Item", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Keys", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "ReturnValue.Element", "value", "dfc-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Values", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Element", "value", "dfc-generated"] @@ -49,8 +49,8 @@ extensions: - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "MediaTypeHeaderValue", "(System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "MediaTypeHeaderValue", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "taint", "dfc-generated"] - - ["System.Net.Http.Headers", "MediaTypeWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "taint", "dfc-generated"] + - ["System.Net.Http.Headers", "MediaTypeWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.Net.Http.Headers.NameValueHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.Net.Http.Headers.NameValueHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "value", "dfc-generated"] @@ -94,9 +94,9 @@ extensions: - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TransferCodingHeaderValue", "(System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TransferCodingHeaderValue", "(System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "taint", "dfc-generated"] + - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "taint", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "get_Value", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "TransferCodingWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "TransferCodingWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[2]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolName]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml b/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml index a3399405d7f6..6266d2252d94 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml @@ -38,17 +38,17 @@ extensions: - ["System.Net.Mail", "MailAddress", False, "MailAddress", "(System.String,System.String,System.Text.Encoding)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "MailAddress", "(System.String,System.String,System.Text.Encoding)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[1]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[1]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_Address", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._host]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_Address", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml b/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml index 0ea691ff704b..11224be9f57f 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml @@ -19,8 +19,6 @@ extensions: - ["System.Net.Sockets", "SendPacketsElement", False, "SendPacketsElement", "(System.String,System.Int64,System.Int32,System.Boolean)", "", "Argument[0]", "Argument[this].Property[System.Net.Sockets.SendPacketsElement.FilePath]", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "Accept", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "AcceptAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "BeginReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "BeginReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "Bind", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "Connect", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -28,18 +26,16 @@ extensions: - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "DisconnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "EndReceiveFrom", "(System.IAsyncResult,System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "EndReceiveMessageFrom", "(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.EndPoint)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.EndPoint)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveFromAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFromAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "SendAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "SendPacketsAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] @@ -148,6 +144,8 @@ extensions: - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "BeginReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "BeginReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] @@ -180,6 +178,8 @@ extensions: - ["System.Net.Sockets", "Socket", "EndDisconnect", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndReceive", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndReceive", "(System.IAsyncResult,System.Net.Sockets.SocketError)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "EndReceiveFrom", "(System.IAsyncResult,System.Net.EndPoint)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "EndReceiveMessageFrom", "(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSend", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSend", "(System.IAsyncResult,System.Net.Sockets.SocketError)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSendFile", "(System.IAsyncResult)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Numerics.model.yml b/csharp/ql/lib/ext/generated/System.Numerics.model.yml index 3d61627c65b0..4e18690150d3 100644 --- a/csharp/ql/lib/ext/generated/System.Numerics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Numerics.model.yml @@ -13,7 +13,7 @@ extensions: - ["System.Numerics", "BigInteger", False, "CreateSaturating", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "CreateTruncating", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue.Field[System.ValueTuple`2.Item2]", "value", "dfc-generated"] - - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "Max", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "Max", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "MaxMagnitude", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -90,7 +90,6 @@ extensions: - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Numerics", "Vector", False, "StoreUnsafe", "(System.Numerics.Vector,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Truncate", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Truncate", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "WithElement", "(System.Numerics.Vector,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -1401,6 +1400,7 @@ extensions: - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector3,System.Single,System.UIntPtr)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector4,System.Single)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector4,System.Single,System.UIntPtr)", "summary", "df-generated"] + - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector,T)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Numerics", "Vector", "Subtract", "(System.Numerics.Vector,System.Numerics.Vector)", "summary", "df-generated"] - ["System.Numerics", "Vector", "Sum", "(System.Numerics.Vector)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml index 4f2071ef77c4..de1bc7979764 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml @@ -107,6 +107,7 @@ extensions: - ["System.Reflection.Emit", "ParameterBuilder", True, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "DefineDynamicModuleCore", "(System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name]", "value", "dfc-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "PersistedAssemblyBuilder", "(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Emit", "PropertyBuilder", False, "AddOtherMethodCore", "(System.Reflection.Emit.MethodBuilder)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml index 4e738fbc341a..4b3fa44e1fe0 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml @@ -56,16 +56,13 @@ extensions: - ["System.Reflection.Metadata.Ecma335", "PortablePdbBuilder", False, "Serialize", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ReturnTypeEncoder", False, "ReturnTypeEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder]", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", False, "ScalarEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder]", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeFieldSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeLocalSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeMethodSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeMethodSpecificationSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeType", "(System.Reflection.Metadata.BlobReader,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeFieldSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeType", "(System.Reflection.Metadata.BlobReader,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Action,System.Action)", "", "Argument[this]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder)", "", "Argument[this]", "Argument[0]", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Pointer", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "SZArray", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "SignatureTypeEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder]", "value", "dfc-generated"] @@ -369,6 +366,9 @@ extensions: - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "NullArray", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "SystemType", "(System.String)", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "get_Builder", "()", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeLocalSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeMethodSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeMethodSpecificationSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Boolean", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Byte", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Char", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml index 1b5c45664a8e..c32cb72fd5b3 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml @@ -25,7 +25,6 @@ extensions: - ["System.Reflection.Metadata", "BlobBuilder", False, "LinkSuffix", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", False, "ReserveBytes", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", False, "TryWriteBytes", "(System.IO.Stream,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Reflection.Metadata", "BlobBuilder", False, "WriteContentTo", "(System.Reflection.Metadata.BlobWriter)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobContentId", False, "BlobContentId", "(System.Guid,System.UInt32)", "", "Argument[0]", "Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid]", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobContentId", False, "get_Guid", "()", "", "Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobReader", False, "ReadConstant", "(System.Reflection.Metadata.ConstantTypeCode)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -316,6 +315,7 @@ extensions: - ["System.Reflection.Metadata", "BlobBuilder", "WriteConstant", "(System.Object)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.IO.Stream)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.Reflection.Metadata.BlobBuilder)", "summary", "df-generated"] + - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.Reflection.Metadata.BlobWriter)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDateTime", "(System.DateTime)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDecimal", "(System.Decimal)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDouble", "(System.Double)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml index 7852d88d8a96..169993932e25 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml @@ -26,7 +26,7 @@ extensions: - ["System.Reflection.PortableExecutable", "PEReader", False, "PEReader", "(System.Collections.Immutable.ImmutableArray)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "PEReader", "(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "Argument[1].Parameter[0]", "taint", "dfc-generated"] - - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] + - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "Argument[3]", "taint", "dfc-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "get_PEHeaders", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Reflection.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.model.yml index 43ee41799ade..6758f9e29f0a 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.model.yml @@ -36,11 +36,7 @@ extensions: - ["System.Reflection", "AssemblyName", False, "get_EscapedCodeBase", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection", "Binder", True, "BindToField", "(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo)", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[2].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0].Element.Element", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "SelectMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[])", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "SelectProperty", "(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[])", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "ConstructorInvoker", False, "Invoke", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Resources.model.yml b/csharp/ql/lib/ext/generated/System.Resources.model.yml index e342044dafa5..ead0e6f41e28 100644 --- a/csharp/ql/lib/ext/generated/System.Resources.model.yml +++ b/csharp/ql/lib/ext/generated/System.Resources.model.yml @@ -18,7 +18,7 @@ extensions: - ["System.Resources", "ResourceManager", True, "GetResourceFileName", "(System.Globalization.CultureInfo)", "", "Argument[this].Field[System.Resources.ResourceManager.BaseNameField]", "ReturnValue", "taint", "dfc-generated"] - ["System.Resources", "ResourceManager", True, "GetString", "(System.String,System.Globalization.CultureInfo)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceManager", True, "get_BaseName", "()", "", "Argument[this].Field[System.Resources.ResourceManager.BaseNameField]", "ReturnValue", "value", "dfc-generated"] - - ["System.Resources", "ResourceReader", False, "GetResourceData", "(System.String,System.String,System.Byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Resources", "ResourceReader", False, "GetResourceData", "(System.String,System.String,System.Byte[])", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Resources", "ResourceReader", False, "ResourceReader", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceSet", False, "ResourceSet", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceSet", False, "ResourceSet", "(System.Resources.IResourceReader)", "", "Argument[0]", "Argument[this].Field[System.Resources.ResourceSet.Reader]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml index b707827561c9..2134ee1b6c13 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml @@ -4,41 +4,21 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "MoveNext", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result]", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "CallSite", False, "get_Binder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "CallSiteOps", False, "AddRule", "(System.Runtime.CompilerServices.CallSite,T)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "CallSiteOps", False, "GetCachedRules", "(System.Runtime.CompilerServices.RuleCache)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -72,24 +52,18 @@ extensions: - ["System.Runtime.CompilerServices", "IRuntimeVariables", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "ITuple", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "NullableAttribute", False, "NullableAttribute", "(System.Byte[])", "", "Argument[0]", "Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags]", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", False, "ReadOnlyCollectionBuilder", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeHelpers", False, "ExecuteCodeWithGuaranteedCleanup", "(System.Runtime.CompilerServices.RuntimeHelpers+TryCode,System.Runtime.CompilerServices.RuntimeHelpers+CleanupCode,System.Object)", "", "Argument[2]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeHelpers", False, "ExecuteCodeWithGuaranteedCleanup", "(System.Runtime.CompilerServices.RuntimeHelpers+TryCode,System.Runtime.CompilerServices.RuntimeHelpers+CleanupCode,System.Object)", "", "Argument[2]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "CreateRuntimeVariables", "(System.Object[],System.Int64[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoPromoteClass", "(System.Dynamic.ExpandoObject,System.Object,System.Object)", "", "Argument[2]", "Argument[0].Element", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTryGetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.String,System.Boolean,System.Object)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTryGetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.String,System.Boolean,System.Object)", "", "Argument[0].Element", "Argument[5]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTrySetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.Object,System.String,System.Boolean)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "MergeRuntimeVariables", "(System.Runtime.CompilerServices.IRuntimeVariables,System.Runtime.CompilerServices.IRuntimeVariables,System.Int32[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "MergeRuntimeVariables", "(System.Runtime.CompilerServices.IRuntimeVariables,System.Runtime.CompilerServices.IRuntimeVariables,System.Int32[])", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] @@ -101,15 +75,6 @@ extensions: - ["System.Runtime.CompilerServices", "SwitchExpressionException", False, "get_Message", "()", "", "Argument[this].Property[System.Runtime.CompilerServices.SwitchExpressionException.UnmatchedValue]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.CompilerServices", "TupleElementNamesAttribute", False, "TupleElementNamesAttribute", "(System.String[])", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "TupleElementNamesAttribute", False, "get_TransformNames", "()", "", "Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "AddByteOffset", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Copy", "(T,System.Void*)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "SubtractByteOffset", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "ValueTaskAwaiter", False, "GetResult", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -119,6 +84,7 @@ extensions: - ["System.Runtime.CompilerServices", "AccessedThroughPropertyAttribute", "get_PropertyName", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "Complete", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "Create", "()", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "MoveNext", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorStateMachineAttribute", "AsyncIteratorStateMachineAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncMethodBuilderAttribute", "AsyncMethodBuilderAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncMethodBuilderAttribute", "get_BuilderType", "()", "summary", "df-generated"] @@ -127,21 +93,28 @@ extensions: - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "get_Task", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "Create", "(System.Type,System.Runtime.CompilerServices.CallSiteBinder)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "Create", "(System.Runtime.CompilerServices.CallSiteBinder)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "get_Update", "()", "summary", "df-generated"] @@ -257,10 +230,12 @@ extensions: - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "get_Task", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "Contains", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "Contains", "(T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "IndexOf", "(System.Object)", "summary", "df-generated"] @@ -331,7 +306,11 @@ extensions: - ["System.Runtime.CompilerServices", "TypeForwardedToAttribute", "TypeForwardedToAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "TypeForwardedToAttribute", "get_Destination", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(System.Void*,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "AddByteOffset", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "AddByteOffset", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "AreSame", "(T,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "As", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "As", "(TFrom)", "summary", "df-generated"] @@ -341,6 +320,7 @@ extensions: - ["System.Runtime.CompilerServices", "Unsafe", "BitCast", "(TFrom)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "ByteOffset", "(T,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Copy", "(System.Void*,T)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Copy", "(T,System.Void*)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlock", "(System.Byte,System.Byte,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlock", "(System.Void*,System.Void*,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlockUnaligned", "(System.Byte,System.Byte,System.UInt32)", "summary", "df-generated"] @@ -359,7 +339,11 @@ extensions: - ["System.Runtime.CompilerServices", "Unsafe", "SizeOf", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "SkipInit", "(T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(System.Void*,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "SubtractByteOffset", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "SubtractByteOffset", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Unbox", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Write", "(System.Void*,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "WriteUnaligned", "(System.Byte,T)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml index ca567ebf8071..a7e0837e1f5e 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml @@ -42,8 +42,8 @@ extensions: - ["System.Runtime.InteropServices.Marshalling", "SpanMarshaller+ManagedToUnmanagedIn", False, "GetUnmanagedValuesDestination", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.InteropServices.Marshalling", "SpanMarshaller", False, "GetManagedValuesDestination", "(System.Span)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "Utf8StringMarshaller+ManagedToUnmanagedIn", False, "ToUnmanaged", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "Argument[0]", "value", "dfc-generated"] + - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "Argument[1]", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "VirtualMethodTableInfo", "(System.Void*,System.Void**)", "", "Argument[0]", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "VirtualMethodTableInfo", "(System.Void*,System.Void**)", "", "Argument[1]", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "value", "dfc-generated"] - addsTo: diff --git a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml index 8c1b8232a5c7..0e97a54b32b1 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml @@ -29,11 +29,10 @@ extensions: - ["System.Runtime.InteropServices", "ManagedToNativeComInteropStubAttribute", False, "ManagedToNativeComInteropStubAttribute", "(System.Type,System.String)", "", "Argument[1]", "Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "Marshal", False, "InitHandle", "(System.Runtime.InteropServices.SafeHandle,System.IntPtr)", "", "Argument[1]", "Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", False, "CreateFromPinnedArray", "(T[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "CreateSpan", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", False, "ToEnumerable", "(System.ReadOnlyMemory)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetString", "(System.ReadOnlyMemory,System.String,System.Int32,System.Int32)", "", "Argument[0].SyntheticField[System.ReadOnlyMemory`1._object]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager,System.Int32,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetString", "(System.ReadOnlyMemory,System.String,System.Int32,System.Int32)", "", "Argument[0].SyntheticField[System.ReadOnlyMemory`1._object]", "Argument[1]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "ConvertToInteger", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "ConvertToIntegerNative", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "CreateChecked", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -43,13 +42,12 @@ extensions: - ["System.Runtime.InteropServices", "NFloat", False, "op_UnaryPlus", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "OSPlatform", False, "Create", "(System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "OSPlatform", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SafeBuffer", False, "AcquirePointer", "(System.Byte*)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "DangerousGetHandle", "()", "", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "SafeHandle", "(System.IntPtr,System.Boolean)", "", "Argument[0]", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "SetHandle", "(System.IntPtr)", "", "Argument[0]", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlyMemory", "(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory)", "", "Argument[0].Property[System.Buffers.ReadOnlySequence`1.First]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryRead", "(System.Buffers.SequenceReader,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlyMemory", "(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory)", "", "Argument[0].Property[System.Buffers.ReadOnlySequence`1.First]", "Argument[1]", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "Argument[3]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -390,6 +388,7 @@ extensions: - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpan", "(T,System.Int32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpanFromNullTerminated", "(System.Byte*)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpanFromNullTerminated", "(System.Char*)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateSpan", "(T,System.Int32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetArrayDataReference", "(System.Array)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetArrayDataReference", "(T[])", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetReference", "(System.ReadOnlySpan)", "summary", "df-generated"] @@ -637,6 +636,7 @@ extensions: - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.String)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.String,System.Exception)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "SafeBuffer", "AcquirePointer", "(System.Byte*)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt64)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt32)", "summary", "df-generated"] @@ -659,6 +659,7 @@ extensions: - ["System.Runtime.InteropServices", "SafeHandle", "get_IsClosed", "()", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeHandle", "get_IsInvalid", "()", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SequenceMarshal", "TryGetArray", "(System.Buffers.ReadOnlySequence,System.ArraySegment)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", "TryRead", "(System.Buffers.SequenceReader,T)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "StructLayoutAttribute", "(System.Int16)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "StructLayoutAttribute", "(System.Runtime.InteropServices.LayoutKind)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "get_Value", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml index c5f3e8f56ed2..fb03afbfe194 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml @@ -16,7 +16,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector128", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Truncate", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Truncate", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "WithElement", "(System.Runtime.Intrinsics.Vector128,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -35,7 +34,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector256", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Truncate", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Truncate", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "WithElement", "(System.Runtime.Intrinsics.Vector256,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -54,7 +52,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector512", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Truncate", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Truncate", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "WithElement", "(System.Runtime.Intrinsics.Vector512,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -71,7 +68,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector64", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Truncate", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Truncate", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "WithElement", "(System.Runtime.Intrinsics.Vector64,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -327,6 +323,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector128", "Store", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreAligned", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector128", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "Subtract", "(System.Runtime.Intrinsics.Vector128,System.Runtime.Intrinsics.Vector128)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "Sum", "(System.Runtime.Intrinsics.Vector128)", "summary", "df-generated"] @@ -625,6 +622,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector256", "Store", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreAligned", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector256", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "Subtract", "(System.Runtime.Intrinsics.Vector256,System.Runtime.Intrinsics.Vector256)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "Sum", "(System.Runtime.Intrinsics.Vector256)", "summary", "df-generated"] @@ -924,6 +922,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector512", "Store", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreAligned", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector512", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "Subtract", "(System.Runtime.Intrinsics.Vector512,System.Runtime.Intrinsics.Vector512)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "Sum", "(System.Runtime.Intrinsics.Vector512)", "summary", "df-generated"] @@ -1197,6 +1196,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector64", "Store", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreAligned", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector64", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "Subtract", "(System.Runtime.Intrinsics.Vector64,System.Runtime.Intrinsics.Vector64)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "Sum", "(System.Runtime.Intrinsics.Vector64)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml index 5acd6d53a1cc..813f1750e842 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml @@ -4,7 +4,9 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "get_BaseContract", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "get_DataMembers", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContractSet", False, "DataContractSet", "(System.Runtime.Serialization.DataContracts.DataContractSet)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml index 9c4f73b489fd..bc04cea71ec7 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml @@ -22,7 +22,7 @@ extensions: - ["System.Runtime.Serialization", "IFormatterConverter", True, "ToString", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.Serialization", "IObjectReference", True, "GetRealObject", "(System.Runtime.Serialization.StreamingContext)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization", "ISerializable", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Runtime.Serialization", "ISurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.Serialization", "ISurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this]", "Argument[2]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "KnownTypeAttribute", False, "KnownTypeAttribute", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "ObjectIDGenerator", True, "GetId", "(System.Object,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.Serialization", "ObjectManager", False, "ObjectManager", "(System.Runtime.Serialization.ISurrogateSelector,System.Runtime.Serialization.StreamingContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -63,7 +63,7 @@ extensions: - ["System.Runtime.Serialization", "StreamingContext", False, "get_Context", "()", "", "Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Serialization", "SurrogateSelector", True, "ChainSelector", "(System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetNextSelector", "()", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "Argument[2]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "XPathQueryGenerator", False, "CreateFromDataContractSerializer", "(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager)", "", "Argument[2]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.Serialization", "XmlSerializableServices", False, "WriteNodes", "(System.Xml.XmlWriter,System.Xml.XmlNode[])", "", "Argument[1].Element", "Argument[0]", "taint", "df-generated"] - ["System.Runtime.Serialization", "XsdDataContractExporter", False, "XsdDataContractExporter", "(System.Xml.Schema.XmlSchemaSet)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml index 90f36107f3a1..babfe0e5cf1a 100644 --- a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml +++ b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml @@ -45,12 +45,12 @@ extensions: - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "Encode", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "ReturnValue.Element", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "Encode", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes]", "ReturnValue", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "GetNonce", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "TryDecode", "(System.ReadOnlyMemory,System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest,System.Int32)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "ReturnValue.SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "TryDecode", "(System.ReadOnlyMemory,System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest,System.Int32)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "Argument[1].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "AsSignedCms", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForData", "(System.ReadOnlySpan,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.HashAlgorithmName,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.Oid,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForSignerInfo", "(System.Security.Cryptography.Pkcs.SignerInfo,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForData", "(System.ReadOnlySpan,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "Argument[1]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.HashAlgorithmName,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "Argument[2]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.Oid,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "Argument[2]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForSignerInfo", "(System.Security.Cryptography.Pkcs.SignerInfo,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "Encode", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "GetNonce", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "GetSerialNumber", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml index eceeb0c2f5c1..421f6fbc5047 100644 --- a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml +++ b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml @@ -81,7 +81,7 @@ extensions: - ["System.Security.Cryptography.Xml", "SignedInfo", False, "get_CanonicalizationMethodObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedInfo", False, "get_References", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references]", "ReturnValue", "value", "dfc-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignature", "(System.Security.Cryptography.KeyedHashAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignatureReturningKey", "(System.Security.Cryptography.AsymmetricAlgorithm)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignatureReturningKey", "(System.Security.Cryptography.AsymmetricAlgorithm)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "ComputeSignature", "(System.Security.Cryptography.KeyedHashAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "LoadXml", "(System.Xml.XmlElement)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "SignedXml", "(System.Xml.XmlDocument)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml index 626445bb9f0e..221e3d39d628 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml @@ -12,7 +12,6 @@ extensions: - ["System.Text.Json.Nodes", "JsonNode", False, "AsObject", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "AsValue", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "DeepClone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json.Nodes", "JsonNode", False, "Parse", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "ReplaceWith", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "get_Options", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -23,7 +22,7 @@ extensions: - ["System.Text.Json.Nodes", "JsonObject", False, "SetAt", "(System.Int32,System.String,System.Text.Json.Nodes.JsonNode)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonObject", False, "SetAt", "(System.Int32,System.Text.Json.Nodes.JsonNode)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonValue", False, "Create", "(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json.Nodes", "JsonValue", True, "TryGetValue", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Text.Json.Nodes", "JsonValue", True, "TryGetValue", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -50,6 +49,7 @@ extensions: - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.ReadOnlySpan,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.String,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] + - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "ParseAsync", "(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "ToJsonString", "(System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "WriteTo", "(System.Text.Json.Utf8JsonWriter,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml index cacf9b8523e9..c363d08b1914 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml @@ -4,9 +4,7 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", False, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonConverter", True, "ReadAsPropertyName", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] - - ["System.Text.Json.Serialization", "JsonConverter", True, "ReadAsPropertyName", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonConverterFactory", True, "CreateConverter", "(System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json.Serialization", "JsonDerivedTypeAttribute", False, "JsonDerivedTypeAttribute", "(System.Type,System.String)", "", "Argument[1]", "Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator]", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonPropertyNameAttribute", False, "JsonPropertyNameAttribute", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Text.Json.Serialization.JsonPropertyNameAttribute.Name]", "value", "dfc-generated"] @@ -19,6 +17,7 @@ extensions: pack: codeql/csharp-all extensible: neutralModel data: + - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", "Write", "(System.Text.Json.Utf8JsonWriter,System.BinaryData,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Serialization", "IJsonOnDeserialized", "OnDeserialized", "()", "summary", "df-generated"] - ["System.Text.Json.Serialization", "IJsonOnDeserializing", "OnDeserializing", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.model.yml index e5e1eb220f99..911f3eb7e979 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.model.yml @@ -6,8 +6,6 @@ extensions: data: - ["System.Text.Json", "JsonDocument", False, "Parse", "(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonDocument", False, "Parse", "(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonDocument", False, "ParseValue", "(System.Text.Json.Utf8JsonReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonDocument", False, "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonDocument", False, "get_RootElement", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Text.Json.JsonElement+ArrayEnumerator.Current]", "ReturnValue", "value", "dfc-generated"] @@ -21,11 +19,9 @@ extensions: - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "ParseValue", "(System.Text.Json.Utf8JsonReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.String,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.String,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonEncodedText", False, "Encode", "(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonEncodedText", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -46,11 +42,6 @@ extensions: - ["System.Text.Json", "JsonProperty", False, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonReaderState", False, "JsonReaderState", "(System.Text.Json.JsonReaderOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions]", "value", "dfc-generated"] - ["System.Text.Json", "JsonReaderState", False, "get_Options", "()", "", "Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] @@ -74,7 +65,7 @@ extensions: - ["System.Text.Json", "JsonSerializerOptions", False, "GetConverter", "(System.Type)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializerOptions", False, "GetTypeInfo", "(System.Type)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializerOptions", False, "JsonSerializerOptions", "(System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Text.Json", "JsonSerializerOptions", False, "TryGetTypeInfo", "(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Text.Json", "JsonSerializerOptions", False, "TryGetTypeInfo", "(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "CopyString", "(System.Span)", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "GetComment", "()", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "GetString", "()", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] @@ -95,6 +86,8 @@ extensions: - ["System.Text.Json", "JsonDocument", "Parse", "(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "Parse", "(System.String,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "ParseAsync", "(System.IO.Stream,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken)", "summary", "df-generated"] + - ["System.Text.Json", "JsonDocument", "ParseValue", "(System.Text.Json.Utf8JsonReader)", "summary", "df-generated"] + - ["System.Text.Json", "JsonDocument", "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "WriteTo", "(System.Text.Json.Utf8JsonWriter)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", "Dispose", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", "MoveNext", "()", "summary", "df-generated"] @@ -123,6 +116,7 @@ extensions: - ["System.Text.Json", "JsonElement", "GetUInt16", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "GetUInt32", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "GetUInt64", "()", "summary", "df-generated"] + - ["System.Text.Json", "JsonElement", "ParseValue", "(System.Text.Json.Utf8JsonReader)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ToString", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetByte", "(System.Byte)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetBytesFromBase64", "(System.Byte[])", "summary", "df-generated"] @@ -139,6 +133,7 @@ extensions: - ["System.Text.Json", "JsonElement", "TryGetUInt16", "(System.UInt16)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetUInt32", "(System.UInt32)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetUInt64", "(System.UInt64)", "summary", "df-generated"] + - ["System.Text.Json", "JsonElement", "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.String)", "summary", "df-generated"] @@ -183,6 +178,9 @@ extensions: - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.IO.Stream,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.ReadOnlySpan,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] @@ -197,6 +195,8 @@ extensions: - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.JsonElement,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Type,System.Text.Json.JsonSerializerOptions,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Type,System.Text.Json.Serialization.JsonSerializerContext,System.Threading.CancellationToken)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml b/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml index b70d8da3c911..83ab228ce7ce 100644 --- a/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml @@ -9,7 +9,7 @@ extensions: - ["System.Text.RegularExpressions", "GeneratedRegexAttribute", False, "GeneratedRegexAttribute", "(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String)", "", "Argument[0]", "Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.Pattern]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "GeneratedRegexAttribute", False, "GeneratedRegexAttribute", "(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String)", "", "Argument[3]", "Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.CultureName]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "Group", False, "Synchronized", "(System.Text.RegularExpressions.Group)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.RegularExpressions", "GroupCollection", False, "TryGetValue", "(System.String,System.Text.RegularExpressions.Group)", "", "Argument[this].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Text.RegularExpressions", "GroupCollection", False, "TryGetValue", "(System.String,System.Text.RegularExpressions.Group)", "", "Argument[this].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "GroupCollection", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.RegularExpressions", "GroupCollection", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.RegularExpressions", "Match", False, "NextMatch", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml b/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml index 20d753a17d11..c4c2322beef8 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml @@ -7,8 +7,6 @@ extensions: - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["System.Text.Unicode", "Utf8", False, "TryWrite", "(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Unicode", "Utf8", False, "TryWrite", "(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -194,3 +192,5 @@ extensions: - ["System.Text.Unicode", "Utf8", "FromUtf16", "(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["System.Text.Unicode", "Utf8", "IsValid", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Unicode", "Utf8", "ToUtf16", "(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] + - ["System.Text.Unicode", "Utf8", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] + - ["System.Text.Unicode", "Utf8", "TryWrite", "(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml b/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml index ccfb12aa0e63..4a3d0c9a820b 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml @@ -10,9 +10,9 @@ extensions: - ["System.Threading.RateLimiting", "MetadataName", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Threading.RateLimiting.MetadataName`1._name]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "MetadataName", False, "get_Name", "()", "", "Argument[this].SyntheticField[System.Threading.RateLimiting.MetadataName`1._name]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "PartitionedRateLimiter", False, "CreateChained", "(System.Threading.RateLimiting.PartitionedRateLimiter[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.RateLimiting", "RateLimitLease", False, "TryGetMetadata", "(System.Threading.RateLimiting.MetadataName,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.RateLimiting", "RateLimitLease", False, "TryGetMetadata", "(System.Threading.RateLimiting.MetadataName,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitLease", True, "GetAllMetadata", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.RateLimiting", "RateLimitLease", True, "TryGetMetadata", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.RateLimiting", "RateLimitLease", True, "TryGetMetadata", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitLease", True, "get_MetadataNames", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitPartition", False, "RateLimitPartition", "(TKey,System.Func)", "", "Argument[0]", "Argument[this].Property[System.Threading.RateLimiting.RateLimitPartition`1.PartitionKey]", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "RateLimitPartition", False, "RateLimitPartition", "(TKey,System.Func)", "", "Argument[1]", "Argument[this].Property[System.Threading.RateLimiting.RateLimitPartition`1.Factory]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml b/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml index d39b388a2182..2c07b1a031b6 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml @@ -25,7 +25,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "ReserveMessage", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this]", "Argument[0].Element", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "BufferBlock", "(System.Threading.Tasks.Dataflow.DataflowBlockOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -48,7 +48,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "ReceiveAsync", "(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "SendAsync", "(System.Threading.Tasks.Dataflow.ITargetBlock,TInput)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "SendAsync", "(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "TryReceive", "(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "TryReceive", "(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "IDataflowBlock", True, "get_Completion", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "JoinBlock", False, "JoinBlock", "(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "JoinBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock>,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -76,7 +76,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "OfferMessage", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,T,System.Threading.Tasks.Dataflow.ISourceBlock,System.Boolean)", "", "Argument[1]", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "value", "dfc-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "ReleaseReservation", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "Argument[0].Element", "value", "dfc-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "WriteOnceBlock", "(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._cloningFunction]", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Threading.model.yml b/csharp/ql/lib/ext/generated/System.Threading.model.yml index 3872a5ad2389..f90d92d7c26f 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.model.yml @@ -22,31 +22,20 @@ extensions: - ["System.Threading", "ExecutionContext", False, "CreateCopy", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ExecutionContext", False, "Run", "(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object)", "", "Argument[2]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Threading", "HostExecutionContextManager", True, "SetHostExecutionContext", "(System.Threading.HostExecutionContext)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(System.IntPtr,System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(System.UIntPtr,System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(T,T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[3].ReturnValue", "Argument[0]", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Object,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Object,System.Func)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Lock", False, "EnterScope", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ManualResetEventSlim", False, "get_WaitHandle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Mutex", False, "TryOpenExisting", "(System.String,System.Threading.Mutex)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Overlapped", False, "Overlapped", "(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "Overlapped", False, "Overlapped", "(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "PeriodicTimer", "(System.TimeSpan)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "PeriodicTimer", "(System.TimeSpan,System.TimeProvider)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "WaitForNextTickAsync", "(System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "ReaderWriterLock", False, "DowngradeFromWriterLock", "(System.Threading.LockCookie)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "ReaderWriterLock", False, "RestoreLock", "(System.Threading.LockCookie)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "RegisteredWaitHandle", False, "Unregister", "(System.Threading.WaitHandle)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "SemaphoreSlim", False, "WaitAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "SemaphoreSlim", False, "WaitAsync", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -58,20 +47,11 @@ extensions: - ["System.Threading", "SynchronizationContext", True, "Send", "(System.Threading.SendOrPostCallback,System.Object)", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Threading", "Thread", False, "GetData", "(System.LocalDataStoreSlot)", "", "Argument[0].SyntheticField[System.LocalDataStoreSlot.Data].Property[System.Threading.ThreadLocal`1.Value]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Thread", False, "SetData", "(System.LocalDataStoreSlot,System.Object)", "", "Argument[1]", "Argument[0].SyntheticField[System.LocalDataStoreSlot.Data].Property[System.Threading.ThreadLocal`1.Value]", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ThreadExceptionEventArgs", False, "ThreadExceptionEventArgs", "(System.Exception)", "", "Argument[0]", "Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception]", "value", "dfc-generated"] - ["System.Threading", "ThreadExceptionEventArgs", False, "get_Exception", "()", "", "Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ThreadLocal", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ThreadPoolBoundHandle", False, "AllocateNativeOverlapped", "(System.Threading.PreAllocatedOverlapped)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ThreadPoolBoundHandle", False, "get_Handle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Volatile", False, "Write", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Volatile", False, "Write", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Volatile", False, "Write", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "WaitHandleExtensions", False, "GetSafeWaitHandle", "(System.Threading.WaitHandle)", "", "Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "WaitHandleExtensions", False, "SetSafeWaitHandle", "(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - addsTo: @@ -208,12 +188,15 @@ extensions: - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int16,System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int32,System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int64,System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(System.IntPtr,System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Object,System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.SByte,System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Single,System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt16,System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt32,System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt64,System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(System.UIntPtr,System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(T,T,T)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.Int64)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.UInt32)", "summary", "df-generated"] @@ -223,12 +206,15 @@ extensions: - ["System.Threading", "Interlocked", "Exchange", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(T,T)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.Int64)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.UInt32)", "summary", "df-generated"] @@ -292,6 +278,7 @@ extensions: - ["System.Threading", "Mutex", "Mutex", "(System.Boolean,System.String,System.Boolean)", "summary", "df-generated"] - ["System.Threading", "Mutex", "OpenExisting", "(System.String)", "summary", "df-generated"] - ["System.Threading", "Mutex", "ReleaseMutex", "()", "summary", "df-generated"] + - ["System.Threading", "Mutex", "TryOpenExisting", "(System.String,System.Threading.Mutex)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "Create", "(System.Boolean,System.String,System.Boolean,System.Security.AccessControl.MutexSecurity)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "OpenExisting", "(System.String,System.Security.AccessControl.MutexRights)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "TryOpenExisting", "(System.String,System.Security.AccessControl.MutexRights,System.Threading.Mutex)", "summary", "df-generated"] @@ -311,9 +298,11 @@ extensions: - ["System.Threading", "ReaderWriterLock", "AcquireWriterLock", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "AcquireWriterLock", "(System.TimeSpan)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "AnyWritersSince", "(System.Int32)", "summary", "df-generated"] + - ["System.Threading", "ReaderWriterLock", "DowngradeFromWriterLock", "(System.Threading.LockCookie)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseLock", "()", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseReaderLock", "()", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseWriterLock", "()", "summary", "df-generated"] + - ["System.Threading", "ReaderWriterLock", "RestoreLock", "(System.Threading.LockCookie)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "UpgradeToWriterLock", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "UpgradeToWriterLock", "(System.TimeSpan)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "get_IsReaderLockHeld", "()", "summary", "df-generated"] @@ -444,21 +433,27 @@ extensions: - ["System.Threading", "Thread", "VolatileRead", "(System.Int16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.IntPtr)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.Object)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.SByte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Single)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.UIntPtr)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Byte,System.Byte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Double,System.Double)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] - ["System.Threading", "Thread", "Yield", "()", "summary", "df-generated"] - ["System.Threading", "Thread", "get_CurrentThread", "()", "summary", "df-generated"] - ["System.Threading", "Thread", "get_ExecutionContext", "()", "summary", "df-generated"] @@ -549,11 +544,14 @@ extensions: - ["System.Threading", "Volatile", "Write", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(T,T)", "summary", "df-generated"] - ["System.Threading", "Volatile", "WriteBarrier", "()", "summary", "df-generated"] - ["System.Threading", "WaitHandle", "Close", "()", "summary", "df-generated"] - ["System.Threading", "WaitHandle", "Dispose", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml index ce23169ea56e..65818a7bfead 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml @@ -115,17 +115,20 @@ extensions: - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadElementQualifiedName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadNullableQualifiedName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadNullableString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReference", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReference", "(System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[this]", "Argument[3]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadSerializable", "(System.Xml.Serialization.IXmlSerializable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadSerializable", "(System.Xml.Serialization.IXmlSerializable,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml b/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml index 519dcb655746..b27cc848761b 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml @@ -130,9 +130,10 @@ extensions: - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DebugGetXsltValue", "(System.Collections.IList)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DebugSetGlobalValue", "(System.String,System.Object)", "", "Argument[1]", "Argument[this].SyntheticField[System.Xml.Xsl.Runtime.XmlQueryRuntime._globalValues].Element", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DocOrderDistinct", "(System.Collections.Generic.IList)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndRtfConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndRtfConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "FindIndex", "(System.Xml.XPath.XPathNavigator,System.Int32,System.Xml.Xsl.Runtime.XmlILIndex)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "FindIndex", "(System.Xml.XPath.XPathNavigator,System.Int32,System.Xml.Xsl.Runtime.XmlILIndex)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetAtomizedName", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetCollation", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetEarlyBoundObject", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -141,9 +142,9 @@ extensions: - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.Int32)", "", "Argument[0]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Name]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.String)", "", "Argument[0]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Name]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.String)", "", "Argument[1]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Namespace]", "value", "dfc-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "TextRtfConstruction", "(System.String,System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Xml.Xsl.Runtime.RtfTextNavigator._text]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "TextRtfConstruction", "(System.String,System.String)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Xml.Xsl.Runtime.RtfTextNavigator._baseUri]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "get_ExternalContext", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.model.yml b/csharp/ql/lib/ext/generated/System.Xml.model.yml index db9752525d91..60dfe8192323 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.model.yml @@ -10,9 +10,9 @@ extensions: - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Int32,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.String,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Int32,System.Xml.XmlDictionaryString)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.String,System.Xml.XmlDictionaryString)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "GetNamespacesInScope", "(System.Xml.XmlNamespaceScope)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "LookupNamespace", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "LookupPrefix", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -73,8 +73,10 @@ extensions: - ["System.Xml", "XmlDictionaryReader", False, "ReadContentAsString", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", False, "ReadString", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", True, "GetAttribute", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsString", "(System.String[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsString", "(System.Xml.XmlDictionaryString[],System.Int32)", "", "Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsUniqueId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.model.yml b/csharp/ql/lib/ext/generated/System.model.yml index 03b23b02725e..7265d33e2992 100644 --- a/csharp/ql/lib/ext/generated/System.model.yml +++ b/csharp/ql/lib/ext/generated/System.model.yml @@ -34,7 +34,6 @@ extensions: - ["System", "Array", False, "FindLastIndex", "(T[],System.Int32,System.Predicate)", "", "Argument[0].Element", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System", "Array", False, "FindLastIndex", "(T[],System.Predicate)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System", "Array", False, "ForEach", "(T[],System.Action)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - - ["System", "Array", False, "Resize", "(T[],System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "Array", False, "TrueForAll", "(T[],System.Predicate)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System", "ArraySegment+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.ArraySegment`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System", "ArraySegment+Enumerator", False, "get_Current", "()", "", "Argument[this].SyntheticField[System.ArraySegment`1+Enumerator._array].Element", "ReturnValue", "value", "dfc-generated"] @@ -69,7 +68,7 @@ extensions: - ["System", "BinaryData", False, "WithMediaType", "(System.String)", "", "Argument[0]", "ReturnValue.Property[System.BinaryData.MediaType]", "value", "dfc-generated"] - ["System", "CultureAwareComparer", False, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].SyntheticField[System.CultureAwareComparer._compareInfo]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System", "DateTime", False, "ToLocalTime", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"] - - ["System", "DateTimeOffset", False, "Deconstruct", "(System.DateOnly,System.TimeOnly,System.TimeSpan)", "", "Argument[this].Property[System.DateTimeOffset.Offset]", "ReturnValue", "value", "dfc-generated"] + - ["System", "DateTimeOffset", False, "Deconstruct", "(System.DateOnly,System.TimeOnly,System.TimeSpan)", "", "Argument[this].Property[System.DateTimeOffset.Offset]", "Argument[2]", "value", "dfc-generated"] - ["System", "Delegate+InvocationListEnumerator", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "Delegate+InvocationListEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "Delegate", False, "Combine", "(System.Delegate,System.Delegate)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] @@ -416,8 +415,6 @@ extensions: - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,System.ReadOnlySpan)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,T)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System", "MemoryExtensions", False, "TryWrite", "(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System", "MemoryExtensions", False, "TryWrite", "(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System", "MissingFieldException", False, "MissingFieldException", "(System.String,System.String)", "", "Argument[0]", "Argument[this].Field[System.MissingMemberException.ClassName]", "value", "dfc-generated"] - ["System", "MissingFieldException", False, "MissingFieldException", "(System.String,System.String)", "", "Argument[1]", "Argument[this].Field[System.MissingMemberException.MemberName]", "value", "dfc-generated"] - ["System", "MissingMemberException", False, "MissingMemberException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "Argument[this].Field[System.MissingMemberException.ClassName]", "value", "dfc-generated"] @@ -466,8 +463,6 @@ extensions: - ["System", "SequencePosition", False, "GetObject", "()", "", "Argument[this].SyntheticField[System.SequencePosition._object]", "ReturnValue", "value", "dfc-generated"] - ["System", "SequencePosition", False, "SequencePosition", "(System.Object,System.Int32)", "", "Argument[0]", "Argument[this].SyntheticField[System.SequencePosition._object]", "value", "dfc-generated"] - ["System", "Span", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System", "String", False, "Create", "(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System", "String", False, "Create", "(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "Create", "(System.Int32,TState,System.Buffers.SpanAction)", "", "Argument[1]", "Argument[2].Parameter[1]", "value", "dfc-generated"] - ["System", "String", False, "EnumerateRunes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "String", False, "Format", "(System.IFormatProvider,System.Text.CompositeFormat,TArg0,TArg1,TArg2)", "", "Argument[1].Property[System.Text.CompositeFormat.Format]", "ReturnValue", "value", "dfc-generated"] @@ -482,7 +477,7 @@ extensions: - ["System", "String", False, "Trim", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "TrimEnd", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "TrimStart", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - - ["System", "String", False, "TryParse", "(System.String,System.IFormatProvider,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System", "String", False, "TryParse", "(System.String,System.IFormatProvider,System.String)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "Normalize", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "Normalize", "(System.String,System.Text.NormalizationForm)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "TryNormalize", "(System.ReadOnlySpan,System.Span,System.Int32,System.Text.NormalizationForm)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] @@ -523,7 +518,7 @@ extensions: - ["System", "TimeZoneInfo", False, "GetUtcOffset", "(System.DateTimeOffset)", "", "Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "ToString", "()", "", "Argument[this].Property[System.TimeZoneInfo.DisplayName]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "ToString", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._displayName]", "ReturnValue", "value", "dfc-generated"] - - ["System", "TimeZoneInfo", False, "TryFindSystemTimeZoneById", "(System.String,System.TimeZoneInfo)", "", "Argument[0]", "ReturnValue.SyntheticField[System.TimeZoneInfo._id]", "value", "dfc-generated"] + - ["System", "TimeZoneInfo", False, "TryFindSystemTimeZoneById", "(System.String,System.TimeZoneInfo)", "", "Argument[0]", "Argument[1].SyntheticField[System.TimeZoneInfo._id]", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_BaseUtcOffset", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_DaylightName", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._displayName]", "ReturnValue", "value", "dfc-generated"] @@ -724,11 +719,11 @@ extensions: - ["System", "Uri", False, "MakeRelative", "(System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "MakeRelativeUri", "(System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "ToString", "(System.String,System.IFormatProvider)", "", "Argument[this].SyntheticField[System.Uri._string]", "ReturnValue", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System", "Uri", False, "TryEscapeDataString", "(System.ReadOnlySpan,System.Span,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System", "Uri", False, "TryUnescapeDataString", "(System.ReadOnlySpan,System.Span,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System", "Uri", False, "UnescapeDataString", "(System.ReadOnlySpan)", "", "Argument[0].Element", "ReturnValue", "taint", "dfc-generated"] @@ -762,7 +757,7 @@ extensions: - ["System", "ValueTuple", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "ValueTuple", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "WeakReference", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].Property[System.WeakReference.Target]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - - ["System", "WeakReference", False, "TryGetTarget", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System", "WeakReference", False, "TryGetTarget", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: sourceModel @@ -982,6 +977,7 @@ extensions: - ["System", "Array", "LastIndexOf", "(T[],T,System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "Array", "Remove", "(System.Object)", "summary", "df-generated"] - ["System", "Array", "RemoveAt", "(System.Int32)", "summary", "df-generated"] + - ["System", "Array", "Resize", "(T[],System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32,System.Int32,System.Int32)", "summary", "df-generated"] @@ -3637,8 +3633,10 @@ extensions: - ["System", "MemoryExtensions", "ToLowerInvariant", "(System.ReadOnlySpan,System.Span)", "summary", "df-generated"] - ["System", "MemoryExtensions", "ToUpper", "(System.ReadOnlySpan,System.Span,System.Globalization.CultureInfo)", "summary", "df-generated"] - ["System", "MemoryExtensions", "ToUpperInvariant", "(System.ReadOnlySpan,System.Span)", "summary", "df-generated"] + - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.Object[])", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.ReadOnlySpan)", "summary", "df-generated"] + - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1,TArg2)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0)", "summary", "df-generated"] @@ -4181,6 +4179,8 @@ extensions: - ["System", "String", "Contains", "(System.String,System.StringComparison)", "summary", "df-generated"] - ["System", "String", "CopyTo", "(System.Int32,System.Char[],System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "String", "CopyTo", "(System.Span)", "summary", "df-generated"] + - ["System", "String", "Create", "(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "summary", "df-generated"] + - ["System", "String", "Create", "(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.Char)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.String)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.String,System.Boolean,System.Globalization.CultureInfo)", "summary", "df-generated"] From 2f16e3a0c0d02cbd33ad8f4d9b20b5e75de927e4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 15:22:51 +0100 Subject: [PATCH 095/409] C#: Update flowsummaries test expected output. --- .../dataflow/library/FlowSummaries.expected | 628 ++++++++---------- .../library/FlowSummariesFiltered.expected | 494 +++++--------- 2 files changed, 457 insertions(+), 665 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 4b7dc533819c..21fcfa594e61 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -1869,7 +1869,7 @@ summary | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;ChainedConfigurationProvider;(Microsoft.Extensions.Configuration.ChainedConfigurationSource);Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration];Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;GetChildKeys;(System.Collections.Generic.IEnumerable,System.String);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;GetReloadToken;();Argument[this];ReturnValue;taint;df-generated | -| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;taint;dfc-generated | +| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];Argument[1];taint;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;get_Configuration;();Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationSource;Build;(Microsoft.Extensions.Configuration.IConfigurationBuilder);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[0];taint;manual | @@ -2569,7 +2569,7 @@ summary | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckRegistration;set_Factory;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckService;CheckHealthAsync;(System.Func,System.Threading.CancellationToken);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;Initialize;(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource);Argument[0];Argument[this];taint;df-generated | -| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];Argument[1];value;dfc-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_ByteHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DecimalHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DoubleHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -3503,7 +3503,7 @@ summary | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;get_Value;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | -| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -3514,7 +3514,6 @@ summary | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(System.String,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | -| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];Argument[this].Element;value;manual | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];ReturnValue;taint;manual | @@ -3593,7 +3592,6 @@ summary | Microsoft.SqlServer.Server;SqlDataRecord;GetValues;(System.Object[]);Argument[this];Argument[0].Element;taint;manual | | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.Int32);Argument[this];ReturnValue;taint;manual | | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.String);Argument[this];ReturnValue;taint;manual | -| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic.FileIO;MalformedLineException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | Microsoft.VisualBasic;Collection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -3605,12 +3603,6 @@ summary | Microsoft.VisualBasic;Collection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;Collection;set_Item;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);Argument[1];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;VBCodeProvider;CreateCompiler;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;VBCodeProvider;CreateGenerator;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;VBCodeProvider;GenerateCodeFromMember;(System.CodeDom.CodeTypeMember,System.IO.TextWriter,System.CodeDom.Compiler.CodeGeneratorOptions);Argument[0];Argument[this];taint;df-generated | @@ -5287,7 +5279,7 @@ summary | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span);Argument[this];Argument[0].Element;taint;manual | -| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.ReadOnlySpan);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | @@ -6018,7 +6010,6 @@ summary | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.Int64);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[1];ReturnValue;taint;df-generated | -| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;ReadOnlySequence;get_FirstSpan;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySpanAction;BeginInvoke;(System.ReadOnlySpan,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Buffers;SearchValues;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | @@ -6026,30 +6017,24 @@ summary | System.Buffers;SequenceReader;SequenceReader;(System.Buffers.ReadOnlySequence);Argument[0];Argument[this].Property[System.Buffers.SequenceReader`1.Sequence];value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[1];value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];Argument[1];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;get_UnreadSequence;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;SequenceReader;get_UnreadSpan;();Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;SpanAction;BeginInvoke;(System.Span,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.CodeDom.Compiler;CodeCompiler;CompileAssemblyFromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[0];taint;df-generated | | System.CodeDom.Compiler;CodeCompiler;CompileAssemblyFromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[this];taint;df-generated | @@ -6201,14 +6186,6 @@ summary | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[0].Element;Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element;value;dfc-generated | | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[1];Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly];value;dfc-generated | | System.CodeDom.Compiler;CompilerResults;CompilerResults;(System.CodeDom.Compiler.TempFileCollection);Argument[0];Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles];value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[5];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[2];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;get_Tool;();Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];ReturnValue;value;dfc-generated | @@ -6654,8 +6631,8 @@ summary | System.Collections.Concurrent;ConcurrentBag;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Concurrent;ConcurrentBag;ToArray;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;TryAdd;(T);Argument[0];Argument[this].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -6728,7 +6705,7 @@ summary | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Comparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Concurrent;ConcurrentDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -6751,11 +6728,11 @@ summary | System.Collections.Concurrent;ConcurrentStack;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;ConcurrentStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Concurrent;ConcurrentStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[]);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[],System.Int32,System.Int32);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Concurrent;IProducerConsumerCollection;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;OrderablePartitioner;GetDynamicPartitions;();Argument[this];ReturnValue;taint;df-generated | @@ -6786,7 +6763,7 @@ summary | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Frozen;FrozenDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Frozen;FrozenDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Frozen;FrozenDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -6803,7 +6780,7 @@ summary | System.Collections.Frozen;FrozenSet;ToFrozenSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;Contains;(TAlternate);Argument[0];Argument[this];taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[0];Argument[this];taint;df-generated | -| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -6816,8 +6793,8 @@ summary | System.Collections.Frozen;FrozenSet;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | | System.Collections.Frozen;FrozenSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Frozen;FrozenSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.Frozen;FrozenSet;get_Items;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IList);Argument[0].Element;ReturnValue;taint;df-generated | @@ -6825,7 +6802,7 @@ summary | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;CopyTo;(System.Collections.Generic.List,System.Span);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Generic;CollectionExtensions;GetValueOrDefault;(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;Argument[2];taint;df-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[1];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[2];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;Comparer;Compare;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | @@ -6916,7 +6893,7 @@ summary | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;Argument[this];taint;df-generated | | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEqualityComparer);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];value;dfc-generated | | System.Collections.Generic;HashSet;RemoveWhere;(System.Predicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;HashSet;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;ICollection;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;ICollection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -6935,7 +6912,8 @@ summary | System.Collections.Generic;ISet;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[0];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[1];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | -| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[0];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[1];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;KeyValuePair;get_Key;();Argument[this];ReturnValue;taint;df-generated | @@ -7097,8 +7075,8 @@ summary | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Int32,System.Collections.Generic.IEqualityComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];value;dfc-generated | -| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;OrderedDictionary;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;OrderedDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -7129,9 +7107,12 @@ summary | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Int32,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[0];Argument[3];taint;df-generated | -| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[2];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;PriorityQueue;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;dfc-generated | @@ -7147,8 +7128,8 @@ summary | System.Collections.Generic;Queue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Generic;Queue;Peek;();Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;Queue;Queue;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;value;dfc-generated | -| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;Queue;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Generic;ReferenceEqualityComparer;GetHashCode;(System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;df-generated | @@ -7240,7 +7221,7 @@ summary | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;Argument[1];value;dfc-generated | | System.Collections.Generic;SortedList;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;SortedList;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Generic;SortedList;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -7275,7 +7256,7 @@ summary | System.Collections.Generic;SortedSet;SortedSet;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | -| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];Argument[1];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[this].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | @@ -7298,8 +7279,8 @@ summary | System.Collections.Generic;Stack;Push;(T);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;Stack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;ToArray;();Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue.Element;value;dfc-generated | -| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;Stack;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;IImmutableDictionary;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;IImmutableDictionary;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | @@ -7554,8 +7535,7 @@ summary | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -7590,8 +7570,7 @@ summary | System.Collections.Immutable;ImmutableDictionary;SetItem;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer];value;dfc-generated | @@ -7624,7 +7603,7 @@ summary | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -7642,13 +7621,11 @@ summary | System.Collections.Immutable;ImmutableHashSet;Remove;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;Union;(System.Collections.Generic.IEnumerable);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;WithComparer;(System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;get_KeyComparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | @@ -7661,8 +7638,6 @@ summary | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[2];ReturnValue;value;dfc-generated | @@ -7671,9 +7646,6 @@ summary | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | @@ -7682,45 +7654,22 @@ summary | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableList;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableList;Create;(T);Argument[0];ReturnValue;taint;df-generated | @@ -7872,10 +7821,12 @@ summary | System.Collections.Immutable;ImmutableQueue;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | | System.Collections.Immutable;ImmutableQueue;Dequeue;();Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Enqueue;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableQueue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | @@ -7951,8 +7902,7 @@ summary | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableSortedDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -7987,9 +7937,8 @@ summary | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer];value;dfc-generated | @@ -8031,8 +7980,8 @@ summary | System.Collections.Immutable;ImmutableSortedSet+Builder;IntersectWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;Reverse;();Argument[this].Element;ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Max;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Min;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | @@ -8061,8 +8010,8 @@ summary | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;df-generated | @@ -8078,6 +8027,7 @@ summary | System.Collections.Immutable;ImmutableStack;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | @@ -8086,7 +8036,7 @@ summary | System.Collections.Immutable;ImmutableStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableStack;Peek;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];Argument[0];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[this];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];value;dfc-generated | @@ -8112,8 +8062,7 @@ summary | System.Collections.ObjectModel;KeyedCollection;InsertItem;(System.Int32,TItem);Argument[1];Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;KeyedCollection;(System.Collections.Generic.IEqualityComparer,System.Int32);Argument[0];Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;SetItem;(System.Int32,TItem);Argument[1];Argument[this];taint;df-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Comparer;();Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;KeyedCollection;get_Item;(TKey);Argument[this].Element;ReturnValue;value;manual | @@ -8168,7 +8117,6 @@ summary | System.Collections.ObjectModel;ReadOnlyDictionary;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.ObjectModel;ReadOnlyDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -8387,7 +8335,8 @@ summary | System.Collections;DictionaryBase;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections;DictionaryBase;set_Item;(System.Object,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections;DictionaryBase;set_Item;(System.Object,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[0];taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System.Collections;Hashtable;Add;(System.Object,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | @@ -9201,12 +9150,11 @@ summary | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;DelegatingConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IConfigErrorInfo;get_Filename;();Argument[this];ReturnValue;taint;df-generated | @@ -9220,12 +9168,11 @@ summary | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;IInternalConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigRecord;GetLkgSection;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -9838,7 +9785,7 @@ summary | System.Data.Common;DbConnectionStringBuilder;GetPropertyOwner;(System.ComponentModel.PropertyDescriptor);Argument[this];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;ReturnValue;taint;dfc-generated | -| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -9970,7 +9917,7 @@ summary | System.Data.Entity.Core.EntityClient;EntityConnection;BeginDbTransaction;(System.Data.IsolationLevel);Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | -| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValue;(System.Int32);Argument[this];ReturnValue;taint;dfc-generated | @@ -10462,7 +10409,7 @@ summary | System.Data.SqlClient;SqlConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | -| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlDataAdapter;Clone;();Argument[this];ReturnValue;value;dfc-generated | @@ -11111,12 +11058,6 @@ summary | System.Diagnostics.Tracing;EventSource;GetTrait;(System.String);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element;ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;SendCommand;(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary);Argument[2];Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[3];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[4];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[2];ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands];Argument[0].Parameter[1];value;dfc-generated | @@ -11214,7 +11155,7 @@ summary | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Diagnostics.ActivityTagsCollection+Enumerator.Current];value;manual | -| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Diagnostics;ActivityTagsCollection;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Diagnostics;ActivityTagsCollection;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Diagnostics;ActivityTagsCollection;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | @@ -11225,13 +11166,6 @@ summary | System.Diagnostics;CorrelationManager;get_LogicalOperationStack;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventArgs;get_Data;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventHandler;BeginInvoke;(System.Object,System.Diagnostics.DataReceivedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | | System.Diagnostics;DefaultTraceListener;Write;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Diagnostics;DelimitedListTraceListener;TraceData;(System.Diagnostics.TraceEventCache,System.String,System.Diagnostics.TraceEventType,System.Int32,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Diagnostics;DelimitedListTraceListener;TraceData;(System.Diagnostics.TraceEventCache,System.String,System.Diagnostics.TraceEventType,System.Int32,System.Object);Argument[1];Argument[this];taint;df-generated | @@ -11655,7 +11589,7 @@ summary | System.Dynamic;ExpandoObject;CopyTo;(System.Collections.Generic.KeyValuePair[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Dynamic;ExpandoObject;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Dynamic;ExpandoObject;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Dynamic;ExpandoObject;add_PropertyChanged;(System.ComponentModel.PropertyChangedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Dynamic;ExpandoObject;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Dynamic;ExpandoObject;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -11684,9 +11618,9 @@ summary | System.Formats.Asn1;AsnDecoder;TryReadBitString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadCharacterStringBytes;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadOctetString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[2].Element;value;dfc-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[0];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[2];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;ReadBitString;(System.Int32,System.Nullable);Argument[this];ReturnValue;taint;df-generated | @@ -11928,8 +11862,6 @@ summary | System.IO.Enumeration;FileSystemEnumerable;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldIncludePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldRecursePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -12230,7 +12162,7 @@ summary | System.IO;MemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;ReadAsync;(System.Memory,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | -| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | System.IO;MemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;Write;(System.ReadOnlySpan);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual | @@ -12553,7 +12485,6 @@ summary | System.IO;UnmanagedMemoryAccessor;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | -| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);Argument[1];ReturnValue;value;dfc-generated | | System.IO;UnmanagedMemoryStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | @@ -14517,8 +14448,8 @@ summary | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Item;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;dfc-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;dfc-generated | @@ -14540,9 +14471,9 @@ summary | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | +| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | | System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;NameValueHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];value;dfc-generated | @@ -14596,10 +14527,10 @@ summary | System.Net.Http.Headers;TransferCodingHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | -| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | +| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;get_Value;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;ViaHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[1];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy];value;dfc-generated | @@ -14704,8 +14635,7 @@ summary | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated | +| System.Net.Http;HttpRequestMessage;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -14828,17 +14758,17 @@ summary | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[0];Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[1];Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._host];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_DisplayName;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];ReturnValue;value;dfc-generated | @@ -15133,13 +15063,7 @@ summary | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | @@ -15155,18 +15079,16 @@ summary | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;DisconnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | | System.Net.Sockets;Socket;ReceiveAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveMessageFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendPacketsAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | @@ -15554,7 +15476,7 @@ summary | System.Numerics;BigInteger;CreateSaturating;(TOther);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;CreateTruncating;(TOther);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue.Field[System.ValueTuple`2.Item2];value;dfc-generated | -| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | +| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];Argument[2];value;dfc-generated | | System.Numerics;BigInteger;Max;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;Max;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | @@ -15620,7 +15542,6 @@ summary | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;WithElement;(System.Numerics.Vector,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -15867,6 +15788,7 @@ summary | System.Reflection.Emit;ParameterBuilder;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;dfc-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];Argument[2];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;PersistedAssemblyBuilder;(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;get_FullName;();Argument[this];ReturnValue;taint;df-generated | @@ -16027,11 +15949,8 @@ summary | System.Reflection.Metadata.Ecma335;PortablePdbBuilder;Serialize;(System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;ReturnTypeEncoder;ReturnTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder];value;dfc-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;ScalarEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder];value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[2];Argument[this];taint;df-generated | @@ -16041,7 +15960,7 @@ summary | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;hq-generated | -| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];Argument[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Pointer;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SZArray;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SignatureTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder];value;dfc-generated | @@ -16082,7 +16001,6 @@ summary | System.Reflection.Metadata;BlobBuilder;LinkSuffix;(System.Reflection.Metadata.BlobBuilder);Argument[this];Argument[0];taint;df-generated | | System.Reflection.Metadata;BlobBuilder;ReserveBytes;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata;BlobBuilder;TryWriteBytes;(System.IO.Stream,System.Int32);Argument[0];Argument[this];taint;df-generated | -| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobContentId;BlobContentId;(System.Guid,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];value;dfc-generated | | System.Reflection.Metadata;BlobContentId;get_Guid;();Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobReader;ReadConstant;(System.Reflection.Metadata.ConstantTypeCode);Argument[this];ReturnValue;taint;df-generated | @@ -16434,8 +16352,8 @@ summary | System.Reflection.PortableExecutable;PEReader;PEReader;(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32);Argument[0];Argument[this];taint;df-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;hq-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;dfc-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;hq-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;dfc-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;hq-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.PortableExecutable;PEReader;get_PEHeaders;();Argument[this];ReturnValue;taint;df-generated | @@ -16476,11 +16394,7 @@ summary | System.Reflection;AssemblyName;get_EscapedCodeBase;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;Binder;BindToField;(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[1].Element;ReturnValue;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2].Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;Argument[0].Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectProperty;(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;ConstructorInvoker;Invoke;();Argument[this];ReturnValue;taint;df-generated | @@ -16700,7 +16614,7 @@ summary | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly,System.Type);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | | System.Resources;ResourceReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Resources;ResourceReader;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];ReturnValue;taint;df-generated | +| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];Argument[1];taint;df-generated | | System.Resources;ResourceReader;ResourceReader;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Resources;ResourceSet;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | @@ -16710,41 +16624,21 @@ summary | System.Resources;ResourceWriter;ResourceWriter;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;ResourceWriter;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;set_TypeNameConverter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result];value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;CallSite;get_Binder;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ConditionalWeakTable+CreateValueCallback;BeginInvoke;(TKey,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ConditionalWeakTable;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -16787,17 +16681,11 @@ summary | System.Runtime.CompilerServices;IRuntimeVariables;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ITuple;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;NullableAttribute;NullableAttribute;(System.Byte[]);Argument[0];Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags];value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Add;(T);Argument[0];Argument[this].Element;value;manual | @@ -16838,15 +16726,6 @@ summary | System.Runtime.CompilerServices;TaskAwaiter;UnsafeOnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;TupleElementNamesAttribute;(System.String[]);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];value;dfc-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;get_TransformNames;();Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;OnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;UnsafeOnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;GetResult;();Argument[this];ReturnValue;taint;df-generated | @@ -16951,8 +16830,8 @@ summary | System.Runtime.InteropServices.Marshalling;SpanMarshaller;GetManagedValuesDestination;(System.Span);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices.Marshalling;StrategyBasedComWrappers;CreateObject;(System.IntPtr,System.Runtime.InteropServices.CreateObjectFlags);Argument[0];ReturnValue;taint;df-generated | | System.Runtime.InteropServices.Marshalling;Utf8StringMarshaller+ManagedToUnmanagedIn;ToUnmanaged;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];Argument[0];value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];Argument[1];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[0];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[1];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];value;dfc-generated | | System.Runtime.InteropServices.ObjectiveC;ObjectiveCMarshal+UnhandledExceptionPropagationHandler;BeginInvoke;(System.Exception,System.RuntimeMethodHandle,System.IntPtr,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -16989,11 +16868,10 @@ summary | System.Runtime.InteropServices;ManagedToNativeComInteropStubAttribute;ManagedToNativeComInteropStubAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName];value;dfc-generated | | System.Runtime.InteropServices;Marshal;InitHandle;(System.Runtime.InteropServices.SafeHandle,System.IntPtr);Argument[1];Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateFromPinnedArray;(T[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;ToEnumerable;(System.ReadOnlyMemory);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;ReturnValue.Element;value;dfc-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];Argument[1];value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[2];ReturnValue;value;dfc-generated | @@ -17020,13 +16898,12 @@ summary | System.Runtime.InteropServices;OSPlatform;Create;(System.String);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];value;dfc-generated | | System.Runtime.InteropServices;OSPlatform;ToString;();Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;PosixSignalRegistration;Create;(System.Runtime.InteropServices.PosixSignal,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;DangerousGetHandle;();Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SafeHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];Argument[1];value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[3];taint;df-generated | | System.Runtime.Intrinsics;Vector64;Abs;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | @@ -17037,7 +16914,6 @@ summary | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;WithElement;(System.Runtime.Intrinsics.Vector64,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17054,7 +16930,6 @@ summary | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;WithElement;(System.Runtime.Intrinsics.Vector128,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17073,7 +16948,6 @@ summary | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;WithElement;(System.Runtime.Intrinsics.Vector256,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17092,7 +16966,6 @@ summary | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;WithElement;(System.Runtime.Intrinsics.Vector512,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17115,7 +16988,9 @@ summary | System.Runtime.Loader;AssemblyLoadContext;remove_Unloading;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.Remoting;ObjectHandle;ObjectHandle;(System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];value;dfc-generated | | System.Runtime.Remoting;ObjectHandle;Unwrap;();Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_BaseContract;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_DataMembers;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContractSet;DataContractSet;(System.Runtime.Serialization.DataContracts.DataContractSet);Argument[0];Argument[this];taint;df-generated | @@ -17165,7 +17040,7 @@ summary | System.Runtime.Serialization;IFormatterConverter;ToString;(System.Object);Argument[0];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;IObjectReference;GetRealObject;(System.Runtime.Serialization.StreamingContext);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization;ISerializable;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;KnownTypeAttribute;KnownTypeAttribute;(System.String);Argument[0];Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName];value;dfc-generated | | System.Runtime.Serialization;ObjectIDGenerator;GetId;(System.Object,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Runtime.Serialization;ObjectManager;GetObject;(System.Int64);Argument[this];ReturnValue;taint;df-generated | @@ -17211,8 +17086,8 @@ summary | System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;ChainSelector;(System.Runtime.Serialization.ISurrogateSelector);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;GetNextSelector;();Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];Argument[2];value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;XPathQueryGenerator;CreateFromDataContractSerializer;(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager);Argument[2];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;XmlSerializableServices;WriteNodes;(System.Xml.XmlWriter,System.Xml.XmlNode[]);Argument[1].Element;Argument[0];taint;df-generated | | System.Runtime.Serialization;XsdDataContractExporter;XsdDataContractExporter;(System.Xml.Schema.XmlSchemaSet);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas];value;dfc-generated | @@ -17531,7 +17406,7 @@ summary | System.Security.Cryptography.Xml;SignedInfo;get_References;();Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedInfo;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedXml;CheckSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | -| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];Argument[0];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;ComputeSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetIdElement;(System.Xml.XmlDocument,System.String);Argument[0].Element;ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetPublicKey;();Argument[this];ReturnValue;taint;df-generated | @@ -18013,7 +17888,6 @@ summary | System.Text.Json.Nodes;JsonNode;AsValue;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;DeepClone;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;GetValue;();Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;ReplaceWith;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Nodes;JsonNode;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | @@ -18040,7 +17914,7 @@ summary | System.Text.Json.Nodes;JsonObject;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Text.Json.Nodes;JsonObject;set_Item;(System.Int32,System.Collections.Generic.KeyValuePair);Argument[1];Argument[this].Element;value;manual | | System.Text.Json.Nodes;JsonValue;Create;(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable);Argument[1];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Schema;JsonSchemaExporterOptions;set_TransformSchemaNode;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization.Metadata;DefaultJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[1];ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;DefaultJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -18103,7 +17977,6 @@ summary | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;Combine;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;WithAddedModifier;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | -| System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Serialization;JsonConverterFactory;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Serialization;JsonDerivedTypeAttribute;JsonDerivedTypeAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator];value;dfc-generated | | System.Text.Json.Serialization;JsonNumberEnumConverter;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -18119,8 +17992,6 @@ summary | System.Text.Json.Serialization;JsonStringEnumMemberNameAttribute;JsonStringEnumMemberNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonStringEnumMemberNameAttribute.Name];value;dfc-generated | | System.Text.Json;JsonDocument;Parse;(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | -| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonDocument;get_RootElement;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | @@ -18142,11 +18013,9 @@ summary | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;JsonElement;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;Encode;(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;ToString;();Argument[this];ReturnValue;taint;df-generated | @@ -18169,11 +18038,6 @@ summary | System.Text.Json;JsonProperty;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonReaderState;JsonReaderState;(System.Text.Json.JsonReaderOptions);Argument[0];Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];value;dfc-generated | | System.Text.Json;JsonReaderState;get_Options;();Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonSerializer;Serialize;(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[1];Argument[2];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[1];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[2];taint;df-generated | @@ -18197,7 +18061,7 @@ summary | System.Text.Json;JsonSerializerOptions;GetConverter;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;GetTypeInfo;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;JsonSerializerOptions;(System.Text.Json.JsonSerializerOptions);Argument[0];Argument[this];taint;df-generated | -| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;Utf8JsonReader;CopyString;(System.Span);Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;Argument[0].Element;value;dfc-generated | | System.Text.Json;Utf8JsonReader;GetComment;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | | System.Text.Json;Utf8JsonReader;GetString;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | @@ -18237,7 +18101,7 @@ summary | System.Text.RegularExpressions;GroupCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Text.RegularExpressions;GroupCollection;Insert;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | | System.Text.RegularExpressions;GroupCollection;Insert;(System.Int32,System.Text.RegularExpressions.Group);Argument[1];Argument[this].Element;value;manual | -| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;ReturnValue;value;dfc-generated | +| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;Argument[1];value;dfc-generated | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Keys;();Argument[this];ReturnValue;taint;df-generated | @@ -18379,8 +18243,6 @@ summary | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual | | System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual | | System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan,System.Span);Argument[0];ReturnValue;taint;manual | @@ -18667,8 +18529,8 @@ summary | System.Threading.RateLimiting;PartitionedRateLimiter;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;PartitionedRateLimiter;WithTranslatedKey;(System.Func,System.Boolean);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitLease;GetAllMetadata;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];Argument[1];taint;df-generated | | System.Threading.RateLimiting;RateLimitLease;get_MetadataNames;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;RateLimitPartition;Get;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitPartition;GetConcurrencyLimiter;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -18729,7 +18591,7 @@ summary | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;ReserveMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[1];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceive;(System.Predicate,T);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];Argument[0].Element;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;BufferBlock;(System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | @@ -18767,7 +18629,7 @@ summary | System.Threading.Tasks.Dataflow;DataflowBlock;ReceiveAsync;(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput);Argument[1];Argument[0];taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken);Argument[1];Argument[0];taint;df-generated | -| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;IDataflowBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;IReceivableSourceBlock;TryReceive;(System.Predicate,TOutput);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;JoinBlock;JoinBlock;(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | @@ -18815,7 +18677,7 @@ summary | System.Threading.Tasks.Dataflow;WriteOnceBlock;ReleaseReservation;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[this];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceive;(System.Predicate,T);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];ReturnValue.Element;value;dfc-generated | +| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];Argument[0].Element;value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -19619,19 +19481,12 @@ summary | System.Threading;ExecutionContext;Run;(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object);Argument[2];Argument[1].Parameter[0];value;hq-generated | | System.Threading;HostExecutionContextManager;SetHostExecutionContext;(System.Threading.HostExecutionContext);Argument[0];ReturnValue;taint;df-generated | | System.Threading;IOCompletionCallback;BeginInvoke;(System.UInt32,System.UInt32,System.Threading.NativeOverlapped*,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(T,T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;hq-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;dfc-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | @@ -19642,13 +19497,10 @@ summary | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Threading;Lock;EnterScope;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;ManualResetEventSlim;get_WaitHandle;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);Argument[1];ReturnValue;value;dfc-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[2];Argument[this];taint;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[3];Argument[this];taint;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -19661,8 +19513,6 @@ summary | System.Threading;PeriodicTimer;WaitForNextTickAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated | | System.Threading;PreAllocatedOverlapped;PreAllocatedOverlapped;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;PreAllocatedOverlapped;UnsafeCreate;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;RegisteredWaitHandle;Unregister;(System.Threading.WaitHandle);Argument[0];Argument[this];taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;(System.Int32);Argument[this];ReturnValue;taint;df-generated | @@ -19686,12 +19536,6 @@ summary | System.Threading;Thread;Thread;(System.Threading.ParameterizedThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;Thread;VolatileRead;(System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;ThreadExceptionEventArgs;(System.Exception);Argument[0];Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;get_Exception;();Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventHandler;BeginInvoke;(System.Object,System.Threading.ThreadExceptionEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -19723,9 +19567,6 @@ summary | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.UInt32,System.UInt32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;TimerCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;WaitCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;WaitHandleExtensions;GetSafeWaitHandle;(System.Threading.WaitHandle);Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle];ReturnValue;value;dfc-generated | | System.Threading;WaitHandleExtensions;SetSafeWaitHandle;(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle);Argument[1];Argument[0];taint;df-generated | @@ -20342,17 +20183,20 @@ summary | System.Xml.Serialization;XmlSerializationReader;ReadElementQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableString;();Argument[this];ReturnValue;taint;df-generated | -| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[1];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];Argument[3];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable);Argument[0];ReturnValue;value;dfc-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | @@ -20647,9 +20491,9 @@ summary | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[1];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[2];Argument[this];taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;IXmlNamespaceResolver;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated | | System.Xml;IXmlNamespaceResolver;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System.Xml;IXmlNamespaceResolver;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -20723,9 +20567,9 @@ summary | System.Xml;XmlAttributeCollection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Xml;XmlBinaryReaderSession;Add;(System.Int32,System.String);Argument[1];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated | | System.Xml;XmlBinaryReaderSession;Add;(System.Int32,System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;XmlCDataSection;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlCDataSection;WriteContentTo;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | | System.Xml;XmlCDataSection;WriteTo;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | @@ -20782,9 +20626,9 @@ summary | System.Xml;XmlDeclaration;get_Value;();Argument[this];ReturnValue;taint;manual | | System.Xml;XmlDictionary;Add;(System.String);Argument[0];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated | | System.Xml;XmlDictionary;Add;(System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated | -| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated | @@ -20806,11 +20650,13 @@ summary | System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated | @@ -21707,7 +21553,6 @@ summary | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System;Array;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System;Array;Insert;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | -| System;Array;Resize;(T[],System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System;Array;Reverse;(System.Array);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(System.Array,System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(T[]);Argument[0].Element;ReturnValue.Element;value;manual | @@ -22140,7 +21985,7 @@ summary | System;DateTime;ToString;(System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | | System;DateTime;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | System;DateTime;ToType;(System.Type,System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | -| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];ReturnValue;value;dfc-generated | +| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];Argument[2];value;dfc-generated | | System;DateTimeOffset;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System;DateTimeOffset;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | System;Decimal;Clamp;(System.Decimal,System.Decimal,System.Decimal);Argument[0];ReturnValue;value;dfc-generated | @@ -22590,8 +22435,6 @@ summary | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0];ReturnValue;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,T);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[0];Argument[this].Field[System.MissingMemberException.ClassName];value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[1];Argument[this].Field[System.MissingMemberException.MemberName];value;dfc-generated | | System;MissingFieldException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | @@ -22768,8 +22611,6 @@ summary | System;String;Concat;(System.String[]);Argument[0].Element;ReturnValue;taint;manual | | System;String;Concat;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;manual | | System;String;Copy;(System.String);Argument[0];ReturnValue;value;manual | -| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;hq-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | @@ -22892,7 +22733,7 @@ summary | System;String;TrimStart;();Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char);Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char[]);Argument[this];ReturnValue;taint;manual | -| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];ReturnValue;value;dfc-generated | +| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];Argument[2];value;dfc-generated | | System;StringComparer;Compare;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System;StringComparer;Compare;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System;StringComparer;GetHashCode;(System.Object);Argument[0];Argument[this];taint;df-generated | @@ -22941,7 +22782,7 @@ summary | System;TimeZoneInfo;GetUtcOffset;(System.DateTimeOffset);Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].Property[System.TimeZoneInfo.DisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | -| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];ReturnValue.SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | +| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];Argument[1].SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | | System;TimeZoneInfo;get_BaseUtcOffset;();Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DaylightName;();Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DisplayName;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | @@ -23675,7 +23516,7 @@ summary | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System;WeakReference;TryGetTarget;(T);Argument[this];ReturnValue;taint;df-generated | +| System;WeakReference;TryGetTarget;(T);Argument[this];Argument[0];taint;df-generated | neutral | Dapper;SqlMapper+GridReader;Dispose;();summary;df-generated | | Dapper;SqlMapper+Identity;Equals;(Dapper.SqlMapper+Identity);summary;df-generated | @@ -24804,6 +24645,7 @@ neutral | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Reset;();summary;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;Dispose;();summary;df-generated | +| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;MoveNext;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;Reset;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();summary;df-generated | @@ -25057,6 +24899,7 @@ neutral | Microsoft.VisualBasic.CompilerServices;StringType;FromShort;(System.Int16);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;FromSingle;(System.Single);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;FromSingle;(System.Single,System.Globalization.NumberFormatInfo);summary;df-generated | +| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrCmp;(System.String,System.String,System.Boolean);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrLike;(System.String,System.String,Microsoft.VisualBasic.CompareMethod);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrLikeBinary;(System.String,System.String);summary;df-generated | @@ -25253,6 +25096,7 @@ neutral | Microsoft.VisualBasic;FileSystem;FileClose;(System.Int32[]);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileCopy;(System.String,System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileDateTime;(System.String);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Boolean,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Byte,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Char,System.Int64);summary;df-generated | @@ -25263,6 +25107,9 @@ neutral | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Int32,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Int64,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Single,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileLen;(System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileOpen;(System.Int32,System.String,Microsoft.VisualBasic.OpenMode,Microsoft.VisualBasic.OpenAccess,Microsoft.VisualBasic.OpenShare,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FilePut;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);summary;df-generated | @@ -25292,7 +25139,9 @@ neutral | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int16);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Single);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;InputString;(System.Int32,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Kill;(System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;LOF;(System.Int32);summary;df-generated | @@ -26065,6 +25914,7 @@ neutral | System.Buffers;ReadOnlySequence;Slice;(System.Int32,System.Int32);summary;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.Int64,System.Int64);summary;df-generated | | System.Buffers;ReadOnlySequence;ToString;();summary;df-generated | +| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);summary;df-generated | | System.Buffers;ReadOnlySequence;get_End;();summary;df-generated | | System.Buffers;ReadOnlySequence;get_First;();summary;df-generated | | System.Buffers;ReadOnlySequence;get_IsEmpty;();summary;df-generated | @@ -26090,6 +25940,12 @@ neutral | System.Buffers;SequenceReader;get_Position;();summary;df-generated | | System.Buffers;SequenceReader;get_Remaining;();summary;df-generated | | System.Buffers;SequenceReader;get_Sequence;();summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);summary;df-generated | | System.Buffers;StandardFormat;Equals;(System.Buffers.StandardFormat);summary;df-generated | | System.Buffers;StandardFormat;Equals;(System.Object);summary;df-generated | | System.Buffers;StandardFormat;GetHashCode;();summary;df-generated | @@ -26198,6 +26054,10 @@ neutral | System.CodeDom.Compiler;CompilerResults;get_Errors;();summary;df-generated | | System.CodeDom.Compiler;CompilerResults;get_Output;();summary;df-generated | | System.CodeDom.Compiler;Executor;ExecWait;(System.String,System.CodeDom.Compiler.TempFileCollection);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromFile;(System.CodeDom.Compiler.CompilerParameters,System.String);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromFileBatch;(System.CodeDom.Compiler.CompilerParameters,System.String[]);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromSource;(System.CodeDom.Compiler.CompilerParameters,System.String);summary;df-generated | @@ -27143,6 +27003,18 @@ neutral | System.Collections.Immutable;ImmutableHashSet;get_IsEmpty;();summary;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_IsReadOnly;();summary;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_IsSynchronized;();summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);summary;df-generated | | System.Collections.Immutable;ImmutableList;Create;();summary;df-generated | | System.Collections.Immutable;ImmutableList;CreateBuilder;();summary;df-generated | | System.Collections.Immutable;ImmutableList;IndexOf;(System.Collections.Immutable.IImmutableList,T);summary;df-generated | @@ -31670,6 +31542,7 @@ neutral | System.Diagnostics.Tracing;EventSource;SetCurrentThreadActivityId;(System.Guid,System.Guid);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions);summary;df-generated | +| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;WriteEvent;(System.Int32);summary;df-generated | @@ -31827,6 +31700,8 @@ neutral | System.Diagnostics;Debug+WriteIfInterpolatedStringHandler;AppendLiteral;(System.String);summary;df-generated | | System.Diagnostics;Debug+WriteIfInterpolatedStringHandler;WriteIfInterpolatedStringHandler;(System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean);summary;df-generated | +| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String,System.String);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String,System.String,System.Object[]);summary;df-generated | @@ -31842,6 +31717,8 @@ neutral | System.Diagnostics;Debug;Write;(System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;Write;(System.String);summary;df-generated | | System.Diagnostics;Debug;Write;(System.String,System.String);summary;df-generated | +| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Object);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.String);summary;df-generated | @@ -31851,6 +31728,8 @@ neutral | System.Diagnostics;Debug;WriteLine;(System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLine;(System.String,System.Object[]);summary;df-generated | | System.Diagnostics;Debug;WriteLine;(System.String,System.String);summary;df-generated | +| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Object);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.String);summary;df-generated | @@ -33602,6 +33481,8 @@ neutral | System.IO.Enumeration;FileSystemEnumerator;MoveNext;();summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;OnDirectoryFinished;(System.ReadOnlySpan);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;Reset;();summary;df-generated | +| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | +| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;TransformEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();summary;df-generated | | System.IO.Enumeration;FileSystemName;MatchesSimpleExpression;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);summary;df-generated | @@ -34316,6 +34197,7 @@ neutral | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt16);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt32);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt64);summary;df-generated | +| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;WriteArray;(System.Int64,T[],System.Int32,System.Int32);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;get_CanRead;();summary;df-generated | | System.IO;UnmanagedMemoryAccessor;get_CanWrite;();summary;df-generated | @@ -35763,6 +35645,8 @@ neutral | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | +| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);summary;df-generated | +| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | @@ -35795,6 +35679,8 @@ neutral | System.Net.Sockets;Socket;EndDisconnect;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndReceive;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndReceive;(System.IAsyncResult,System.Net.Sockets.SocketError);summary;df-generated | +| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);summary;df-generated | +| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);summary;df-generated | | System.Net.Sockets;Socket;EndSend;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndSend;(System.IAsyncResult,System.Net.Sockets.SocketError);summary;df-generated | | System.Net.Sockets;Socket;EndSendFile;(System.IAsyncResult);summary;df-generated | @@ -37613,6 +37499,7 @@ neutral | System.Numerics;Vector;Store;(System.Numerics.Vector,T*);summary;df-generated | | System.Numerics;Vector;StoreAligned;(System.Numerics.Vector,T*);summary;df-generated | | System.Numerics;Vector;StoreAlignedNonTemporal;(System.Numerics.Vector,T*);summary;df-generated | +| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);summary;df-generated | | System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T,System.UIntPtr);summary;df-generated | | System.Numerics;Vector;Subtract;(System.Numerics.Vector,System.Numerics.Vector);summary;df-generated | | System.Numerics;Vector;Sum;(System.Numerics.Vector);summary;df-generated | @@ -38390,6 +38277,9 @@ neutral | System.Reflection.Metadata.Ecma335;ScalarEncoder;NullArray;();summary;df-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;SystemType;(System.String);summary;df-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;get_Builder;();summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Boolean;();summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Byte;();summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Char;();summary;df-generated | @@ -38510,6 +38400,7 @@ neutral | System.Reflection.Metadata;BlobBuilder;WriteConstant;(System.Object);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.IO.Stream);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobBuilder);summary;df-generated | +| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDateTime;(System.DateTime);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDecimal;(System.Decimal);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDouble;(System.Double);summary;df-generated | @@ -39969,6 +39860,7 @@ neutral | System.Runtime.CompilerServices;AccessedThroughPropertyAttribute;get_PropertyName;();summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;Complete;();summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;Create;();summary;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorStateMachineAttribute;AsyncIteratorStateMachineAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;AsyncMethodBuilderAttribute;AsyncMethodBuilderAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;AsyncMethodBuilderAttribute;get_BuilderType;();summary;df-generated | @@ -39977,21 +39869,28 @@ neutral | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;CallSite;Create;(System.Type,System.Runtime.CompilerServices.CallSiteBinder);summary;df-generated | | System.Runtime.CompilerServices;CallSite;Create;(System.Runtime.CompilerServices.CallSiteBinder);summary;df-generated | | System.Runtime.CompilerServices;CallSite;get_Update;();summary;df-generated | @@ -40098,10 +39997,12 @@ neutral | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Contains;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Contains;(T);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;IndexOf;(System.Object);summary;df-generated | @@ -40169,7 +40070,11 @@ neutral | System.Runtime.CompilerServices;TypeForwardedToAttribute;TypeForwardedToAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;TypeForwardedToAttribute;get_Destination;();summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Add;(System.Void*,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;AreSame;(T,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;As;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;As;(TFrom);summary;df-generated | @@ -40179,6 +40084,7 @@ neutral | System.Runtime.CompilerServices;Unsafe;BitCast;(TFrom);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;ByteOffset;(T,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Copy;(System.Void*,T);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlock;(System.Byte,System.Byte,System.UInt32);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlock;(System.Void*,System.Void*,System.UInt32);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlockUnaligned;(System.Byte,System.Byte,System.UInt32);summary;df-generated | @@ -40197,7 +40103,11 @@ neutral | System.Runtime.CompilerServices;Unsafe;SizeOf;();summary;df-generated | | System.Runtime.CompilerServices;Unsafe;SkipInit;(T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Subtract;(System.Void*,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Unbox;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Write;(System.Void*,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;WriteUnaligned;(System.Byte,T);summary;df-generated | @@ -41048,6 +40958,7 @@ neutral | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpan;(T,System.Int32);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpanFromNullTerminated;(System.Byte*);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpanFromNullTerminated;(System.Char*);summary;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetArrayDataReference;(System.Array);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetArrayDataReference;(T[]);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetReference;(System.ReadOnlySpan);summary;df-generated | @@ -41293,6 +41204,7 @@ neutral | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);summary;df-generated | | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.String);summary;df-generated | | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.String,System.Exception);summary;df-generated | +| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt32,System.UInt32);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt64);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt32);summary;df-generated | @@ -41315,6 +41227,7 @@ neutral | System.Runtime.InteropServices;SafeHandle;get_IsClosed;();summary;df-generated | | System.Runtime.InteropServices;SafeHandle;get_IsInvalid;();summary;df-generated | | System.Runtime.InteropServices;SequenceMarshal;TryGetArray;(System.Buffers.ReadOnlySequence,System.ArraySegment);summary;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;StructLayoutAttribute;(System.Int16);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;StructLayoutAttribute;(System.Runtime.InteropServices.LayoutKind);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;get_Value;();summary;df-generated | @@ -49201,6 +49114,7 @@ neutral | System.Runtime.Intrinsics;Vector64;Store;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreAligned;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector64;Subtract;(System.Runtime.Intrinsics.Vector64,System.Runtime.Intrinsics.Vector64);summary;df-generated | | System.Runtime.Intrinsics;Vector64;Sum;(System.Runtime.Intrinsics.Vector64);summary;df-generated | @@ -49486,6 +49400,7 @@ neutral | System.Runtime.Intrinsics;Vector128;Store;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreAligned;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector128;Subtract;(System.Runtime.Intrinsics.Vector128,System.Runtime.Intrinsics.Vector128);summary;df-generated | | System.Runtime.Intrinsics;Vector128;Sum;(System.Runtime.Intrinsics.Vector128);summary;df-generated | @@ -49764,6 +49679,7 @@ neutral | System.Runtime.Intrinsics;Vector256;Store;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreAligned;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector256;Subtract;(System.Runtime.Intrinsics.Vector256,System.Runtime.Intrinsics.Vector256);summary;df-generated | | System.Runtime.Intrinsics;Vector256;Sum;(System.Runtime.Intrinsics.Vector256);summary;df-generated | @@ -50043,6 +49959,7 @@ neutral | System.Runtime.Intrinsics;Vector512;Store;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreAligned;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector512;Subtract;(System.Runtime.Intrinsics.Vector512,System.Runtime.Intrinsics.Vector512);summary;df-generated | | System.Runtime.Intrinsics;Vector512;Sum;(System.Runtime.Intrinsics.Vector512);summary;df-generated | @@ -53450,6 +53367,7 @@ neutral | System.Text.Json.Nodes;JsonNode;Parse;(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;Parse;(System.ReadOnlySpan,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;Parse;(System.String,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | +| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);summary;df-generated | | System.Text.Json.Nodes;JsonNode;ParseAsync;(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json.Nodes;JsonNode;ToJsonString;(System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;WriteTo;(System.Text.Json.Utf8JsonWriter,System.Text.Json.JsonSerializerOptions);summary;df-generated | @@ -53627,6 +53545,8 @@ neutral | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json;JsonDocument;Parse;(System.String,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json;JsonDocument;ParseAsync;(System.IO.Stream,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken);summary;df-generated | +| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);summary;df-generated | +| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);summary;df-generated | | System.Text.Json;JsonDocument;WriteTo;(System.Text.Json.Utf8JsonWriter);summary;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;Dispose;();summary;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;MoveNext;();summary;df-generated | @@ -53657,6 +53577,7 @@ neutral | System.Text.Json;JsonElement;GetUInt16;();summary;df-generated | | System.Text.Json;JsonElement;GetUInt32;();summary;df-generated | | System.Text.Json;JsonElement;GetUInt64;();summary;df-generated | +| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);summary;df-generated | | System.Text.Json;JsonElement;ToString;();summary;df-generated | | System.Text.Json;JsonElement;TryGetByte;(System.Byte);summary;df-generated | | System.Text.Json;JsonElement;TryGetBytesFromBase64;(System.Byte[]);summary;df-generated | @@ -53673,6 +53594,7 @@ neutral | System.Text.Json;JsonElement;TryGetUInt16;(System.UInt16);summary;df-generated | | System.Text.Json;JsonElement;TryGetUInt32;(System.UInt32);summary;df-generated | | System.Text.Json;JsonElement;TryGetUInt64;(System.UInt64);summary;df-generated | +| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.ReadOnlySpan);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.ReadOnlySpan);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.String);summary;df-generated | @@ -53717,6 +53639,9 @@ neutral | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.Serialization.JsonSerializerContext);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.IO.Stream,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.ReadOnlySpan,System.Text.Json.JsonSerializerOptions);summary;df-generated | @@ -53731,6 +53656,8 @@ neutral | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.JsonElement,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Type,System.Text.Json.JsonSerializerOptions,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Type,System.Text.Json.Serialization.JsonSerializerContext,System.Threading.CancellationToken);summary;df-generated | @@ -54238,6 +54165,8 @@ neutral | System.Text.Unicode;Utf8;FromUtf16;(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | | System.Text.Unicode;Utf8;IsValid;(System.ReadOnlySpan);summary;df-generated | | System.Text.Unicode;Utf8;ToUtf16;(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | +| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | +| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.Char*,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.Char[],System.Int32,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.ReadOnlySpan);summary;df-generated | @@ -55170,12 +55099,15 @@ neutral | System.Threading;Interlocked;CompareExchange;(System.Int16,System.Int16,System.Int16);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Int32,System.Int32,System.Int32);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Int64,System.Int64,System.Int64);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Object,System.Object,System.Object);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.SByte,System.SByte,System.SByte);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Single,System.Single,System.Single);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt16,System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt32,System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt64,System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(T,T,T);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.Int32);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.Int64);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.UInt32);summary;df-generated | @@ -55185,12 +55117,15 @@ neutral | System.Threading;Interlocked;Exchange;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Object,System.Object);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Single,System.Single);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Interlocked;Exchange;(T,T);summary;df-generated | | System.Threading;Interlocked;Increment;(System.Int32);summary;df-generated | | System.Threading;Interlocked;Increment;(System.Int64);summary;df-generated | | System.Threading;Interlocked;Increment;(System.UInt32);summary;df-generated | @@ -55254,6 +55189,7 @@ neutral | System.Threading;Mutex;Mutex;(System.Boolean,System.String,System.Boolean);summary;df-generated | | System.Threading;Mutex;OpenExisting;(System.String);summary;df-generated | | System.Threading;Mutex;ReleaseMutex;();summary;df-generated | +| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);summary;df-generated | | System.Threading;Overlapped;Free;(System.Threading.NativeOverlapped*);summary;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.Int32,System.IAsyncResult);summary;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);summary;df-generated | @@ -55270,9 +55206,11 @@ neutral | System.Threading;ReaderWriterLock;AcquireWriterLock;(System.Int32);summary;df-generated | | System.Threading;ReaderWriterLock;AcquireWriterLock;(System.TimeSpan);summary;df-generated | | System.Threading;ReaderWriterLock;AnyWritersSince;(System.Int32);summary;df-generated | +| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseLock;();summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseReaderLock;();summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseWriterLock;();summary;df-generated | +| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);summary;df-generated | | System.Threading;ReaderWriterLock;UpgradeToWriterLock;(System.Int32);summary;df-generated | | System.Threading;ReaderWriterLock;UpgradeToWriterLock;(System.TimeSpan);summary;df-generated | | System.Threading;ReaderWriterLock;get_IsReaderLockHeld;();summary;df-generated | @@ -55400,21 +55338,27 @@ neutral | System.Threading;Thread;VolatileRead;(System.Int16);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Int32);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Int64);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.IntPtr);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.Object);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.SByte);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Single);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt16);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt32);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt64);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.UIntPtr);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Byte,System.Byte);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Double,System.Double);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Single,System.Single);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);summary;df-generated | | System.Threading;Thread;Yield;();summary;df-generated | | System.Threading;Thread;get_CurrentThread;();summary;df-generated | | System.Threading;Thread;get_ExecutionContext;();summary;df-generated | @@ -55498,11 +55442,14 @@ neutral | System.Threading;Volatile;Write;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Volatile;Write;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Volatile;Write;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Volatile;Write;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Volatile;Write;(System.Single,System.Single);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Volatile;Write;(T,T);summary;df-generated | | System.Threading;WaitHandle;Close;();summary;df-generated | | System.Threading;WaitHandle;Dispose;();summary;df-generated | | System.Threading;WaitHandle;Dispose;(System.Boolean);summary;df-generated | @@ -57011,6 +56958,7 @@ neutral | System;Array;LastIndexOf;(T[],T,System.Int32,System.Int32);summary;df-generated | | System;Array;Remove;(System.Object);summary;df-generated | | System;Array;RemoveAt;(System.Int32);summary;df-generated | +| System;Array;Resize;(T[],System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32,System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32,System.Int32,System.Int32);summary;df-generated | @@ -59655,8 +59603,10 @@ neutral | System;MemoryExtensions;ToLowerInvariant;(System.ReadOnlySpan,System.Span);summary;df-generated | | System;MemoryExtensions;ToUpper;(System.ReadOnlySpan,System.Span,System.Globalization.CultureInfo);summary;df-generated | | System;MemoryExtensions;ToUpperInvariant;(System.ReadOnlySpan,System.Span);summary;df-generated | +| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.Object[]);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.ReadOnlySpan);summary;df-generated | +| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1,TArg2);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0);summary;df-generated | @@ -60188,6 +60138,8 @@ neutral | System;String;Contains;(System.String,System.StringComparison);summary;df-generated | | System;String;CopyTo;(System.Int32,System.Char[],System.Int32,System.Int32);summary;df-generated | | System;String;CopyTo;(System.Span);summary;df-generated | +| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);summary;df-generated | +| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);summary;df-generated | | System;String;EndsWith;(System.Char);summary;df-generated | | System;String;EndsWith;(System.String);summary;df-generated | | System;String;EndsWith;(System.String,System.Boolean,System.Globalization.CultureInfo);summary;df-generated | @@ -61408,8 +61360,6 @@ neutral | System;Uri;op_Inequality;(System.Uri,System.Uri);summary;df-generated | | System;UriBuilder;Equals;(System.Object);summary;df-generated | | System;UriBuilder;GetHashCode;();summary;df-generated | -| System;UriBuilder;ToString;();summary;df-generated | -| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);summary;df-generated | | System;UriFormatException;UriFormatException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);summary;df-generated | | System;UriFormatException;UriFormatException;(System.String);summary;df-generated | | System;UriFormatException;UriFormatException;(System.String,System.Exception);summary;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index f5b48a00292f..08b3588b4949 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -777,7 +777,7 @@ | Microsoft.Extensions.Configuration;ChainedBuilderExtensions;AddConfiguration;(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedBuilderExtensions;AddConfiguration;(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;ChainedConfigurationProvider;(Microsoft.Extensions.Configuration.ChainedConfigurationSource);Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration];Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];value;dfc-generated | -| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;taint;dfc-generated | +| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];Argument[1];taint;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;get_Configuration;();Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[0];taint;manual | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;manual | @@ -1441,7 +1441,7 @@ | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckRegistration;set_Factory;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckService;CheckHealthAsync;(System.Func,System.Threading.CancellationToken);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;Initialize;(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource);Argument[0];Argument[this];taint;df-generated | -| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];Argument[1];value;dfc-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_ByteHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DecimalHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DoubleHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -2238,14 +2238,13 @@ | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;get_Value;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | -| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringTokenizer;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(System.String,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | -| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[this];ReturnValue;taint;manual | @@ -2301,18 +2300,11 @@ | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[0];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[1];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[this];ReturnValue;taint;manual | -| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | Microsoft.VisualBasic;Collection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.Object);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);Argument[1];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;VBCodeProvider;VBCodeProvider;(System.Collections.Generic.IDictionary);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Win32.SafeHandles;SafeFileHandle;SafeFileHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | Microsoft.Win32.SafeHandles;SafeWaitHandle;SafeWaitHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | @@ -3783,7 +3775,7 @@ | ServiceStack.Text;MemoryProvider;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;MemoryProvider;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | -| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+EventHandler;BeginInvoke;(System.AsyncCallback,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+LargeBufferDiscardedEventHandler;BeginInvoke;(ServiceStack.Text.RecyclableMemoryStreamManager+Events+MemoryStreamDiscardReason,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -4484,7 +4476,6 @@ | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.Int64);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[1];ReturnValue;taint;df-generated | -| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;ReadOnlySequence;get_FirstSpan;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySpanAction;BeginInvoke;(System.ReadOnlySpan,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Buffers;SearchValues;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | @@ -4492,30 +4483,24 @@ | System.Buffers;SequenceReader;SequenceReader;(System.Buffers.ReadOnlySequence);Argument[0];Argument[this].Property[System.Buffers.SequenceReader`1.Sequence];value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[1];value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];Argument[1];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;get_UnreadSequence;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;SequenceReader;get_UnreadSpan;();Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;SpanAction;BeginInvoke;(System.Span,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.CodeDom.Compiler;CodeCompiler;FromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[0];taint;df-generated | | System.CodeDom.Compiler;CodeCompiler;FromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[this];taint;df-generated | @@ -4647,14 +4632,6 @@ | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[0].Element;Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element;value;dfc-generated | | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[1];Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly];value;dfc-generated | | System.CodeDom.Compiler;CompilerResults;CompilerResults;(System.CodeDom.Compiler.TempFileCollection);Argument[0];Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles];value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[5];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[2];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;get_Tool;();Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];ReturnValue;value;dfc-generated | @@ -5001,8 +4978,8 @@ | System.Collections.Concurrent;ConcurrentBag;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentBag;ToArray;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;TryAdd;(T);Argument[0];Argument[this].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;AddOrUpdate;(TKey,System.Func,System.Func);Argument[0];Argument[1].Parameter[0];value;dfc-generated | @@ -5063,18 +5040,18 @@ | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Comparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Concurrent;ConcurrentDictionary;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Concurrent;ConcurrentQueue;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentStack;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentStack;ConcurrentStack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[]);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[],System.Int32,System.Int32);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;IProducerConsumerCollection;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;OrderablePartitioner;GetDynamicPartitions;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;Partitioner;Create;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | @@ -5093,7 +5070,7 @@ | System.Collections.Frozen;FrozenDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated | | System.Collections.Frozen;FrozenDictionary;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | -| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Frozen;FrozenDictionary;get_Keys;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenDictionary;get_Values;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet;Create;(System.Collections.Generic.IEqualityComparer,System.ReadOnlySpan);Argument[1];ReturnValue;taint;df-generated | @@ -5101,22 +5078,22 @@ | System.Collections.Frozen;FrozenSet;ToFrozenSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;Contains;(TAlternate);Argument[0];Argument[this];taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[0];Argument[this];taint;df-generated | -| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated | | System.Collections.Frozen;FrozenSet;CopyTo;(System.Span);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[0].Element;value;dfc-generated | | System.Collections.Frozen;FrozenSet;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.Frozen;FrozenSet;get_Items;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IList);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;CopyTo;(System.Collections.Generic.List,System.Span);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Generic;CollectionExtensions;GetValueOrDefault;(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;Argument[2];taint;df-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[1];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[2];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;Comparer;Create;(System.Comparison);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -5161,7 +5138,7 @@ | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;Argument[this];taint;df-generated | | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEqualityComparer);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];value;dfc-generated | | System.Collections.Generic;HashSet;RemoveWhere;(System.Predicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;HashSet;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;ICollection;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;ICollection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -5180,7 +5157,8 @@ | System.Collections.Generic;ISet;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[0];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[1];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | -| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[0];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[1];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;KeyValuePair;get_Key;();Argument[this];ReturnValue;taint;df-generated | @@ -5270,8 +5248,8 @@ | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Int32,System.Collections.Generic.IEqualityComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];value;dfc-generated | -| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;OrderedDictionary;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Keys;();Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Keys];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Values;();Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Values];ReturnValue;value;dfc-generated | @@ -5286,9 +5264,12 @@ | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Int32,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[0];Argument[3];taint;df-generated | -| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[2];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;PriorityQueue;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;dfc-generated | @@ -5301,8 +5282,8 @@ | System.Collections.Generic;Queue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.Queue`1+Enumerator.Current];value;manual | | System.Collections.Generic;Queue;Peek;();Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;Queue;Queue;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;value;dfc-generated | -| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;df-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;df-generated | @@ -5343,7 +5324,7 @@ | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;Argument[1];value;dfc-generated | | System.Collections.Generic;SortedList;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;SortedList;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Generic;SortedList;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | @@ -5363,7 +5344,7 @@ | System.Collections.Generic;SortedSet;SortedSet;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | -| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];Argument[1];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[this].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | @@ -5382,8 +5363,8 @@ | System.Collections.Generic;Stack;Push;(T);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;Stack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;ToArray;();Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue.Element;value;dfc-generated | -| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Immutable;IImmutableDictionary;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;IImmutableDictionary;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | | System.Collections.Immutable;IImmutableList;Add;(T);Argument[0];Argument[this].Element;value;manual | @@ -5605,8 +5586,7 @@ | System.Collections.Immutable;ImmutableDictionary+Builder;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];ReturnValue;value;df-generated | @@ -5625,8 +5605,7 @@ | System.Collections.Immutable;ImmutableDictionary;SetItem;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer];value;dfc-generated | @@ -5648,7 +5627,7 @@ | System.Collections.Immutable;ImmutableHashSet;ToImmutableHashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -5661,12 +5640,10 @@ | System.Collections.Immutable;ImmutableHashSet;Remove;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;Union;(System.Collections.Generic.IEnumerable);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;WithComparer;(System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;get_KeyComparer;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | @@ -5679,8 +5656,6 @@ | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[2];ReturnValue;value;dfc-generated | @@ -5689,9 +5664,6 @@ | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | @@ -5700,45 +5672,22 @@ | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableList;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableList;Create;(T);Argument[0];ReturnValue;taint;df-generated | @@ -5866,9 +5815,11 @@ | System.Collections.Immutable;ImmutableQueue;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;();Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Enqueue;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableQueue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableQueue`1+Enumerator.Current];value;manual | @@ -5932,8 +5883,7 @@ | System.Collections.Immutable;ImmutableSortedDictionary+Builder;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableSortedDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -5952,9 +5902,8 @@ | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer];value;dfc-generated | @@ -5984,8 +5933,8 @@ | System.Collections.Immutable;ImmutableSortedSet+Builder;IntersectWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;Reverse;();Argument[this].Element;ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Max;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Min;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | @@ -6004,8 +5953,8 @@ | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;df-generated | @@ -6018,12 +5967,13 @@ | System.Collections.Immutable;ImmutableStack;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableStack;Peek;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];Argument[0];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[this];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];value;dfc-generated | @@ -6036,8 +5986,7 @@ | System.Collections.ObjectModel;KeyedCollection;InsertItem;(System.Int32,TItem);Argument[1];Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;KeyedCollection;(System.Collections.Generic.IEqualityComparer,System.Int32);Argument[0];Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;SetItem;(System.Int32,TItem);Argument[1];Argument[this];taint;df-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Comparer;();Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;KeyedCollection;get_Item;(TKey);Argument[this].Element;ReturnValue;value;manual | @@ -6053,7 +6002,6 @@ | System.Collections.ObjectModel;ReadOnlyDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.ObjectModel;ReadOnlyDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -6167,7 +6115,8 @@ | System.Collections;DictionaryBase;OnGet;(System.Object,System.Object);Argument[1];ReturnValue;value;dfc-generated | | System.Collections;DictionaryBase;get_Dictionary;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections;DictionaryBase;get_SyncRoot;();Argument[this].Property[System.Collections.DictionaryBase.InnerHashtable].Property[System.Collections.Hashtable.SyncRoot];ReturnValue;value;dfc-generated | -| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[0];taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System.Collections;Hashtable;Clone;();Argument[this].Element;ReturnValue.Element;value;manual | @@ -6849,12 +6798,11 @@ | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;IInternalConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigRecord;GetLkgSection;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -7311,7 +7259,7 @@ | System.Data.Common;DbConnectionStringBuilder;GetProperties;(System.Collections.Hashtable);Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;ReturnValue;taint;dfc-generated | -| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Data.Common;DbConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -7402,7 +7350,7 @@ | System.Data.Entity.Core.Common.CommandTrees;DbLambda;Create;(System.Data.Entity.Core.Metadata.Edm.TypeUsage,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Common;DbCommandDefinition;DbCommandDefinition;(System.Data.Common.DbCommand,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Common;DbProviderServices;RegisterInfoMessageHandler;(System.Data.Common.DbConnection,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;add_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;remove_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;MetadataWorkspace;LoadFromAssembly;(System.Reflection.Assembly,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -7771,7 +7719,7 @@ | System.Data.SqlClient;SqlCommand;remove_StatementCompleted;(System.Data.StatementCompletedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnection;add_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;remove_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -8274,12 +8222,6 @@ | System.Diagnostics.Tracing;EventSource;GetTrait;(System.String);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element;ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;SendCommand;(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary);Argument[2];Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[3];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[4];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[2];ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands];Argument[0].Parameter[1];value;dfc-generated | @@ -8370,19 +8312,12 @@ | System.Diagnostics;ActivityTagsCollection;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Diagnostics;ActivityTagsCollection;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Diagnostics.ActivityTagsCollection+Enumerator.Current];value;manual | -| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Diagnostics;ActivityTraceId;ToHexString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ActivityTraceId;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;CorrelationManager;get_LogicalOperationStack;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventArgs;get_Data;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventHandler;BeginInvoke;(System.Object,System.Diagnostics.DataReceivedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | | System.Diagnostics;DiagnosticListener;DiagnosticListener;(System.String);Argument[0];Argument[this].Property[System.Diagnostics.DiagnosticListener.Name];value;dfc-generated | | System.Diagnostics;DiagnosticListener;Subscribe;(System.IObserver>);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;DiagnosticListener;Subscribe;(System.IObserver>);Argument[this];ReturnValue;taint;df-generated | @@ -8693,7 +8628,7 @@ | System.Dynamic;DynamicMetaObjectBinder;Bind;(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget);Argument[2];ReturnValue.Property[System.Linq.Expressions.GotoExpression.Target];value;dfc-generated | | System.Dynamic;ExpandoObject;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Dynamic;ExpandoObject;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Dynamic;GetIndexBinder;FallbackGetIndex;(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject[],System.Dynamic.DynamicMetaObject);Argument[2];ReturnValue;value;dfc-generated | | System.Dynamic;GetIndexBinder;GetIndexBinder;(System.Dynamic.CallInfo);Argument[0];Argument[this].Property[System.Dynamic.GetIndexBinder.CallInfo];value;dfc-generated | | System.Dynamic;GetMemberBinder;FallbackGetMember;(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject);Argument[1];ReturnValue;value;dfc-generated | @@ -8715,9 +8650,9 @@ | System.Formats.Asn1;AsnDecoder;TryReadBitString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadCharacterStringBytes;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadOctetString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[2].Element;value;dfc-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[0];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[2];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;ReadBitString;(System.Int32,System.Nullable);Argument[this];ReturnValue;taint;df-generated | @@ -8870,8 +8805,6 @@ | System.IO.Enumeration;FileSystemEnumerable;FileSystemEnumerable;(System.String,System.IO.Enumeration.FileSystemEnumerable+FindTransform,System.IO.EnumerationOptions);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldIncludePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldRecursePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -9083,7 +9016,7 @@ | System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | -| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | System.IO;MemoryStream;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;Argument[this];taint;df-generated | | System.IO;MemoryStream;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;Argument[this];taint;dfc-generated | | System.IO;MemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | @@ -9293,7 +9226,6 @@ | System.IO;UnmanagedMemoryAccessor;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | -| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);Argument[1];ReturnValue;value;dfc-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;UnmanagedMemoryStream;(System.Byte*,System.Int64);Argument[0];Argument[this];taint;df-generated | @@ -11183,8 +11115,8 @@ | System.Net.Http.Headers;HttpHeaders;get_NonValidated;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Item;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;dfc-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;dfc-generated | @@ -11205,8 +11137,8 @@ | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | -| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | +| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | @@ -11250,9 +11182,9 @@ | System.Net.Http.Headers;TransferCodingHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | -| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | +| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;get_Value;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[1];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[2];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolName];value;dfc-generated | @@ -11331,8 +11263,7 @@ | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated | +| System.Net.Http;HttpRequestMessage;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -11401,17 +11332,17 @@ | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[0];Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[1];Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._host];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_DisplayName;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];ReturnValue;value;dfc-generated | @@ -11600,13 +11531,7 @@ | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | @@ -11622,18 +11547,16 @@ | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;DisconnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | | System.Net.Sockets;Socket;ReceiveAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveMessageFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendPacketsAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | @@ -11929,7 +11852,7 @@ | System.Net;WriteStreamClosedEventHandler;BeginInvoke;(System.Object,System.Net.WriteStreamClosedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Numerics;BigInteger;Abs;(System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue.Field[System.ValueTuple`2.Item2];value;dfc-generated | -| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | +| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];Argument[2];value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitudeNumber;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | @@ -11977,7 +11900,6 @@ | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;WithElement;(System.Numerics.Vector,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -12090,6 +12012,7 @@ | System.Reflection.Emit;ParameterBuilder;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;dfc-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];Argument[2];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;PersistedAssemblyBuilder;(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;PropertyBuilder;AddOtherMethodCore;(System.Reflection.Emit.MethodBuilder);Argument[0];Argument[this];taint;df-generated | @@ -12207,11 +12130,8 @@ | System.Reflection.Metadata.Ecma335;PortablePdbBuilder;Serialize;(System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;ReturnTypeEncoder;ReturnTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder];value;dfc-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;ScalarEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder];value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[2];Argument[this];taint;df-generated | @@ -12221,7 +12141,7 @@ | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;hq-generated | -| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];Argument[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Pointer;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SZArray;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SignatureTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder];value;dfc-generated | @@ -12250,7 +12170,6 @@ | System.Reflection.Metadata;BlobBuilder;LinkSuffix;(System.Reflection.Metadata.BlobBuilder);Argument[this];Argument[0];taint;df-generated | | System.Reflection.Metadata;BlobBuilder;ReserveBytes;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata;BlobBuilder;TryWriteBytes;(System.IO.Stream,System.Int32);Argument[0];Argument[this];taint;df-generated | -| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobContentId;BlobContentId;(System.Guid,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];value;dfc-generated | | System.Reflection.Metadata;BlobContentId;get_Guid;();Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobReader;ReadConstant;(System.Reflection.Metadata.ConstantTypeCode);Argument[this];ReturnValue;taint;df-generated | @@ -12502,8 +12421,8 @@ | System.Reflection.PortableExecutable;PEReader;PEReader;(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32);Argument[0];Argument[this];taint;df-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;hq-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;dfc-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;hq-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;dfc-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;hq-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.PortableExecutable;PEReader;get_PEHeaders;();Argument[this];ReturnValue;taint;df-generated | @@ -12541,11 +12460,7 @@ | System.Reflection;AssemblyName;get_EscapedCodeBase;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;Binder;BindToField;(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[1].Element;ReturnValue;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2].Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;Argument[0].Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectProperty;(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;ConstructorInvoker;Invoke;();Argument[this];ReturnValue;taint;df-generated | @@ -12733,7 +12648,7 @@ | System.Resources;ResourceManager;GetString;(System.String,System.Globalization.CultureInfo);Argument[1];Argument[this];taint;df-generated | | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly,System.Type);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | -| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];ReturnValue;taint;df-generated | +| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];Argument[1];taint;df-generated | | System.Resources;ResourceReader;ResourceReader;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceSet;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | System.Resources;ResourceSet;GetObject;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -12742,41 +12657,21 @@ | System.Resources;ResourceWriter;ResourceWriter;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;ResourceWriter;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;set_TypeNameConverter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result];value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;CallSite;get_Binder;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ConditionalWeakTable+CreateValueCallback;BeginInvoke;(TKey,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ConditionalWeakTable;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -12809,17 +12704,11 @@ | System.Runtime.CompilerServices;IRuntimeVariables;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ITuple;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;NullableAttribute;NullableAttribute;(System.Byte[]);Argument[0];Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags];value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;ReadOnlyCollectionBuilder;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | | System.Runtime.CompilerServices;RuntimeHelpers+CleanupCode;BeginInvoke;(System.Object,System.Boolean,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -12841,15 +12730,6 @@ | System.Runtime.CompilerServices;TaskAwaiter;GetResult;();Argument[this].SyntheticField[m_task_task_awaiter].Property[System.Threading.Tasks.Task`1.Result];ReturnValue;value;manual | | System.Runtime.CompilerServices;TupleElementNamesAttribute;TupleElementNamesAttribute;(System.String[]);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];value;dfc-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;get_TransformNames;();Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;GetResult;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.ExceptionServices;ExceptionDispatchInfo;Capture;(System.Exception);Argument[0];ReturnValue.SyntheticField[System.Runtime.ExceptionServices.ExceptionDispatchInfo._exception];value;dfc-generated | | System.Runtime.ExceptionServices;ExceptionDispatchInfo;SetCurrentStackTrace;(System.Exception);Argument[0];ReturnValue;value;dfc-generated | @@ -12947,8 +12827,8 @@ | System.Runtime.InteropServices.Marshalling;SpanMarshaller+ManagedToUnmanagedIn;GetUnmanagedValuesDestination;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices.Marshalling;SpanMarshaller;GetManagedValuesDestination;(System.Span);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices.Marshalling;Utf8StringMarshaller+ManagedToUnmanagedIn;ToUnmanaged;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];Argument[0];value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];Argument[1];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[0];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[1];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];value;dfc-generated | | System.Runtime.InteropServices.ObjectiveC;ObjectiveCMarshal+UnhandledExceptionPropagationHandler;BeginInvoke;(System.Exception,System.RuntimeMethodHandle,System.IntPtr,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -12978,23 +12858,21 @@ | System.Runtime.InteropServices;ManagedToNativeComInteropStubAttribute;ManagedToNativeComInteropStubAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName];value;dfc-generated | | System.Runtime.InteropServices;Marshal;InitHandle;(System.Runtime.InteropServices.SafeHandle,System.IntPtr);Argument[1];Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateFromPinnedArray;(T[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;ToEnumerable;(System.ReadOnlyMemory);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;ReturnValue.Element;value;dfc-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];Argument[1];value;dfc-generated | | System.Runtime.InteropServices;NFloat;ToString;(System.IFormatProvider);Argument[0];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;NativeLibrary;SetDllImportResolver;(System.Reflection.Assembly,System.Runtime.InteropServices.DllImportResolver);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.InteropServices;OSPlatform;Create;(System.String);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];value;dfc-generated | | System.Runtime.InteropServices;OSPlatform;ToString;();Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;PosixSignalRegistration;Create;(System.Runtime.InteropServices.PosixSignal,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;DangerousGetHandle;();Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SafeHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];Argument[1];value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[3];taint;df-generated | | System.Runtime.Intrinsics;Vector64;Abs;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | @@ -13005,7 +12883,6 @@ | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;WithElement;(System.Runtime.Intrinsics.Vector64,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13022,7 +12899,6 @@ | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;WithElement;(System.Runtime.Intrinsics.Vector128,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13041,7 +12917,6 @@ | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;WithElement;(System.Runtime.Intrinsics.Vector256,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13060,7 +12935,6 @@ | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;WithElement;(System.Runtime.Intrinsics.Vector512,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13083,7 +12957,9 @@ | System.Runtime.Loader;AssemblyLoadContext;remove_Unloading;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.Remoting;ObjectHandle;ObjectHandle;(System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];value;dfc-generated | | System.Runtime.Remoting;ObjectHandle;Unwrap;();Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_BaseContract;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_DataMembers;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContractSet;DataContractSet;(System.Runtime.Serialization.DataContracts.DataContractSet);Argument[0];Argument[this];taint;df-generated | @@ -13130,7 +13006,7 @@ | System.Runtime.Serialization;IFormatterConverter;ToString;(System.Object);Argument[0];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;IObjectReference;GetRealObject;(System.Runtime.Serialization.StreamingContext);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization;ISerializable;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;KnownTypeAttribute;KnownTypeAttribute;(System.String);Argument[0];Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName];value;dfc-generated | | System.Runtime.Serialization;ObjectIDGenerator;GetId;(System.Object,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Runtime.Serialization;ObjectManager;GetObject;(System.Int64);Argument[this];ReturnValue;taint;df-generated | @@ -13174,7 +13050,7 @@ | System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;ChainSelector;(System.Runtime.Serialization.ISurrogateSelector);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;GetNextSelector;();Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];Argument[2];value;dfc-generated | | System.Runtime.Serialization;XPathQueryGenerator;CreateFromDataContractSerializer;(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager);Argument[2];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;XmlSerializableServices;WriteNodes;(System.Xml.XmlWriter,System.Xml.XmlNode[]);Argument[1].Element;Argument[0];taint;df-generated | | System.Runtime.Serialization;XsdDataContractExporter;XsdDataContractExporter;(System.Xml.Schema.XmlSchemaSet);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas];value;dfc-generated | @@ -13442,7 +13318,7 @@ | System.Security.Cryptography.Xml;SignedInfo;get_CanonicalizationMethodObject;();Argument[this];ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedInfo;get_References;();Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedXml;CheckSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | -| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];Argument[0];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;ComputeSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetIdElement;(System.Xml.XmlDocument,System.String);Argument[0].Element;ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetPublicKey;();Argument[this];ReturnValue;taint;df-generated | @@ -13690,7 +13566,6 @@ | System.Text.Json.Nodes;JsonNode;AsValue;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;DeepClone;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;GetValue;();Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;ReplaceWith;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Nodes;JsonNode;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;get_Options;();Argument[this];ReturnValue;taint;df-generated | @@ -13700,7 +13575,7 @@ | System.Text.Json.Nodes;JsonObject;SetAt;(System.Int32,System.String,System.Text.Json.Nodes.JsonNode);Argument[this];Argument[2];taint;df-generated | | System.Text.Json.Nodes;JsonObject;SetAt;(System.Int32,System.Text.Json.Nodes.JsonNode);Argument[this];Argument[1];taint;df-generated | | System.Text.Json.Nodes;JsonValue;Create;(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable);Argument[1];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Schema;JsonSchemaExporterOptions;set_TransformSchemaNode;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization.Metadata;IJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[1];ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;IJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -13761,7 +13636,6 @@ | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;Combine;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;WithAddedModifier;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | -| System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Serialization;JsonConverterFactory;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Serialization;JsonDerivedTypeAttribute;JsonDerivedTypeAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator];value;dfc-generated | | System.Text.Json.Serialization;JsonPropertyNameAttribute;JsonPropertyNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonPropertyNameAttribute.Name];value;dfc-generated | @@ -13772,8 +13646,6 @@ | System.Text.Json.Serialization;JsonStringEnumMemberNameAttribute;JsonStringEnumMemberNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonStringEnumMemberNameAttribute.Name];value;dfc-generated | | System.Text.Json;JsonDocument;Parse;(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | -| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonDocument;get_RootElement;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json;JsonElement+ArrayEnumerator;get_Current;();Argument[this].Property[System.Text.Json.JsonElement+ArrayEnumerator.Current];ReturnValue;value;df-generated | @@ -13791,11 +13663,9 @@ | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;JsonElement;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;Encode;(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;ToString;();Argument[this];ReturnValue;taint;df-generated | @@ -13817,11 +13687,6 @@ | System.Text.Json;JsonProperty;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonReaderState;JsonReaderState;(System.Text.Json.JsonReaderOptions);Argument[0];Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];value;dfc-generated | | System.Text.Json;JsonReaderState;get_Options;();Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonSerializer;Serialize;(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[1];Argument[2];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[1];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[2];taint;df-generated | @@ -13845,7 +13710,7 @@ | System.Text.Json;JsonSerializerOptions;GetConverter;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;GetTypeInfo;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;JsonSerializerOptions;(System.Text.Json.JsonSerializerOptions);Argument[0];Argument[this];taint;df-generated | -| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;Utf8JsonReader;CopyString;(System.Span);Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;Argument[0].Element;value;dfc-generated | | System.Text.Json;Utf8JsonReader;GetComment;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | | System.Text.Json;Utf8JsonReader;GetString;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | @@ -13863,7 +13728,7 @@ | System.Text.RegularExpressions;GeneratedRegexAttribute;GeneratedRegexAttribute;(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String);Argument[0];Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.Pattern];value;dfc-generated | | System.Text.RegularExpressions;GeneratedRegexAttribute;GeneratedRegexAttribute;(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String);Argument[3];Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.CultureName];value;dfc-generated | | System.Text.RegularExpressions;Group;Synchronized;(System.Text.RegularExpressions.Group);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;ReturnValue;value;dfc-generated | +| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;Argument[1];value;dfc-generated | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Keys;();Argument[this];ReturnValue;taint;df-generated | @@ -13987,8 +13852,6 @@ | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System.Text;Decoder;get_FallbackBuffer;();Argument[this];ReturnValue;taint;df-generated | | System.Text;DecoderFallback;CreateFallbackBuffer;();Argument[this];ReturnValue;taint;df-generated | | System.Text;DecoderFallbackException;DecoderFallbackException;(System.String,System.Byte[],System.Int32);Argument[1];Argument[this].SyntheticField[System.Text.DecoderFallbackException._bytesUnknown];value;dfc-generated | @@ -14216,8 +14079,8 @@ | System.Threading.RateLimiting;PartitionedRateLimiter;CreateChained;(System.Threading.RateLimiting.PartitionedRateLimiter[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Threading.RateLimiting;PartitionedRateLimiter;WithTranslatedKey;(System.Func,System.Boolean);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitLease;GetAllMetadata;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];Argument[1];taint;df-generated | | System.Threading.RateLimiting;RateLimitLease;get_MetadataNames;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;RateLimitPartition;Get;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitPartition;GetConcurrencyLimiter;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -14264,7 +14127,7 @@ | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;ReserveMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[1];Argument[this];taint;df-generated | -| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];Argument[0].Element;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;BufferBlock;(System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | @@ -14299,7 +14162,7 @@ | System.Threading.Tasks.Dataflow;DataflowBlock;ReceiveAsync;(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput);Argument[1];Argument[0];taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken);Argument[1];Argument[0];taint;df-generated | -| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;IDataflowBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;IReceivableSourceBlock;TryReceive;(System.Predicate,TOutput);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;JoinBlock;JoinBlock;(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | @@ -14338,7 +14201,7 @@ | System.Threading.Tasks.Dataflow;WriteOnceBlock;OfferMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,T,System.Threading.Tasks.Dataflow.ISourceBlock,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ReleaseReservation;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[this];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];ReturnValue.Element;value;dfc-generated | +| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];Argument[0].Element;value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -15135,19 +14998,12 @@ | System.Threading;ExecutionContext;Run;(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object);Argument[2];Argument[1].Parameter[0];value;hq-generated | | System.Threading;HostExecutionContextManager;SetHostExecutionContext;(System.Threading.HostExecutionContext);Argument[0];ReturnValue;taint;df-generated | | System.Threading;IOCompletionCallback;BeginInvoke;(System.UInt32,System.UInt32,System.Threading.NativeOverlapped*,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(T,T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;hq-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;dfc-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | @@ -15158,13 +15014,10 @@ | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Threading;Lock;EnterScope;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;ManualResetEventSlim;get_WaitHandle;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);Argument[1];ReturnValue;value;dfc-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[2];Argument[this];taint;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[3];Argument[this];taint;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -15177,8 +15030,6 @@ | System.Threading;PeriodicTimer;WaitForNextTickAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated | | System.Threading;PreAllocatedOverlapped;PreAllocatedOverlapped;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;PreAllocatedOverlapped;UnsafeCreate;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;RegisteredWaitHandle;Unregister;(System.Threading.WaitHandle);Argument[0];Argument[this];taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;(System.Int32);Argument[this];ReturnValue;taint;df-generated | @@ -15202,12 +15053,6 @@ | System.Threading;Thread;Thread;(System.Threading.ParameterizedThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;Thread;VolatileRead;(System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;ThreadExceptionEventArgs;(System.Exception);Argument[0];Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;get_Exception;();Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventHandler;BeginInvoke;(System.Object,System.Threading.ThreadExceptionEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -15238,9 +15083,6 @@ | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.UInt32,System.UInt32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;TimerCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;WaitCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;WaitHandleExtensions;GetSafeWaitHandle;(System.Threading.WaitHandle);Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle];ReturnValue;value;dfc-generated | | System.Threading;WaitHandleExtensions;SetSafeWaitHandle;(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle);Argument[1];Argument[0];taint;df-generated | @@ -15788,17 +15630,20 @@ | System.Xml.Serialization;XmlSerializationReader;ReadElementQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableString;();Argument[this];ReturnValue;taint;df-generated | -| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[1];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];Argument[3];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable);Argument[0];ReturnValue;value;dfc-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | @@ -16077,9 +15922,9 @@ | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[1];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[2];Argument[this];taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;IXmlNamespaceResolver;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated | | System.Xml;IXmlNamespaceResolver;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System.Xml;IXmlNamespaceResolver;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -16156,8 +16001,10 @@ | System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Xml.XmlDictionaryString[],System.Int32);Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value];ReturnValue;value;dfc-generated | @@ -16801,7 +16648,6 @@ | System;Array;ForEach;(T[],System.Action);Argument[0].Element;Argument[1].Parameter[0];value;hq-generated | | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System;Array;Resize;(T[],System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System;Array;Reverse;(System.Array);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(System.Array,System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(T[]);Argument[0].Element;ReturnValue.Element;value;manual | @@ -17171,7 +17017,7 @@ | System;Convert;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual | | System;Converter;BeginInvoke;(TInput,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System;DateTime;ToLocalTime;();Argument[this];ReturnValue;value;df-generated | -| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];ReturnValue;value;dfc-generated | +| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];Argument[2];value;dfc-generated | | System;Delegate+InvocationListEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated | | System;Delegate+InvocationListEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System;Delegate;Combine;(System.Delegate,System.Delegate);Argument[1];ReturnValue;value;dfc-generated | @@ -17435,8 +17281,6 @@ | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0];ReturnValue;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,T);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[0];Argument[this].Field[System.MissingMemberException.ClassName];value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[1];Argument[this].Field[System.MissingMemberException.MemberName];value;dfc-generated | | System;MissingFieldException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | @@ -17553,8 +17397,6 @@ | System;String;Concat;(System.String[]);Argument[0].Element;ReturnValue;taint;manual | | System;String;Concat;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;manual | | System;String;Copy;(System.String);Argument[0];ReturnValue;value;manual | -| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;hq-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | @@ -17672,7 +17514,7 @@ | System;String;TrimStart;();Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char);Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char[]);Argument[this];ReturnValue;taint;manual | -| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];ReturnValue;value;dfc-generated | +| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];Argument[2];value;dfc-generated | | System;StringNormalizationExtensions;Normalize;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System;StringNormalizationExtensions;Normalize;(System.String,System.Text.NormalizationForm);Argument[0];ReturnValue;value;dfc-generated | | System;TimeProvider;CreateTimer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -17713,7 +17555,7 @@ | System;TimeZoneInfo;GetUtcOffset;(System.DateTimeOffset);Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].Property[System.TimeZoneInfo.DisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | -| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];ReturnValue.SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | +| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];Argument[1].SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | | System;TimeZoneInfo;get_BaseUtcOffset;();Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DaylightName;();Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DisplayName;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | @@ -18324,4 +18166,4 @@ | System;ValueTuple;get_Item;(System.Int32);Argument[this].Field[System.ValueTuple`1.Item1];ReturnValue;value;manual | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this].Property[System.WeakReference.Target];Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;df-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this].Property[System.WeakReference.Target];Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated | -| System;WeakReference;TryGetTarget;(T);Argument[this];ReturnValue;taint;df-generated | +| System;WeakReference;TryGetTarget;(T);Argument[this];Argument[0];taint;df-generated | From de6e3eafb908337ff2008b922e4e06fc7e47eeb7 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 15:26:50 +0100 Subject: [PATCH 096/409] C#: Add change note. --- csharp/ql/src/change-notes/2025-03-26-dotnet-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/src/change-notes/2025-03-26-dotnet-models.md diff --git a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md new file mode 100644 index 000000000000..3986145c5af0 --- /dev/null +++ b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. From 4fb138a1a3c899e5083648b81800c423f311cbce Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 14:37:02 +0200 Subject: [PATCH 097/409] Rust: Make `Element.toString` non-recursive --- misc/codegen/templates/ql_class.mustache | 6 +++++- rust/ql/.generated.list | 2 +- .../rust/elements/internal/ElementImpl.qll | 1 + .../rust/elements/internal/ModuleImpl.qll | 2 +- .../codeql/rust/elements/internal/UseImpl.qll | 2 +- .../rust/elements/internal/UseTreeImpl.qll | 20 ++++++++++++++++--- .../elements/internal/generated/Element.qll | 6 +++++- 7 files changed, 31 insertions(+), 8 deletions(-) diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 39aba2b1ef4b..e80e0b0eebda 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -30,7 +30,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 61529b8b6cc5..0bd2931256e7 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -506,7 +506,7 @@ lib/codeql/rust/elements/internal/generated/ConstParam.qll 310342603959a4d521418 lib/codeql/rust/elements/internal/generated/ContinueExpr.qll e2010feb14fb6edeb83a991d9357e50edb770172ddfde2e8670b0d3e68169f28 48d09d661e1443002f6d22b8710e22c9c36d9daa9cde09c6366a61e960d717cb lib/codeql/rust/elements/internal/generated/Crate.qll d245f24e9da4f180c526a6d092f554a9577bae7225c81c36a391947c0865eeb3 c95dbb32b2ce4d9664be56c95b19fcd01c2d3244385e55151f9b06b07f04ce9b lib/codeql/rust/elements/internal/generated/DynTraitTypeRepr.qll a9d540717af1f00dbea1c683fd6b846cddfb2968c7f3e021863276f123337787 1972efb9bca7aae9a9708ca6dcf398e5e8c6d2416a07d525dba1649b80fbe4d1 -lib/codeql/rust/elements/internal/generated/Element.qll 69ce882811f2bef7e0a93c0a24494dd16120a108ba4180d455344e29144a98c4 7781bc5c69b5b08775902fcb97cb23f85359ef2303545afe9d44301b19024b3a +lib/codeql/rust/elements/internal/generated/Element.qll d56d22c060fa929464f837b1e16475a4a2a2e42d68235a014f7369bcb48431db 0e48426ca72179f675ac29aa49bbaadb8b1d27b08ad5cbc72ec5a005c291848e lib/codeql/rust/elements/internal/generated/Enum.qll 4f4cbc9cd758c20d476bc767b916c62ba434d1750067d0ffb63e0821bb95ec86 3da735d54022add50cec0217bbf8ec4cf29b47f4851ee327628bcdd6454989d0 lib/codeql/rust/elements/internal/generated/Expr.qll 5fa34f2ed21829a1509417440dae42d416234ff43433002974328e7aabb8f30f 46f3972c7413b7db28a3ea8acb5a50a74b6dd9b658e8725f6953a8829ac912f8 lib/codeql/rust/elements/internal/generated/ExprStmt.qll d1112230015fbeb216b43407a268dc2ccd0f9e0836ab2dca4800c51b38fa1d7d 4a80562dcc55efa5e72c6c3b1d6747ab44fe494e76faff2b8f6e9f10a4b08b5b diff --git a/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll index 75de7703df02..7a464a378d1e 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll @@ -20,6 +20,7 @@ module Impl { * Returns a string suitable to be inserted into the name of the parent. Typically `"..."`, * but may be overridden by subclasses. */ + pragma[nomagic] string toAbbreviatedString() { result = "..." } predicate isUnknown() { none() } // compatibility with test generation, to be fixed diff --git a/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll index 0fb9690d2d1d..19f63f0790fa 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll @@ -24,6 +24,6 @@ module Impl { * ``` */ class Module extends Generated::Module { - override string toStringImpl() { result = "mod " + this.getName() } + override string toStringImpl() { result = "mod " + this.getName().getText() } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll index 5c2567fc3d70..7b99c609a464 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll @@ -19,6 +19,6 @@ module Impl { * ``` */ class Use extends Generated::Use { - override string toStringImpl() { result = "use " + this.getUseTree() } + override string toStringImpl() { result = "use " + this.getUseTree().toAbbreviatedString() } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll index ef1be77ef784..7e917268a726 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll @@ -26,14 +26,28 @@ module Impl { result = strictconcat(int i | | this.toStringPart(i) order by i) } - private string toStringPart(int index) { - result = this.getPath().toStringImpl() and index = 0 - or + private string toStringPartCommon(int index) { result = "::{...}" and this.hasUseTreeList() and index = 1 or result = "::*" and this.isGlob() and index = 2 or result = " as " + this.getRename().getName().getText() and index = 3 } + + private string toStringPart(int index) { + result = this.getPath().toStringImpl() and index = 0 + or + result = this.toStringPartCommon(index) + } + + override string toAbbreviatedString() { + result = strictconcat(int i | | this.toAbbreviatedStringPart(i) order by i) + } + + private string toAbbreviatedStringPart(int index) { + result = this.getPath().toAbbreviatedString() and index = 0 + or + result = this.toStringPartCommon(index) + } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll index f8a5f4b24b21..9e3db0fe8b69 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll @@ -24,7 +24,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. From c14a2375c39aff1690971eb6d8b3e3ba212d5ce1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 15:10:03 +0200 Subject: [PATCH 098/409] Swift: Run codegen --- swift/ql/.generated.list | 2 +- swift/ql/lib/codeql/swift/generated/Element.qll | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 900d0381032e..32734851515c 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -701,7 +701,7 @@ lib/codeql/swift/generated/Comment.qll 64625f47ebddb1ec7e1c81790dd8120087a76958c lib/codeql/swift/generated/DbFile.qll cc0d2b9efbee36080bde2e26e424a40efb763eaee55874fb6c4a5db36938f3df 33e215d838cfa36e3dd0e62879e896d988430d1470a87ce1bb45aad70886212b lib/codeql/swift/generated/DbLocation.qll e2c7cc975b53cfb0061e055da082fbe57c0aef388e5ee874f0ff22c388a81ce1 1939414bc5d574796e83ab916408c3183210ead04957b50493610529700e0427 lib/codeql/swift/generated/Diagnostics.qll 03ea201db80d33b18f7f6c71267044c695c2572e5783ab754fa7c7ac27e16ee3 8aa78be37a8f23e4b899b910508fd5966ebc98fade6c284d59d59e246de18288 -lib/codeql/swift/generated/Element.qll ee383d0b3be3ae1f58142980011476ce6f317550f96548403f9ecd352ee72cd9 ef4a8e175d327b44b147814ad9630ca54c53f21fc2bab7d8a88d1e220060c0a7 +lib/codeql/swift/generated/Element.qll bf8f688e05f44f18384067c3cab7f05796764e2b4cce7ff24da419c3dae26194 820390ffbb1012f73267668626f7d0ccd368500331c91bbc276fcb1c25037e41 lib/codeql/swift/generated/ErrorElement.qll b39bd7c8b4e2011f4a6889e073ebf5b628db32f36f50b067250ae730d9f26561 fd859ec969ba434049e7ba4e78271cc8cebc8b058d2e96e4d47a22064cbb5a21 lib/codeql/swift/generated/File.qll 476ac95566ef0080e0ad8c3da144b1be1d945d2f33a24f0864d85ff7c56a09b1 3134018bb50166cbf2690f64bba551cace350e4a7e6e25bcded18f997ad1835b lib/codeql/swift/generated/KeyPathComponent.qll 5276acdc9a4ff0ec0cc8af615c04043391fb99613731ddcc86db4e47b37c8c5a ccc0931bbd6cc2cfae5037c2ee17bbdcbd87536f5fed90d07e73065c016c4382 diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index cfb8fbc32085..c22970fb510b 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -24,7 +24,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. From 56f4694b38944ffb85372be4d9422a34e0bbdbe0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 19:58:48 +0200 Subject: [PATCH 099/409] Swift: Avoid calling `Element.toString` recursively --- .../ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll | 2 +- .../lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll | 2 +- .../swift/elements/expr/internal/ExplicitCastExprImpl.qll | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll index 54958639b806..35061146acf8 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll @@ -5,7 +5,7 @@ private import codeql.swift.elements.decl.Initializer final private class InitializerLookupExprImpl extends Impl::MethodLookupExpr { InitializerLookupExprImpl() { super.getMethod() instanceof Initializer } - override string toStringImpl() { result = this.getMember().toString() } + override string toStringImpl() { result = this.getMember().toStringImpl() } } final class InitializerLookupExpr extends MethodLookupExpr, InitializerLookupExprImpl { diff --git a/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll b/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll index 87a2f9481c8e..ebc9e591b52f 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll @@ -48,7 +48,7 @@ module Impl { override Expr getQualifier() { result = expr.getQualifier() } - override string toStringImpl() { result = "call to " + expr } + override string toStringImpl() { result = "call to " + expr.toStringImpl() } } private class FullDotSyntaxBaseIgnoredApplyExpr extends ApplyExpr { diff --git a/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll b/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll index 76814e7c70ad..e18a3ec9e23e 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll @@ -4,6 +4,6 @@ module Impl { class ExplicitCastExpr extends Generated::ExplicitCastExpr { override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } - override string toStringImpl() { result = "(" + this.getType() + ") ..." } + override string toStringImpl() { result = "(" + this.getType().toStringImpl() + ") ..." } } } From d61d9730c8a304170baf9e52c84d03b08d1bf5c3 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 31 Mar 2025 11:58:45 +0200 Subject: [PATCH 100/409] C++: add change note for calling conventions --- cpp/ql/lib/change-notes/2025-03-31-calling-convention.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2025-03-31-calling-convention.md diff --git a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md new file mode 100644 index 000000000000..12d9547eb035 --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md @@ -0,0 +1,5 @@ +--- +category: feature +--- +* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. +* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. From dbd99df85b743491a0db88f89e64f89e5c9c8c6a Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 10:03:20 +0200 Subject: [PATCH 101/409] C#: Update PreSSA to reference the new use-use predicates. --- .../semmle/code/csharp/controlflow/internal/PreSsa.qll | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll index 184317b07bda..6507bbbe04bf 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll @@ -175,10 +175,9 @@ module PreSsa { } final AssignableRead getAFirstRead() { - exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | - this.definesAt(_, bb1, i1) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and - result = bb2.getElement(i2) + exists(SsaInput::BasicBlock bb, int i | + SsaImpl::firstUse(this, bb, i, true) and + result = bb.getElement(i) ) } @@ -216,8 +215,7 @@ module PreSsa { predicate adjacentReadPairSameVar(AssignableRead read1, AssignableRead read2) { exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getElement(i1) and - SsaInput::variableRead(bb1, i1, _, true) and - SsaImpl::adjacentDefRead(_, bb1, i1, bb2, i2) and + SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and read2 = bb2.getElement(i2) ) } From 887452d2027ad5d97f69edf911232d5ec6b32096 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 10:05:02 +0200 Subject: [PATCH 102/409] Swift: Update SSA to reference the new use-use predicates. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 12 +++++------- .../swift/dataflow/internal/DataFlowPrivate.qll | 6 ++---- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index 94ba657e94d8..f052ed8b3147 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -151,10 +151,9 @@ module Ssa { cached ControlFlowNode getAFirstRead() { - exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | - this.definesAt(_, bb1, i1) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and - result = bb2.getNode(i2) + exists(SsaInput::BasicBlock bb, int i | + SsaImpl::firstUse(this, bb, i, true) and + result = bb.getNode(i) ) } @@ -162,14 +161,13 @@ module Ssa { predicate adjacentReadPair(ControlFlowNode read1, ControlFlowNode read2) { exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getNode(i1) and - SsaInput::variableRead(bb1, i1, _, true) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and + SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and read2 = bb2.getNode(i2) ) } cached - predicate lastRefRedef(SsaInput::BasicBlock bb, int i, Definition next) { + deprecated predicate lastRefRedef(SsaInput::BasicBlock bb, int i, Definition next) { SsaImpl::lastRefRedef(this, bb, i, next) } } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index c84298771fb2..4849c5ac2355 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -111,10 +111,8 @@ private class CaptureNodeImpl extends CaptureNode, NodeImpl { } private predicate localFlowSsaInput(Node nodeFrom, Ssa::Definition def, Ssa::Definition next) { - exists(BasicBlock bb, int i | def.lastRefRedef(bb, i, next) | - def.definesAt(_, bb, i) and - def = nodeFrom.asDefinition() - ) + next.(Ssa::PhiDefinition).getAPhiInput() = def and + def = nodeFrom.asDefinition() } /** A collection of cached types and predicates to be evaluated in the same stage. */ From 398f0414642e54ff69de04cac9aab10960daae71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= Date: Tue, 1 Apr 2025 10:18:09 +0200 Subject: [PATCH 103/409] Update csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll Co-authored-by: Michael Nebel --- .../frameworks/microsoft/aspnetcore/Components.qll | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 8cf5ce659e43..3c0a0940e067 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -197,15 +197,11 @@ private predicate matchingOpenCloseComponentCalls( closeCall.getEnclosingCallable() = enclosing and closeCall.getParent().getParent() = openCall.getParent().getParent() and openCall.getParent().getIndex() = openCallIndex and - closeCall.getParent().getIndex() = closeCallIndex and - closeCallIndex > openCallIndex and - not exists(int k, MethodCall otherCloseCall | - k in [openCallIndex + 1 .. closeCallIndex - 1] and - otherCloseCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and - otherCloseCall.getEnclosingCallable() = enclosing and - otherCloseCall.getParent().getParent() = openCall.getParent().getParent() and - otherCloseCall.getParent().getIndex() = k - ) + closeCallIndex = + min(int closeCallIndex0 | + closeCall.getParent().getIndex() = closeCallIndex0 and + closeCallIndex0 > openCallIndex + ) } private module JumpNodes { From a570a728bdf7c65749582d1489d0a5708b37763f Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 1 Apr 2025 10:29:55 +0200 Subject: [PATCH 104/409] Fix code quality --- .../microsoft/aspnetcore/Components.qll | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 3c0a0940e067..1fa427f4d19d 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -195,13 +195,16 @@ private predicate matchingOpenCloseComponentCalls( openCall.getEnclosingCallable() = enclosing and closeCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and closeCall.getEnclosingCallable() = enclosing and - closeCall.getParent().getParent() = openCall.getParent().getParent() and - openCall.getParent().getIndex() = openCallIndex and - closeCallIndex = - min(int closeCallIndex0 | - closeCall.getParent().getIndex() = closeCallIndex0 and - closeCallIndex0 > openCallIndex - ) + exists(BlockStmt block | + block = closeCall.getParent().getParent() and + block = openCall.getParent().getParent() and + block.getChildStmt(openCallIndex) = openCall.getParent() and + closeCallIndex = + min(int closeCallIndex0 | + block.getChildStmt(closeCallIndex0) = closeCall.getParent() and + closeCallIndex0 > openCallIndex + ) + ) } private module JumpNodes { @@ -223,14 +226,17 @@ private module JumpNodes { exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) or exists( - string propertyName, MethodCall openComponent, int i, MethodCall closeComponent, int j + string propertyName, MethodCall openComponent, BlockStmt block, int openIdx, int closeIdx, + int thisIdx | propertyName = this.getArgument(1).(StringLiteral).getValue() and result.hasName(propertyName) and - matchingOpenCloseComponentCalls(openComponent, i, closeComponent, j, + matchingOpenCloseComponentCalls(openComponent, openIdx, _, closeIdx, this.getEnclosingCallable(), result.getDeclaringType()) and - this.getParent().getParent() = openComponent.getParent().getParent() and - this.getParent().getIndex() in [i + 1 .. j - 1] + block = this.getParent().getParent() and + block = openComponent.getParent().getParent() and + block.getChildStmt(thisIdx) = this.getParent() and + thisIdx in [openIdx + 1 .. closeIdx - 1] ) ) } From 32e2c1912c85fd787a4aa8358f20da8740ccb2e3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:37:48 +0000 Subject: [PATCH 105/409] Rust: Move all summary stats logic into Stats.qll. --- rust/ql/src/queries/summary/Stats.qll | 92 +++++++++++++++++++++ rust/ql/src/queries/summary/SummaryStats.ql | 81 ------------------ 2 files changed, 92 insertions(+), 81 deletions(-) diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b415..a24a4eac9c96 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -11,6 +11,9 @@ private import codeql.rust.internal.PathResolutionConsistency as PathResolutionC private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency private import codeql.rust.Concepts +private import codeql.rust.Diagnostics +private import codeql.rust.security.SensitiveData +private import TaintReach // import all query extensions files, so that all extensions of `QuerySink` are found private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions @@ -72,3 +75,92 @@ int getTaintEdgesCount() { * Gets a count of the total number of query sinks in the database. */ int getQuerySinksCount() { result = count(QuerySink s) } + +class CrateElement extends Element { + CrateElement() { + this instanceof Crate or + this instanceof NamedCrate or + this.(AstNode).getParentNode*() = any(Crate c).getModule() + } +} + +/** + * Gets summary statistics about individual elements in the database. + */ +predicate elementStats(string key, int value) { + key = "Elements extracted" and + value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) + or + key = "Elements unextracted" and value = count(Unextracted e) +} + +/** + * Gets summary statistics about extraction. + */ +predicate extractionStats(string key, int value) { + key = "Extraction errors" and value = count(ExtractionError e) + or + key = "Extraction warnings" and value = count(ExtractionWarning w) + or + key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - with errors" and + value = + count(ExtractedFile f | + exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile + ) + or + key = "Files extracted - without errors" and + value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - without errors %" and + value = + (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / + count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Lines of code extracted" and value = getLinesOfCode() + or + key = "Lines of user code extracted" and value = getLinesOfUserCode() + or + key = "Macro calls - total" and value = count(MacroCall mc) + or + key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) + or + key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) +} + +/** + * Gets summary statistics about inconsistencies. + */ +predicate inconsistencyStats(string key, int value) { + key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() + or + key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() + or + key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() + or + key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() +} + +/** + * Gets summary statistics about taint. + */ +predicate taintStats(string key, int value) { + key = "Taint sources - active" and value = count(ActiveThreatModelSource s) + or + key = "Taint sources - disabled" and + value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) + or + key = "Taint sources - sensitive data" and value = count(SensitiveData d) + or + key = "Taint edges - number of edges" and value = getTaintEdgesCount() + or + key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() + or + key = "Taint reach - per million nodes" and value = getTaintReach().floor() + or + key = "Taint sinks - query sinks" and value = getQuerySinksCount() + or + key = "Taint sinks - cryptographic operations" and + value = count(Cryptography::CryptographicOperation o) +} diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql index d9c88a7c56ed..57ac5b4004e3 100644 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ b/rust/ql/src/queries/summary/SummaryStats.ql @@ -7,88 +7,7 @@ */ import rust -import codeql.rust.Concepts -import codeql.rust.security.SensitiveData -import codeql.rust.Diagnostics import Stats -import TaintReach - -class CrateElement extends Element { - CrateElement() { - this instanceof Crate or - this instanceof NamedCrate or - this.(AstNode).getParentNode*() = any(Crate c).getModule() - } -} - -predicate elementStats(string key, int value) { - key = "Elements extracted" and - value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) - or - key = "Elements unextracted" and value = count(Unextracted e) -} - -predicate extractionStats(string key, int value) { - key = "Extraction errors" and value = count(ExtractionError e) - or - key = "Extraction warnings" and value = count(ExtractionWarning w) - or - key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - with errors" and - value = - count(ExtractedFile f | - exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile - ) - or - key = "Files extracted - without errors" and - value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - without errors %" and - value = - (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / - count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Lines of code extracted" and value = getLinesOfCode() - or - key = "Lines of user code extracted" and value = getLinesOfUserCode() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) -} - -predicate inconsistencyStats(string key, int value) { - key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() - or - key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() - or - key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() - or - key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() -} - -predicate taintStats(string key, int value) { - key = "Taint sources - active" and value = count(ActiveThreatModelSource s) - or - key = "Taint sources - disabled" and - value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) - or - key = "Taint sources - sensitive data" and value = count(SensitiveData d) - or - key = "Taint edges - number of edges" and value = getTaintEdgesCount() - or - key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() - or - key = "Taint reach - per million nodes" and value = getTaintReach().floor() - or - key = "Taint sinks - query sinks" and value = getQuerySinksCount() - or - key = "Taint sinks - cryptographic operations" and - value = count(Cryptography::CryptographicOperation o) -} from string key, int value where From cc90ba5836c1c60921ab7f4dfddb555c583114e2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:45:24 +0000 Subject: [PATCH 106/409] Rust: Create a less noisy version of the summary stats query, for use in tests. --- .../hello-project/summary.qlref | 2 +- .../hello-workspace/summary.qlref | 2 +- .../ql/src/queries/summary/SummaryStatsLess.ql | 18 ++++++++++++++++++ .../query-tests/diagnostics/SummaryStats.qlref | 1 - ...tats.expected => SummaryStatsLess.expected} | 0 .../diagnostics/SummaryStatsLess.qlref | 1 + 6 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 rust/ql/src/queries/summary/SummaryStatsLess.ql delete mode 100644 rust/ql/test/query-tests/diagnostics/SummaryStats.qlref rename rust/ql/test/query-tests/diagnostics/{SummaryStats.expected => SummaryStatsLess.expected} (100%) create mode 100644 rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref diff --git a/rust/ql/integration-tests/hello-project/summary.qlref b/rust/ql/integration-tests/hello-project/summary.qlref index b94ba40446a0..3d1b7ac7f1b7 100644 --- a/rust/ql/integration-tests/hello-project/summary.qlref +++ b/rust/ql/integration-tests/hello-project/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsLess.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.qlref b/rust/ql/integration-tests/hello-workspace/summary.qlref index b94ba40446a0..3d1b7ac7f1b7 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.qlref +++ b/rust/ql/integration-tests/hello-workspace/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsLess.ql diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsLess.ql new file mode 100644 index 000000000000..ddcc76d16bcb --- /dev/null +++ b/rust/ql/src/queries/summary/SummaryStatsLess.ql @@ -0,0 +1,18 @@ +/** + * @name Summary Statistics Less + * @description A table of summary statistics about a database, with data that + * has been found to be noisy on tests removed. + * @kind metric + * @id rust/summary/summary-statistics-less + * @tags summary + */ + +import rust +import Stats + +from string key, int value +where + extractionStats(key, value) + or + inconsistencyStats(key, value) +select key, value order by key diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref deleted file mode 100644 index b94ba40446a0..000000000000 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref +++ /dev/null @@ -1 +0,0 @@ -queries/summary/SummaryStats.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStats.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref new file mode 100644 index 000000000000..3d1b7ac7f1b7 --- /dev/null +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref @@ -0,0 +1 @@ +queries/summary/SummaryStatsLess.ql From 86840a78c2c098b821118180e9d75b2db578c09e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:47:11 +0000 Subject: [PATCH 107/409] Rust: Update .expected files. --- .../integration-tests/hello-project/summary.expected | 10 ---------- .../hello-workspace/summary.cargo.expected | 10 ---------- .../hello-workspace/summary.rust-project.expected | 10 ---------- .../query-tests/diagnostics/SummaryStatsLess.expected | 10 ---------- 4 files changed, 40 deletions(-) diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1dd49972c22b..1ce4e784cbf2 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -1,5 +1,3 @@ -| Elements extracted | 67 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 1 | | Files extracted - total | 5 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index baaba2837e7b..67da3bcf3090 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index baaba2837e7b..67da3bcf3090 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected index d34cd849069b..640bd179abd3 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected @@ -1,5 +1,3 @@ -| Elements extracted | 406 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 7 | | Files extracted - total | 7 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 3 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | From 73eebcbca6be68f8acf83bda16499695625c3f43 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 1 Apr 2025 09:59:58 +0100 Subject: [PATCH 108/409] Python: Add file-not-closed and special-method-wrong-signature to python code-quality suite --- python/ql/src/codeql-suites/python-code-quality.qls | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/ql/src/codeql-suites/python-code-quality.qls b/python/ql/src/codeql-suites/python-code-quality.qls index 1b0cc2b4e4a4..3ada7e8eb4ca 100644 --- a/python/ql/src/codeql-suites/python-code-quality.qls +++ b/python/ql/src/codeql-suites/python-code-quality.qls @@ -1,5 +1,7 @@ - queries: . - include: id: - - py/not-named-self + - py/not-named-self - py/not-named-cls + - py/file-not-closed + - py/special-method-wrong-signature From 7afcd1bbecf60c6c8bb7af57a31ae760b22f162e Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 11:07:17 +0200 Subject: [PATCH 109/409] Swift: Update test output. --- .../ql/test/library-tests/dataflow/dataflow/DataFlow.expected | 3 +++ .../ql/test/library-tests/dataflow/dataflow/LocalFlow.expected | 2 ++ swift/ql/test/library-tests/dataflow/dataflow/test.swift | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected index bf6376bb0a1f..7ab18dcf818d 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected @@ -172,6 +172,7 @@ edges | test.swift:6:19:6:26 | call to source() | test.swift:7:15:7:15 | t1 | provenance | | | test.swift:6:19:6:26 | call to source() | test.swift:9:15:9:15 | t1 | provenance | | | test.swift:6:19:6:26 | call to source() | test.swift:10:15:10:15 | t2 | provenance | | +| test.swift:6:19:6:26 | call to source() | test.swift:15:15:15:15 | t2 | provenance | | | test.swift:25:20:25:27 | call to source() | test.swift:29:18:29:21 | x | provenance | | | test.swift:26:26:26:33 | call to source() | test.swift:29:26:29:29 | y | provenance | | | test.swift:29:18:29:21 | x | test.swift:30:15:30:15 | x | provenance | | @@ -964,6 +965,7 @@ nodes | test.swift:7:15:7:15 | t1 | semmle.label | t1 | | test.swift:9:15:9:15 | t1 | semmle.label | t1 | | test.swift:10:15:10:15 | t2 | semmle.label | t2 | +| test.swift:15:15:15:15 | t2 | semmle.label | t2 | | test.swift:25:20:25:27 | call to source() | semmle.label | call to source() | | test.swift:26:26:26:33 | call to source() | semmle.label | call to source() | | test.swift:29:18:29:21 | x | semmle.label | x | @@ -1706,6 +1708,7 @@ subpaths | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:7:15:7:15 | t1 | result | | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:9:15:9:15 | t1 | result | | test.swift:10:15:10:15 | t2 | test.swift:6:19:6:26 | call to source() | test.swift:10:15:10:15 | t2 | result | +| test.swift:15:15:15:15 | t2 | test.swift:6:19:6:26 | call to source() | test.swift:15:15:15:15 | t2 | result | | test.swift:30:15:30:15 | x | test.swift:25:20:25:27 | call to source() | test.swift:30:15:30:15 | x | result | | test.swift:31:15:31:15 | y | test.swift:26:26:26:33 | call to source() | test.swift:31:15:31:15 | y | result | | test.swift:39:15:39:29 | call to callee_source() | test.swift:35:12:35:19 | call to source() | test.swift:39:15:39:29 | call to callee_source() | result | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected index 7ec3f1a5aa48..3132e0aee3a4 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected @@ -250,11 +250,13 @@ | test.swift:7:15:7:15 | [post] t1 | test.swift:8:10:8:10 | t1 | | test.swift:7:15:7:15 | t1 | test.swift:8:10:8:10 | t1 | | test.swift:8:5:8:10 | SSA def(t2) | test.swift:10:15:10:15 | t2 | +| test.swift:8:5:8:10 | SSA def(t2) | test.swift:15:5:15:5 | SSA phi(t2) | | test.swift:8:10:8:10 | t1 | test.swift:8:5:8:10 | SSA def(t2) | | test.swift:8:10:8:10 | t1 | test.swift:9:15:9:15 | t1 | | test.swift:9:15:9:15 | [post] t1 | test.swift:11:8:11:8 | t1 | | test.swift:9:15:9:15 | t1 | test.swift:11:8:11:8 | t1 | | test.swift:12:9:12:14 | SSA def(t2) | test.swift:13:19:13:19 | t2 | +| test.swift:12:9:12:14 | SSA def(t2) | test.swift:15:5:15:5 | SSA phi(t2) | | test.swift:12:14:12:14 | 0 | test.swift:12:9:12:14 | SSA def(t2) | | test.swift:15:5:15:5 | SSA phi(t2) | test.swift:15:15:15:15 | t2 | | test.swift:17:5:17:10 | SSA def(t1) | test.swift:21:15:21:15 | t1 | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift index 515aa666201d..b0f23ccb3034 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/test.swift +++ b/swift/ql/test/library-tests/dataflow/dataflow/test.swift @@ -12,7 +12,7 @@ func intraprocedural_with_local_flow() -> Void { t2 = 0 sink(arg: t2) } - sink(arg: t2) // $ MISSING: flow=6 + sink(arg: t2) // $ flow=6 t1 = 0; while(false) { From 1d49252c03840cd15ffd6d38b3b6692636dfbd1d Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Tue, 1 Apr 2025 12:34:18 +0200 Subject: [PATCH 110/409] Rust: QLTest: delete Cargo.lock files --- rust/extractor/src/qltest.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/rust/extractor/src/qltest.rs b/rust/extractor/src/qltest.rs index 9553907b7db0..316ecd0cee4b 100644 --- a/rust/extractor/src/qltest.rs +++ b/rust/extractor/src/qltest.rs @@ -4,6 +4,7 @@ use glob::glob; use itertools::Itertools; use std::ffi::OsStr; use std::fs; +use std::path::Path; use std::process::Command; use tracing::info; @@ -58,9 +59,18 @@ fn set_sources(config: &mut Config) -> anyhow::Result<()> { Ok(()) } +fn remove_file_if_exists(path: &Path) -> anyhow::Result<()> { + match fs::remove_file(path) { + Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()), + x => x, + } + .context(format!("removing file {}", path.display())) +} + pub(crate) fn prepare(config: &mut Config) -> anyhow::Result<()> { dump_lib()?; set_sources(config)?; + remove_file_if_exists(Path::new("Cargo.lock"))?; dump_cargo_manifest(&config.qltest_dependencies)?; if config.qltest_cargo_check { let status = Command::new("cargo") From 81a39f380ac6cdffc311e24aa479ea6b1f7bdcb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 1 Apr 2025 12:48:00 +0200 Subject: [PATCH 111/409] Change niceness of test server --- .../java/buildless-snapshot-repository/test.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index e5e38d725ae8..d343ce4b9621 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -1,11 +1,15 @@ import subprocess -import sys +import runs_on def test(codeql, java): - # This serves the "repo" directory on http://localhost:9427 + # This serves the "repo" directory on http://localhost:9428 + command = ["python3", "-m", "http.server", "9428", "-b", "localhost"] + if runs_on.github_actions and runs_on.posix: + # On GitHub Actions, we try to run the server with higher priority + command = ["nice", "-n", "10"] + command repo_server_process = subprocess.Popen( - [sys.executable, "-m", "http.server", "9427"], cwd="repo" + command, cwd="repo" ) try: codeql.database.create( From 1ec3e8712b5b0daf3a0db52c30137a32fc0bc2e1 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:18:30 +0200 Subject: [PATCH 112/409] Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 6d5bd04b3e26..760ef8c1897b 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -30,6 +30,7 @@ string jobNeedsPersmission(Job job) { actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) } +/** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ string permissionsForJob(Job job) { result = "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" @@ -46,4 +47,4 @@ where ) and permissions = permissionsForJob(job) select job, - "Actions Job or Workflow does not set permissions. A minimal set might be " + permissions + "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + permissions From 10205cb9906dfd6bcbffe7f68b601fd1a7d62cb2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 1 Apr 2025 11:30:43 +0000 Subject: [PATCH 113/409] Post-release preparation for codeql-cli-2.21.0 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 39 files changed, 39 insertions(+), 39 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 2362bf619f74..aecd3607345d 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.6 +version: 0.4.7-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index d43eedd54449..f6eb8be1138c 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.5.3 +version: 0.5.4-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 2f9e0a91ca63..5ee964c4b50f 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 4.1.0 +version: 4.1.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index be8212979faf..67293337da94 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.7 +version: 1.3.8-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 10f9ed40e0da..eefe4e2fe57c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.37 +version: 1.7.38-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a4148e9688b8..a03f987c8c79 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.37 +version: 1.7.38-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index e80d0a3ebbda..647655511ea1 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.1.3 +version: 5.1.4-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d669f267976f..d6f04fe65759 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.1.0 +version: 1.1.1-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 82bc42c23786..78d52739d9ed 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.20 +version: 1.0.21-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 487e9205e728..34ba33332a27 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.2.2 +version: 4.2.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 514a7809b7fa..3e3b248716d6 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.11 +version: 1.1.12-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 9936592e4306..1037ae7708a2 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.1.2 +version: 7.1.3-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index d7143d40041b..e7c3a7da88e4 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.4.0 +version: 1.4.1-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 9a38483496e4..80004cfa6a03 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.0 +version: 2.6.1-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 7556097a440e..3a5ecb85b4f3 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.5.2 +version: 1.5.3-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 303abd1b23f4..28a36682869f 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.20 +version: 1.0.21-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 709aed324223..020415470fe4 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.4 +version: 4.0.5-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 321638c25775..2d3896cc57ff 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.4.6 +version: 1.4.7-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 92f9db23dfdc..639f6fb35f17 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 4.1.3 +version: 4.1.4-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b38e7eb7fda9..ca0617aa13e0 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.15 +version: 1.1.16-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 8ca8fd5100cb..603ede342c78 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.5 +version: 0.1.6-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 4158c204364e..4b0296c0af8f 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.5 +version: 0.1.6-dev groups: - rust - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 8b0b8d6e05ae..5b1c8278c8a9 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index cb4f087f1432..86a58593efd0 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index d5b498e369ef..0c7d0f8fb148 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 544e541bc32d..258e34f4416a 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a9950725bb85..fb48dd895fe4 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0945748a4cd5..c5e5a1470858 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 6458fce2229b..2698ba75fe47 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.20 +version: 1.0.21-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 3cbfb9b81503..239783afe11b 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 974e866403fc..243dbbefacc8 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index d71f36395158..4606888741ad 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.1 +version: 0.0.2-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index dcee785031a7..387f2df08500 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 66603d0cfd48..b84e528b13a9 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index ca15e29077c5..cec325c5327a 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.7 +version: 2.0.8-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 0f0a5c9e5858..ddd183347db4 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 5239b96b7223..bfb8003b7451 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 64b6a20fccc1..a8937945393d 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 4.1.3 +version: 4.1.4-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 7c8c06066945..65d542ab524c 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.1.0 +version: 1.1.1-dev groups: - swift - queries From 3cdd641b8191590c1416fb325f718243ced6e1f5 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:43:00 +0200 Subject: [PATCH 114/409] actions: fix typo --- .../ql/src/Security/CWE-275/MissingActionsPermissions.ql | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 760ef8c1897b..bc3b4869a8d1 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -26,14 +26,14 @@ string versionedAction(string fullActionSelector) { string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } -string jobNeedsPersmission(Job job) { +string jobNeedsPermission(Job job) { actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) } /** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ string permissionsForJob(Job job) { result = - "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" + "{" + concat(string permission | permission = jobNeedsPermission(job) | permission, ", ") + "}" } from Job job, string permissions @@ -47,4 +47,5 @@ where ) and permissions = permissionsForJob(job) select job, - "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + permissions + "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + + permissions From d33ce423d8874a3f28a663b0fcad8dd3c9af02d1 Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Tue, 1 Apr 2025 13:58:37 +0200 Subject: [PATCH 115/409] Update UntrustedCheckoutCritical.ql --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index 9676e942f7ce..ad79a1ce776f 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in a priviledged context + * @name Checkout of untrusted code in a privileged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 8acf9ceef4614a86a2efdc364f3e9952a7d7dbea Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 15:48:07 +0100 Subject: [PATCH 116/409] Rust: Make trait a base type mention of the self type parameter --- rust/ql/lib/codeql/rust/internal/Type.qll | 35 ++- .../codeql/rust/internal/TypeInference.qll | 101 ++++---- .../lib/codeql/rust/internal/TypeMention.qll | 46 ++-- .../type-inference/type-inference.expected | 240 +++--------------- 4 files changed, 126 insertions(+), 296 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 8bf9f4a1c11f..86abcb638f8c 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -16,7 +16,7 @@ newtype TType = TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or TRefTypeParameter() or - TSelfTypeParameter() + TSelfTypeParameter(Trait t) /** * A type without type arguments. @@ -144,9 +144,6 @@ class TraitType extends Type, TTrait { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) - or - result = TSelfTypeParameter() and - i = -1 } pragma[nomagic] @@ -226,11 +223,9 @@ class ImplType extends Type, TImpl { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(impl.getGenericParamList().getTypeParam(i)) - or - result = TSelfTypeParameter() and - i = -1 } + /** Get the trait implemented by this `impl` block, if any. */ override TypeMention getABaseTypeMention() { result = impl.getTrait() } override string toString() { result = impl.toString() } @@ -334,11 +329,29 @@ class RefTypeParameter extends TypeParameter, TRefTypeParameter { override Location getLocation() { result instanceof EmptyLocation } } -/** An implicit `Self` type parameter. */ +/** + * The implicit `Self` type parameter of a trait, that refers to the + * implementing type of the trait. + * + * The Rust Reference on the implicit `Self` parameter: + * https://doc.rust-lang.org/reference/items/traits.html#r-items.traits.self-param + */ class SelfTypeParameter extends TypeParameter, TSelfTypeParameter { - override Function getMethod(string name) { none() } + private Trait trait; - override string toString() { result = "(Self)" } + SelfTypeParameter() { this = TSelfTypeParameter(trait) } - override Location getLocation() { result instanceof EmptyLocation } + Trait getTrait() { result = trait } + + override TypeMention getABaseTypeMention() { result = trait } + + override Function getMethod(string name) { + // The `Self` type parameter is an implementation of the trait, so it has + // all the trait's methods. + result = trait.(ItemNode).getASuccessor(name) + } + + override string toString() { result = "Self [" + trait.toString() + "]" } + + override Location getLocation() { result = trait.getLocation() } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index 5c59cee8a171..bef741d24706 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -38,21 +38,42 @@ private module Input1 implements InputSig1 { } } - class TypeParameterPosition = TypeParam; + private newtype TTypeParameterPosition = + TTypeParamTypeParameterPosition(TypeParam tp) or + TSelfTypeParameterPosition() + + class TypeParameterPosition extends TTypeParameterPosition { + TypeParam asTypeParam() { this = TTypeParamTypeParameterPosition(result) } + + predicate isSelf() { this = TSelfTypeParameterPosition() } + + string toString() { + result = this.asTypeParam().toString() + or + result = "Self" and this.isSelf() + } + } + + /** Holds if `typeParam`, `param` and `ppos` all concern the same `TypeParam`. */ + additional predicate typeParamMatchPosition( + TypeParam typeParam, TypeParamTypeParameter param, TypeParameterPosition ppos + ) { + typeParam = param.getTypeParam() and typeParam = ppos.asTypeParam() + } bindingset[apos] bindingset[ppos] predicate typeArgumentParameterPositionMatch(TypeArgumentPosition apos, TypeParameterPosition ppos) { - apos.asTypeParam() = ppos + apos.asTypeParam() = ppos.asTypeParam() or - apos.asMethodTypeArgumentPosition() = ppos.getPosition() + apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - private predicate id(Raw::TypeParam x, Raw::TypeParam y) { x = y } + private predicate id(Raw::AstNode x, Raw::AstNode y) { x = y } - private predicate idOfRaw(Raw::TypeParam x, int y) = equivalenceRelation(id/2)(x, y) + private predicate idOfRaw(Raw::AstNode x, int y) = equivalenceRelation(id/2)(x, y) - private int idOf(TypeParam node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } + private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } int getTypeParameterId(TypeParameter tp) { tp = @@ -61,12 +82,11 @@ private module Input1 implements InputSig1 { kind = 0 and id = 0 or - tp0 instanceof SelfTypeParameter and - kind = 0 and - id = 1 - or - id = idOf(tp0.(TypeParamTypeParameter).getTypeParam()) and - kind = 1 + kind = 1 and + exists(AstNode node | id = idOf(node) | + node = tp0.(TypeParamTypeParameter).getTypeParam() or + node = tp0.(SelfTypeParameter).getTrait() + ) | tp0 order by kind, id ) @@ -211,15 +231,6 @@ private Type inferImplSelfType(Impl i, TypePath path) { result = i.getSelfTy().(TypeReprMention).resolveTypeAt(path) } -pragma[nomagic] -private Type inferTraitSelfType(Trait t, TypePath path) { - result = TTrait(t) and - path.isEmpty() - or - result = TTypeParamTypeParameter(t.getGenericParamList().getATypeParam()) and - path = TypePath::singleton(result) -} - /** Gets the type at `path` of the implicitly typed `self` parameter. */ pragma[nomagic] private Type inferImplicitSelfType(SelfParam self, TypePath path) { @@ -230,7 +241,7 @@ private Type inferImplicitSelfType(SelfParam self, TypePath path) { | t = inferImplSelfType(i, suffix) or - t = inferTraitSelfType(i, suffix) + t = TSelfTypeParameter(i) and suffix.isEmpty() ) } @@ -273,8 +284,7 @@ private module StructExprMatchingInput implements MatchingInputSig { abstract TypeParam getATypeParam(); final TypeParameter getTypeParameter(TypeParameterPosition ppos) { - result.(TypeParamTypeParameter).getTypeParam() = ppos and - ppos = this.getATypeParam() + typeParamMatchPosition(this.getATypeParam(), result, ppos) } abstract StructField getField(string name); @@ -417,12 +427,7 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { } abstract class Declaration extends AstNode { - abstract TypeParam getATypeParam(); - - final TypeParameter getTypeParameter(TypeParameterPosition ppos) { - result.(TypeParamTypeParameter).getTypeParam() = ppos and - ppos = this.getATypeParam() - } + abstract TypeParameter getTypeParameter(TypeParameterPosition ppos); pragma[nomagic] abstract Type getParameterType(DeclarationPosition dpos, TypePath path); @@ -440,7 +445,9 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { private class TupleStructDecl extends Declaration, Struct { TupleStructDecl() { this.isTuple() } - override TypeParam getATypeParam() { result = this.getGenericParamList().getATypeParam() } + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getGenericParamList().getATypeParam(), result, ppos) + } override Type getParameterType(DeclarationPosition dpos, TypePath path) { exists(int pos | @@ -461,8 +468,8 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { private class TupleVariantDecl extends Declaration, Variant { TupleVariantDecl() { this.isTuple() } - override TypeParam getATypeParam() { - result = this.getEnum().getGenericParamList().getATypeParam() + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getEnum().getGenericParamList().getATypeParam(), result, ppos) } override Type getParameterType(DeclarationPosition dpos, TypePath path) { @@ -483,38 +490,36 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { } } - pragma[nomagic] - private Type inferAnnotatedTypeInclSelf(AstNode n, TypePath path) { - result = getTypeAnnotation(n).resolveTypeAtInclSelf(path) - } - private class FunctionDecl extends Declaration, Function { - override TypeParam getATypeParam() { result = this.getGenericParamList().getATypeParam() } + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getGenericParamList().getATypeParam(), result, ppos) + or + exists(TraitItemNode trait | this = trait.getAnAssocItem() | + typeParamMatchPosition(trait.getTypeParam(_), result, ppos) + or + ppos.isSelf() and result = TSelfTypeParameter(trait) + ) + } override Type getParameterType(DeclarationPosition dpos, TypePath path) { exists(Param p, int i, boolean inMethod | paramPos(this.getParamList(), p, i, inMethod) and dpos = TPositionalDeclarationPosition(i, inMethod) and - result = inferAnnotatedTypeInclSelf(p.getPat(), path) + result = inferAnnotatedType(p.getPat(), path) ) or exists(SelfParam self | self = pragma[only_bind_into](this.getParamList().getSelfParam()) and dpos.isSelf() | - // `self` parameter with type annotation - result = inferAnnotatedTypeInclSelf(self, path) - or - // `self` parameter without type annotation - result = inferImplicitSelfType(self, path) + result = inferAnnotatedType(self, path) // `self` parameter with type annotation or - // `self` parameter without type annotation should also have the special `Self` type - result = getRefAdjustImplicitSelfType(self, TypePath::nil(), TSelfTypeParameter(), path) + result = inferImplicitSelfType(self, path) // `self` parameter without type annotation ) } override Type getReturnType(TypePath path) { - result = this.getRetType().getTypeRepr().(TypeReprMention).resolveTypeAtInclSelf(path) + result = this.getRetType().getTypeRepr().(TypeReprMention).resolveTypeAt(path) } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index f8fa7923f21e..a5e696313a3c 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -29,27 +29,6 @@ abstract class TypeMention extends AstNode { /** Gets the type that the sub mention at `path` resolves to, if any. */ Type resolveTypeAt(TypePath path) { result = this.getMentionAt(path).resolveType() } - - /** - * Like `resolveTypeAt`, but also resolves `Self` mentions to the implicit - * `Self` type parameter. - * - * This is only needed when resolving types for calls to methods; inside the - * methods themselves, `Self` only resolves to the relevant trait or type - * being implemented. - */ - final Type resolveTypeAtInclSelf(TypePath path) { - result = this.resolveTypeAt(path) - or - exists(TypeMention tm, ImplOrTraitItemNode node | - tm = this.getMentionAt(path) and - result = TSelfTypeParameter() - | - tm = node.getASelfPath() - or - tm.(PathTypeRepr).getPath() = node.getASelfPath() - ) - } } class TypeReprMention extends TypeMention, TypeRepr { @@ -80,11 +59,11 @@ class PathMention extends TypeMention, Path { override TypeMention getTypeArgument(int i) { result = this.getSegment().getGenericArgList().getTypeArg(i) or - // `Self` paths inside traits and `impl` blocks have implicit type arguments - // that are the type parameters of the trait or impl. For example, in + // `Self` paths inside `impl` blocks have implicit type arguments that are + // the type parameters of the `impl` block. For example, in // // ```rust - // impl Foo { + // impl Foo { // fn m(self) -> Self { // self // } @@ -92,10 +71,9 @@ class PathMention extends TypeMention, Path { // ``` // // the `Self` return type is shorthand for `Foo`. - exists(ImplOrTraitItemNode node | this = node.getASelfPath() | + exists(ImplItemNode node | + this = node.getASelfPath() and result = node.(ImplItemNode).getSelfPath().getSegment().getGenericArgList().getTypeArg(i) - or - result = node.(Trait).getGenericParamList().getTypeParam(i) ) } @@ -105,7 +83,13 @@ class PathMention extends TypeMention, Path { or result = TEnum(i) or - result = TTrait(i) + exists(TraitItemNode trait | trait = i | + // If this is a `Self` path, then it resolves to the implicit `Self` + // type parameter, otherwise it is a trait bound. + if this = trait.getASelfPath() + then result = TSelfTypeParameter(trait) + else result = TTrait(trait) + ) or result = TTypeParamTypeParameter(i) or @@ -171,3 +155,9 @@ class ImplMention extends TypeMention, ImplItemNode { ) } } + +class TraitMention extends TypeMention, TraitItemNode { + override TypeMention getTypeArgument(int i) { result = this.getTypeParam(i) } + + override Type resolveType() { result = TTrait(this) } +} diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 6d92dd08f12b..e7788f014ca2 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -1,42 +1,7 @@ inferType -| loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:7:12:7:15 | SelfParam | T | loop/main.rs:6:10:6:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | trait T2 | -| loop/main.rs:11:12:11:15 | SelfParam | T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | trait T2 | -| loop/main.rs:12:9:12:12 | self | T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | +| loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | +| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | +| loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | Self [trait T2] | | main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | struct MyThing | | main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | struct MyThing | | main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | struct S | @@ -171,21 +136,13 @@ inferType | main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | struct MyThing | | main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | struct S2 | | main.rs:137:26:137:31 | y.m2(...) | | main.rs:101:5:102:14 | struct S2 | -| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:153:15:153:18 | SelfParam | A | main.rs:152:19:152:19 | A | -| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:155:15:155:18 | SelfParam | A | main.rs:152:19:152:19 | A | -| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:158:9:160:9 | { ... } | A | main.rs:152:19:152:19 | A | -| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:159:13:159:16 | self | A | main.rs:152:19:152:19 | A | -| main.rs:163:43:163:43 | x | | main.rs:152:5:161:5 | trait MyTrait | +| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:163:43:163:43 | x | A | main.rs:163:22:163:23 | T1 | | main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | -| main.rs:164:9:164:9 | x | | main.rs:152:5:161:5 | trait MyTrait | | main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:9 | x | A | main.rs:163:22:163:23 | T1 | | main.rs:164:9:164:14 | x.m1(...) | | main.rs:163:22:163:23 | T1 | | main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | | main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | struct S1 | @@ -230,124 +187,65 @@ inferType | main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | struct S1 | | main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | struct MyThing | | main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | trait FirstTrait | -| main.rs:206:19:206:22 | SelfParam | FT | main.rs:205:22:205:23 | FT | -| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | trait SecondTrait | -| main.rs:210:19:210:22 | SelfParam | ST | main.rs:209:23:209:24 | ST | -| main.rs:213:64:213:64 | x | | main.rs:209:5:211:5 | trait SecondTrait | +| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | +| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | | main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | -| main.rs:213:64:213:64 | x | ST | main.rs:213:35:213:42 | I | | main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:215:18:215:18 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:18 | x | ST | main.rs:213:35:213:42 | I | | main.rs:215:18:215:27 | x.method(...) | | main.rs:213:35:213:42 | I | | main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:219:65:219:65 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | -| main.rs:219:65:219:65 | x | ST | main.rs:219:36:219:43 | I | | main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:221:18:221:18 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:18 | x | ST | main.rs:219:36:219:43 | I | | main.rs:221:18:221:27 | x.method(...) | | main.rs:219:36:219:43 | I | | main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:225:49:225:49 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:225:49:225:49 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:226:17:226:17 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:17 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:226:17:226:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:230:53:230:53 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:230:53:230:53 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:231:17:231:17 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:17 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:231:17:231:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | trait Pair | -| main.rs:236:16:236:19 | SelfParam | P1 | main.rs:235:16:235:17 | P1 | -| main.rs:236:16:236:19 | SelfParam | P2 | main.rs:235:20:235:21 | P2 | -| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | trait Pair | -| main.rs:238:16:238:19 | SelfParam | P1 | main.rs:235:16:235:17 | P1 | -| main.rs:238:16:238:19 | SelfParam | P2 | main.rs:235:20:235:21 | P2 | -| main.rs:241:58:241:58 | x | | main.rs:235:5:239:5 | trait Pair | +| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | +| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | -| main.rs:241:58:241:58 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:241:58:241:58 | x | P2 | main.rs:200:5:201:14 | struct S2 | -| main.rs:241:64:241:64 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:241:64:241:64 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:241:64:241:64 | y | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:243:18:243:18 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:18 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:243:18:243:18 | x | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:243:18:243:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | struct S2 | -| main.rs:244:18:244:18 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:18 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:244:18:244:18 | y | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:244:18:244:24 | y.snd(...) | | main.rs:200:5:201:14 | struct S2 | | main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | struct S1 | | main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | struct S2 | -| main.rs:248:69:248:69 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | -| main.rs:248:69:248:69 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:248:69:248:69 | x | P2 | main.rs:248:41:248:49 | T2 | -| main.rs:248:75:248:75 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:248:75:248:75 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:248:75:248:75 | y | P2 | main.rs:248:41:248:49 | T2 | | main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:250:18:250:18 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:18 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:250:18:250:18 | x | P2 | main.rs:248:41:248:49 | T2 | | main.rs:250:18:250:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:251:18:251:18 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:18 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:251:18:251:18 | y | P2 | main.rs:248:41:248:49 | T2 | | main.rs:251:18:251:24 | y.snd(...) | | main.rs:248:41:248:49 | T2 | | main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | struct S1 | | main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:268:15:268:18 | SelfParam | A | main.rs:267:19:267:19 | A | -| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:270:15:270:18 | SelfParam | A | main.rs:267:19:267:19 | A | +| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | +| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | -| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:274:13:274:16 | self | A | main.rs:267:19:267:19 | A | +| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:274:13:274:21 | self.m1(...) | | main.rs:267:19:267:19 | A | -| main.rs:279:43:279:43 | x | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:279:43:279:43 | x | A | main.rs:279:22:279:23 | T1 | | main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | -| main.rs:280:9:280:9 | x | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:9 | x | A | main.rs:279:22:279:23 | T1 | | main.rs:280:9:280:14 | x.m1(...) | | main.rs:279:22:279:23 | T1 | | main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:284:49:284:49 | x | T | main.rs:267:5:276:5 | trait MyTrait | | main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:284:49:284:49 | x | T.A | main.rs:284:28:284:29 | T1 | | main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | | main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:285:9:285:9 | x | T | main.rs:267:5:276:5 | trait MyTrait | | main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:9 | x | T.A | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:11 | x.a | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:11 | x.a | A | main.rs:284:28:284:29 | T1 | | main.rs:285:9:285:16 | ... .m1(...) | | main.rs:284:28:284:29 | T1 | | main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | struct MyThing | | main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | @@ -372,31 +270,19 @@ inferType | main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:299:26:299:31 | y.m1(...) | | main.rs:264:5:265:14 | struct S2 | | main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:13:301:13 | x | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:301:13:301:13 | x | A | main.rs:262:5:263:14 | struct S1 | | main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | struct S1 | | main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:301:17:301:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 | | main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | | main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | struct S1 | | main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:13:302:13 | y | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:302:13:302:13 | y | A | main.rs:264:5:265:14 | struct S2 | | main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:302:17:302:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 | | main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | | main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | struct S2 | | main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:304:26:304:26 | x | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:304:26:304:26 | x | A | main.rs:262:5:263:14 | struct S1 | | main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | struct S1 | | main.rs:304:26:304:31 | x.m2(...) | | main.rs:262:5:263:14 | struct S1 | | main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:305:26:305:26 | y | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:305:26:305:26 | y | A | main.rs:264:5:265:14 | struct S2 | | main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:305:26:305:31 | y.m2(...) | | main.rs:264:5:265:14 | struct S2 | | main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | struct MyThing | @@ -441,8 +327,8 @@ inferType | main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | struct MyThing | | main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | struct MyThing | | main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | trait MyTrait | -| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | trait MyTrait | +| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | +| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | | main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | struct S | | main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | struct S | | main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | struct S | @@ -450,11 +336,8 @@ inferType | main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | struct S | | main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | struct S | | main.rs:353:26:353:31 | x.m1(...) | | main.rs:340:5:341:13 | struct S | -| main.rs:355:13:355:13 | x | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:355:17:355:17 | S | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:356:26:356:26 | x | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | struct S | | main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | enum MyEnum | | main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | @@ -482,39 +365,21 @@ inferType | main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | enum MyEnum | | main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | struct S2 | | main.rs:386:26:386:31 | y.m1(...) | | main.rs:369:5:370:14 | struct S2 | -| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:407:15:407:18 | SelfParam | Tr1 | main.rs:406:20:406:22 | Tr1 | -| main.rs:411:15:411:18 | SelfParam | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:411:15:411:18 | SelfParam | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:411:15:411:18 | SelfParam | Tr2 | main.rs:410:20:410:22 | Tr2 | +| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | +| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:416:17:416:20 | self | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | Tr2 | main.rs:410:20:410:22 | Tr2 | +| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:416:17:416:25 | self.m1(...) | | main.rs:410:20:410:22 | Tr2 | | main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:418:26:418:29 | self | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | Tr2 | main.rs:410:20:410:22 | Tr2 | -| main.rs:424:15:424:18 | SelfParam | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:424:15:424:18 | SelfParam | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:424:15:424:18 | SelfParam | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:424:15:424:18 | SelfParam | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | +| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:427:9:433:9 | { ... } | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:429:17:429:20 | self | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:429:17:429:20 | self | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:429:17:429:25 | self.m2(...) | | main.rs:391:5:394:5 | struct MyThing | | main.rs:429:17:429:25 | self.m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | @@ -522,11 +387,7 @@ inferType | main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | struct MyThing | | main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:431:26:431:29 | self | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:431:26:431:29 | self | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | struct MyThing | | main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | | main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | @@ -559,60 +420,36 @@ inferType | main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | struct S2 | | main.rs:459:26:459:31 | y.m1(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:13:461:13 | x | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:13:461:13 | x | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:17:461:33 | MyThing {...} | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | struct S1 | | main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:13:462:13 | y | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:13:462:13 | y | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:17:462:33 | MyThing {...} | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | struct S2 | | main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:464:26:464:26 | x | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:464:26:464:26 | x | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:464:26:464:31 | x.m2(...) | | main.rs:401:5:402:14 | struct S1 | | main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:465:26:465:26 | y | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:465:26:465:26 | y | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:465:26:465:31 | y.m2(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:13:467:13 | x | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:13:467:13 | x | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | struct S1 | | main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:13:468:13 | y | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:13:468:13 | y | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | struct S2 | | main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:470:26:470:26 | x | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:470:26:470:26 | x | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:470:26:470:31 | x.m3(...) | | main.rs:401:5:402:14 | struct S1 | | main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:471:26:471:26 | y | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:471:26:471:26 | y | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:471:26:471:31 | y.m3(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | | main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | @@ -685,16 +522,13 @@ inferType | main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | | main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | | main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:575:16:575:24 | SelfParam | &T.S | main.rs:574:19:574:19 | S | +| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | | main.rs:577:21:577:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:577:21:577:29 | SelfParam | &T.S | main.rs:574:19:574:19 | S | +| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:577:32:577:36 | value | | main.rs:574:19:574:19 | S | | main.rs:578:13:578:16 | self | | file://:0:0:0:0 | & | -| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:578:13:578:16 | self | &T.S | main.rs:574:19:574:19 | S | +| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | | main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | | main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | enum MyOption | @@ -733,18 +567,10 @@ inferType | main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | enum MyOption | | main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | struct S | | main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:13:612:18 | mut x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:612:13:612:18 | mut x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:612:22:612:36 | ...::new(...) | S | main.rs:601:5:602:13 | struct S | | main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:613:9:613:10 | x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | struct S | | main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:614:26:614:27 | x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:614:26:614:27 | x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | enum MyOption | | main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | struct S | | main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | @@ -940,29 +766,25 @@ inferType | main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | struct S | | main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | | main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:32:707:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | -| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:22 | self.foo(...) | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | | main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | struct MyStruct | | main.rs:720:9:720:15 | x.bar(...) | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:702:5:708:5 | trait MyTrait | | main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | struct MyStruct | From 01810cbac94a587ea5211a99550d516061355d21 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 14:59:05 +0200 Subject: [PATCH 117/409] Rust: Update `PhiDefinition.toString` --- rust/ql/lib/codeql/rust/dataflow/Ssa.qll | 2 +- .../test/library-tests/variables/Ssa.expected | 174 +++++++++--------- 2 files changed, 88 insertions(+), 88 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/Ssa.qll b/rust/ql/lib/codeql/rust/dataflow/Ssa.qll index 4a439f46b9cb..932b846c4a39 100644 --- a/rust/ql/lib/codeql/rust/dataflow/Ssa.qll +++ b/rust/ql/lib/codeql/rust/dataflow/Ssa.qll @@ -263,7 +263,7 @@ module Ssa { not exists(this.getSplitString()) and prefix = "" | - result = prefix + "phi" + result = prefix + SsaImpl::PhiDefinition.super.toString() ) } diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected index 05c6f57045d3..f45005b51a0d 100644 --- a/rust/ql/test/library-tests/variables/Ssa.expected +++ b/rust/ql/test/library-tests/variables/Ssa.expected @@ -38,45 +38,45 @@ definition | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | | main.rs:191:22:191:23 | a3 | main.rs:191:9:191:44 | a3 | | main.rs:191:42:191:43 | a3 | main.rs:191:9:191:44 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | | main.rs:205:28:205:29 | a4 | main.rs:205:9:205:81 | a4 | | main.rs:205:54:205:55 | a4 | main.rs:205:9:205:81 | a4 | | main.rs:205:79:205:80 | a4 | main.rs:205:9:205:81 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | | main.rs:209:29:209:30 | a5 | main.rs:209:9:209:83 | a5 | | main.rs:209:55:209:56 | a5 | main.rs:209:9:209:83 | a5 | | main.rs:209:81:209:82 | a5 | main.rs:209:9:209:83 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | | main.rs:213:28:213:29 | a6 | main.rs:213:9:213:83 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | | main.rs:213:55:213:56 | a6 | main.rs:213:9:213:83 | a6 | | main.rs:213:80:213:81 | a6 | main.rs:213:9:213:83 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | | main.rs:221:22:221:23 | a7 | main.rs:221:9:221:44 | a7 | | main.rs:221:42:221:43 | a7 | main.rs:221:9:221:44 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | | main.rs:233:27:233:29 | a11 | main.rs:233:14:233:51 | a11 | | main.rs:233:48:233:50 | a11 | main.rs:233:14:233:51 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | | main.rs:255:27:255:29 | a13 | main.rs:255:9:255:109 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | | main.rs:255:54:255:56 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:255:79:255:81 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:255:106:255:108 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | | main.rs:272:19:272:20 | a9 | main.rs:272:6:272:41 | a9 | | main.rs:272:39:272:40 | a9 | main.rs:272:6:272:41 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | @@ -138,7 +138,7 @@ definition | main.rs:471:5:471:15 | i | main.rs:466:13:466:13 | i | | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | | main.rs:491:13:491:14 | b1 | main.rs:491:13:491:14 | b1 | @@ -207,26 +207,26 @@ read | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | main.rs:174:24:174:34 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | main.rs:179:23:179:24 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | main.rs:190:11:190:16 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:208:11:208:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:212:11:212:12 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | main.rs:220:11:220:16 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:223:26:223:27 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:223:26:223:27 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | main.rs:231:11:231:16 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | main.rs:237:15:237:15 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | main.rs:238:28:238:30 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | main.rs:254:11:254:12 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | main.rs:266:15:266:16 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | main.rs:267:15:267:16 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | main.rs:268:15:268:16 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | main.rs:283:15:283:17 | a10 | | main.rs:280:13:280:14 | b4 | main.rs:280:13:280:14 | b4 | main.rs:284:15:284:16 | b4 | | main.rs:281:13:281:14 | c2 | main.rs:281:13:281:14 | c2 | main.rs:285:15:285:16 | c2 | @@ -297,7 +297,7 @@ read | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | main.rs:479:8:479:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:477:15:477:15 | x | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:478:15:478:15 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:481:19:481:19 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:482:19:482:19 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | main.rs:485:19:485:19 | x | @@ -372,23 +372,23 @@ firstRead | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | main.rs:174:24:174:34 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | main.rs:179:23:179:24 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | main.rs:190:11:190:16 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | main.rs:220:11:220:16 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | main.rs:231:11:231:16 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | main.rs:237:15:237:15 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | main.rs:238:28:238:30 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | main.rs:254:11:254:12 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | main.rs:266:15:266:16 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | main.rs:267:15:267:16 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | main.rs:268:15:268:16 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | main.rs:283:15:283:17 | a10 | | main.rs:280:13:280:14 | b4 | main.rs:280:13:280:14 | b4 | main.rs:284:15:284:16 | b4 | | main.rs:281:13:281:14 | c2 | main.rs:281:13:281:14 | c2 | main.rs:285:15:285:16 | c2 | @@ -444,7 +444,7 @@ firstRead | main.rs:471:5:471:15 | i | main.rs:466:13:466:13 | i | main.rs:472:15:472:15 | i | | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | main.rs:479:8:479:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:477:15:477:15 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:481:19:481:19 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | main.rs:485:19:485:19 | x | | main.rs:491:13:491:14 | b1 | main.rs:491:13:491:14 | b1 | main.rs:493:8:493:9 | b1 | @@ -477,7 +477,7 @@ adjacentReads | main.rs:128:9:128:15 | numbers | main.rs:128:9:128:15 | numbers | main.rs:130:11:130:17 | numbers | main.rs:142:11:142:17 | numbers | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | main.rs:208:11:208:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:208:11:208:12 | tv | main.rs:212:11:212:12 | tv | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | main.rs:223:26:223:27 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | main.rs:223:26:223:27 | a7 | | main.rs:288:9:288:10 | c2 | main.rs:281:13:281:14 | c2 | main.rs:294:9:294:10 | c2 | main.rs:298:15:298:16 | c2 | | main.rs:289:9:289:10 | b4 | main.rs:280:13:280:14 | b4 | main.rs:293:9:293:10 | b4 | main.rs:297:15:297:16 | b4 | | main.rs:289:9:289:10 | b4 | main.rs:280:13:280:14 | b4 | main.rs:297:15:297:16 | b4 | main.rs:311:15:311:16 | b4 | @@ -506,32 +506,32 @@ adjacentReads | main.rs:540:13:540:13 | a | main.rs:540:13:540:13 | a | main.rs:542:5:542:5 | a | main.rs:543:15:543:15 | a | | main.rs:549:9:549:9 | x | main.rs:549:9:549:9 | x | main.rs:550:20:550:20 | x | main.rs:551:15:551:15 | x | phi -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:191:22:191:23 | a3 | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:191:42:191:43 | a3 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:28:205:29 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:54:205:55 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:79:205:80 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:209:10:209:57 | [match(true)] phi | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:209:81:209:82 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | main.rs:209:29:209:30 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | main.rs:209:55:209:56 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:28:213:29 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:35:213:82 | phi | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:55:213:56 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:80:213:81 | a6 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:221:22:221:23 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:221:42:221:43 | a7 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:233:27:233:29 | a11 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:233:48:233:50 | a11 | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:27:255:29 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:35:255:82 | [match(true)] phi | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:106:255:108 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | main.rs:255:54:255:56 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | main.rs:255:79:255:81 | a13 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:272:19:272:20 | a9 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:272:39:272:40 | a9 | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:480:9:480:9 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:484:9:484:9 | x | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:191:22:191:23 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:191:42:191:43 | a3 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:28:205:29 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:54:205:55 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:79:205:80 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:81:209:82 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:29:209:30 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:55:209:56 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:28:213:29 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:35:213:82 | SSA phi(a6) | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:55:213:56 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:80:213:81 | a6 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:221:22:221:23 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:221:42:221:43 | a7 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:233:27:233:29 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:233:48:233:50 | a11 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:27:255:29 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:106:255:108 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:54:255:56 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:79:255:81 | a13 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:272:19:272:20 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:272:39:272:40 | a9 | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:480:9:480:9 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:484:9:484:9 | x | phiReadNode | main.rs:104:11:105:12 | SSA phi read(s1) | main.rs:102:9:102:10 | s1 | | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:492:9:492:9 | x | @@ -545,35 +545,35 @@ phiReadInput | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:494:19:494:19 | SSA read(x) | | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:496:19:496:19 | SSA read(x) | ultimateDef -| main.rs:191:9:191:44 | phi | main.rs:191:22:191:23 | a3 | -| main.rs:191:9:191:44 | phi | main.rs:191:42:191:43 | a3 | -| main.rs:205:9:205:81 | phi | main.rs:205:28:205:29 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:54:205:55 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:79:205:80 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:29:209:30 | a5 | -| main.rs:209:9:209:83 | phi | main.rs:209:55:209:56 | a5 | -| main.rs:209:9:209:83 | phi | main.rs:209:81:209:82 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:29:209:30 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:55:209:56 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:28:213:29 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:55:213:56 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:80:213:81 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:55:213:56 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:80:213:81 | a6 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:22:221:23 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:42:221:43 | a7 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:27:233:29 | a11 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:48:233:50 | a11 | -| main.rs:255:9:255:109 | phi | main.rs:255:27:255:29 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:54:255:56 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:79:255:81 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:106:255:108 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:54:255:56 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:79:255:81 | a13 | -| main.rs:272:6:272:41 | phi | main.rs:272:19:272:20 | a9 | -| main.rs:272:6:272:41 | phi | main.rs:272:39:272:40 | a9 | -| main.rs:479:5:487:5 | phi | main.rs:480:9:480:9 | x | -| main.rs:479:5:487:5 | phi | main.rs:484:9:484:9 | x | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:22:191:23 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:42:191:43 | a3 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:28:205:29 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:54:205:55 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:79:205:80 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:29:209:30 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:55:209:56 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:81:209:82 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:29:209:30 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:55:209:56 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:28:213:29 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:55:213:56 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:80:213:81 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:55:213:56 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:80:213:81 | a6 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:22:221:23 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:42:221:43 | a7 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:27:233:29 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:48:233:50 | a11 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:27:255:29 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:54:255:56 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:79:255:81 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:106:255:108 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:54:255:56 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:79:255:81 | a13 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:19:272:20 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:39:272:40 | a9 | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:480:9:480:9 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:484:9:484:9 | x | assigns | main.rs:16:9:16:10 | x1 | main.rs:16:14:16:16 | "a" | | main.rs:21:13:21:14 | x2 | main.rs:21:18:21:18 | 4 | From 9dea9f50466b6c519a8f70744996b98aece2c25f Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 14:59:43 +0200 Subject: [PATCH 118/409] SSA: Make `phiWithoutTwoPriorRefs` consistency check more informative --- .../CWE-089/CONSISTENCY/SsaConsistency.expected | 4 ++-- shared/ssa/codeql/ssa/Ssa.qll | 13 ++++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected index d5074d0d43a3..cc715332c840 100644 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected @@ -1,4 +1,4 @@ uselessPhiNode -| sqlx.rs:155:5:157:5 | phi | 1 | +| sqlx.rs:155:5:157:5 | SSA phi(arg0) | 1 | phiWithoutTwoPriorRefs -| sqlx.rs:155:5:157:5 | phi | 1 | +| sqlx.rs:155:5:157:5 | SSA phi(arg0) | sqlx.rs:155:5:157:5 | if enable_remote {...} | sqlx.rs:156:17:156:86 | arg0 | 1 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 2bbdb6e2a478..c7e2a507d67f 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1412,13 +1412,12 @@ module Make Input> { } /** Holds if `phi` has less than 2 immediately prior references. */ - query predicate phiWithoutTwoPriorRefs(PhiNode phi, int inputRefs) { - exists(BasicBlock bbPhi, SourceVariable v | - phi.definesAt(v, bbPhi, _) and - inputRefs = - count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and - inputRefs < 2 - ) + query predicate phiWithoutTwoPriorRefs( + PhiNode phi, BasicBlock bbPhi, SourceVariable v, int inputRefs + ) { + phi.definesAt(v, bbPhi, _) and + inputRefs = count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and + inputRefs < 2 } /** From dcaeeabad8d65782764314e70088faf23797bd2b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 15:01:58 +0200 Subject: [PATCH 119/409] Rust: Fix `capturedCallRead` --- rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll | 2 +- .../security/CWE-089/CONSISTENCY/SsaConsistency.expected | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll index dcfe4f0edaf6..f2500f32ca80 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll @@ -189,7 +189,7 @@ private predicate capturedCallRead(Expr call, BasicBlock bb, int i, Variable v) hasCapturedRead(pragma[only_bind_into](v), pragma[only_bind_into](scope)) and ( variableWriteInOuterScope(bb, any(int j | j < i), v, scope) or - variableWriteInOuterScope(bb.getAPredecessor+(), _, v, scope) + variableWriteInOuterScope(bb.getImmediateDominator+(), _, v, scope) ) and call = bb.getNode(i).getAstNode() ) diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected deleted file mode 100644 index cc715332c840..000000000000 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected +++ /dev/null @@ -1,4 +0,0 @@ -uselessPhiNode -| sqlx.rs:155:5:157:5 | SSA phi(arg0) | 1 | -phiWithoutTwoPriorRefs -| sqlx.rs:155:5:157:5 | SSA phi(arg0) | sqlx.rs:155:5:157:5 | if enable_remote {...} | sqlx.rs:156:17:156:86 | arg0 | 1 | From 9b2eff88a6db7f5a277006dcf3a6909674d7e7f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 1 Apr 2025 15:17:52 +0200 Subject: [PATCH 120/409] restore original port --- .../java/buildless-snapshot-repository/test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index d343ce4b9621..2241f2917b97 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -3,11 +3,11 @@ def test(codeql, java): - # This serves the "repo" directory on http://localhost:9428 - command = ["python3", "-m", "http.server", "9428", "-b", "localhost"] + # This serves the "repo" directory on http://localhost:9427 + command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["nice", "-n", "10"] + command + command = ["sudo", "nice", "-n", "10"] + command repo_server_process = subprocess.Popen( command, cwd="repo" ) From e1ef56b8bb9242234078c685eff27ab13fc13d78 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 15:23:16 +0200 Subject: [PATCH 121/409] Swift: Fix accidental cartesian product. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index f052ed8b3147..ed75a06e5349 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -159,6 +159,7 @@ module Ssa { cached predicate adjacentReadPair(ControlFlowNode read1, ControlFlowNode read2) { + read1 = this.getARead() and exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getNode(i1) and SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and From c9fc7882e6ff1396c957cb6b1d459dc8bcdc32dd Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 1 Apr 2025 13:59:19 +0000 Subject: [PATCH 122/409] Actions: Fix bad performance in `getTargetPath` Seen on `github/codeql`, some queries had very poor performance: ``` [2/24 eval 36m4s] Evaluation done; writing results to codeql/actions-queries/Security/CWE-312/ExcessiveSecretsExposure.bqrs ``` Investigating further lead to the following worrying sequence of joins (after I ran out of patience and cancelled the query): ``` [2025-04-01 12:31:03] Tuple counts for Yaml::YamlInclude.getTargetPath/0#dispred#32565107#fb#reorder_1_0/2@i6#9f4b2jw1 after 8m40s: ... 559418 ~33% {1} r5 = SCAN `Yaml::YamlNode.getLocation/0#dispred#24555c57#prev_delta` OUTPUT In.1 ... 909345525 ~821% {3} r7 = JOIN r5 WITH `Yaml::YamlNode.getLocation/0#dispred#24555c57#prev` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0 'result', Rhs.0 909342139 ~779% {3} | JOIN WITH `Locations::Location.getFile/0#dispred#dcf38c8d#prev` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'result', Lhs.2 909338753 ~794% {3} | JOIN WITH containerparent_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'result', Lhs.2 909335367 ~824% {3} | JOIN WITH `FileSystem::Container.getAbsolutePath/0#dispred#d234e6fa` ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'result', Rhs.1 883246724 ~812% {3} | JOIN WITH `Yaml::YamlNode.getDocument/0#dispred#ee1eb3bf#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.1 'result', Lhs.2 760047185 ~838% {5} | JOIN WITH yaml_scalars ON FIRST 1 OUTPUT Lhs.1 'result', Lhs.0 'this', Rhs.2, _, Lhs.2 0 ~0% {4} | REWRITE WITH Tmp.3 := "/", Out.3 := (In.4 ++ Tmp.3 ++ InOut.2), TEST Out.3 = InOut.0 KEEPING 4 {4} | REWRITE WITH NOT [TEST InOut.2 startsWith "/"] ... ``` The culprit turned out to be the following method on class `YamlInclude` ```ql private string getTargetPath() { exists(string path | path = this.getValue() | if path.matches("/%") then result = path else result = this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + path ) } ``` Basically, in the `else` branch, the evaluator was producing all possible values of `result` before filtering out the ones where the `path` component started with a forward slash. To fix this, I opted to factor out the logic into two helper predicates, each accounting for whether `this.getValue()` does or does not start with a `/`. With this, evaluating the original query from a clean cache takes roughly 3.3s. --- shared/yaml/codeql/yaml/Yaml.qll | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/shared/yaml/codeql/yaml/Yaml.qll b/shared/yaml/codeql/yaml/Yaml.qll index 028654de226c..422be89124fb 100644 --- a/shared/yaml/codeql/yaml/Yaml.qll +++ b/shared/yaml/codeql/yaml/Yaml.qll @@ -424,14 +424,23 @@ module Make { * Gets the absolute path of the file included by this directive. */ private string getTargetPath() { - exists(string path | path = this.getValue() | - if path.matches("/%") - then result = path - else - result = - this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + - path - ) + result = this.getAbsolutePath() + or + result = + this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + + this.getRelativePath() + } + + /** Join-order helper for `getTargetPath`. Gets the path but only if it is an absolute path. */ + private string getAbsolutePath() { + result = this.getValue() and + result.matches("/%") + } + + /** Join-order helper for `getTargetPath`. Gets the path, but only if it is a relative path. */ + private string getRelativePath() { + result = this.getValue() and + not result.matches("/%") } } From e1784bb10c5188aa9a30b70a390db83ebd55ebe3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 18:26:06 +0200 Subject: [PATCH 123/409] JS: Fix handling of spread args on a bound function --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 9 ++++++--- javascript/ql/test/ApiGraphs/spread/tst.js | 9 +++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index a1ffc8c02f12..84bfa67de981 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -962,11 +962,14 @@ module API { } private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { - exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | + exists( + DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke, int spreadPos + | use(base, use) and pred = trackUseNode(use, _, bound, "") and - invoke = getAnInvocationWithSpread(pred, i) and - spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() + invoke = getAnInvocationWithSpread(pred, spreadPos) and + spreadArray = invoke.getArgument(spreadPos).(SpreadElement).getOperand().flow() and + i = bound + spreadPos ) } diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index 67fed3ef13e1..33fcb81662cb 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -18,3 +18,12 @@ function getArgs() { } lib.m2(...getArgs()); + +function f3() { + return [ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */ + ] +} + +lib.m3.bind(undefined, 1)(...f3()); From 4746cfddf255c492cfbbba307350a67c48ade3f7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 1 Apr 2025 16:26:07 +0200 Subject: [PATCH 124/409] JS: Add clarifying comment --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 84bfa67de981..974fdd7c0cbf 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -866,6 +866,14 @@ module API { .getAReturn() ) or + // Handle rest parameters escaping into external code. For example: + // + // function foo(...rest) { + // externalFunc(rest); + // } + // + // Here, 'rest' reaches a def-node at the call to externalFunc, so we need to ensure + // the arguments passed to 'foo' are stored in the 'rest' array. exists(Function fun, DataFlow::InvokeNode invoke, int argIndex, Parameter rest | fun.getRestParameter() = rest and rest.flow() = pred and From 8afdf25e9a761f6141f305b1b15bd4a2e5581964 Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 1 Apr 2025 14:50:00 +0000 Subject: [PATCH 125/409] Actions: Mark helper predicate as `noinline`. --- shared/yaml/codeql/yaml/Yaml.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/shared/yaml/codeql/yaml/Yaml.qll b/shared/yaml/codeql/yaml/Yaml.qll index 422be89124fb..1467fd09d137 100644 --- a/shared/yaml/codeql/yaml/Yaml.qll +++ b/shared/yaml/codeql/yaml/Yaml.qll @@ -438,6 +438,7 @@ module Make { } /** Join-order helper for `getTargetPath`. Gets the path, but only if it is a relative path. */ + pragma[noinline] private string getRelativePath() { result = this.getValue() and not result.matches("/%") From bd7c684c6c5d8a500e5e4ca3f7181fc9e43508d8 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:06:32 +0200 Subject: [PATCH 126/409] actions: add test with empty permissions --- .../Security/CWE-275/.github/workflows/perms7.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml diff --git a/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml new file mode 100644 index 000000000000..0ec255f0d109 --- /dev/null +++ b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml @@ -0,0 +1,10 @@ +on: + workflow_call: + workflow_dispatch: + +jobs: + build: + name: Build and test + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v2 From ee1eb199b557970e2675c2afd1efaba0949980a0 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:02 +0200 Subject: [PATCH 127/409] actions: add description of `actionsPermissionsDataModel` --- actions/ql/lib/codeql/actions/config/ConfigExtensions.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index b86ce68a5fdd..906cabbd27d1 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -80,5 +80,10 @@ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); /** * Holds if `action` needs `permission` to run. + * - 'action' is the name of the action without any version information. + * E.g. for the action selector `actions/checkout@v2`, `action` is `actions/checkout`. + * - `permission` is of the form `scope-name: read|write`, for example `contents: read`. + * - see https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions + * for an example of recommended permissions. */ extensible predicate actionsPermissionsDataModel(string action, string permission); From 6fd8aba5609b84979a7c3ade3c94acfe37b9167c Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:21 +0200 Subject: [PATCH 128/409] actions: simplify using existing `UsesStep` --- .../Security/CWE-275/MissingActionsPermissions.ql | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index bc3b4869a8d1..aedf65bc564e 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -16,18 +16,8 @@ import actions Step stepInJob(Job job) { result = job.(LocalJob).getAStep() } -bindingset[fullActionSelector] -string versionedAction(string fullActionSelector) { - result = fullActionSelector.substring(0, fullActionSelector.indexOf("@")) - or - not exists(fullActionSelector.indexOf("@")) and - result = fullActionSelector -} - -string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } - string jobNeedsPermission(Job job) { - actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) + actionsPermissionsDataModel(stepInJob(job).(UsesStep).getCallee(), result) } /** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ From fb6296a5647ed33ad98fcfb2f36140ff570502a9 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:07:40 +0100 Subject: [PATCH 129/409] Persistence models: recognise jakarta.persistence --- .../java/frameworks/javaee/Persistence.qll | 220 +++++++++++------- 1 file changed, 140 insertions(+), 80 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index e60659426e56..b1f256878af5 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -4,6 +4,10 @@ import java +private string getAPersistencePackageName() { + result = ["javax.persistence", "jakarta.persistence"] +} + /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA * compatible framework. @@ -27,7 +31,7 @@ class PersistentEntity extends RefType { else // If the access type is not explicit, then the location of the `Id` annotation determines // which access type is used. - if this.getAMethod().hasAnnotation("javax.persistence", "Id") + if this.getAMethod().hasAnnotation(getAPersistencePackageName(), "Id") then result = "property" else result = "field" } @@ -51,14 +55,16 @@ class PersistentEntity extends RefType { * A `@javax.persistence.Access` annotation. */ class AccessAnnotation extends Annotation { - AccessAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Access") } + AccessAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Access") } } /** * A `@javax.persistence.AccessType` annotation. */ class AccessTypeAnnotation extends Annotation { - AccessTypeAnnotation() { this.getType().hasQualifiedName("javax.persistence", "AccessType") } + AccessTypeAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "AccessType") + } } /** @@ -66,7 +72,7 @@ class AccessTypeAnnotation extends Annotation { */ class AssociationOverrideAnnotation extends Annotation { AssociationOverrideAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AssociationOverride") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverride") } } @@ -75,7 +81,7 @@ class AssociationOverrideAnnotation extends Annotation { */ class AssociationOverridesAnnotation extends Annotation { AssociationOverridesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AssociationOverrides") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverrides") } } @@ -84,7 +90,7 @@ class AssociationOverridesAnnotation extends Annotation { */ class AttributeOverrideAnnotation extends Annotation { AttributeOverrideAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AttributeOverride") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverride") } } @@ -93,7 +99,7 @@ class AttributeOverrideAnnotation extends Annotation { */ class AttributeOverridesAnnotation extends Annotation { AttributeOverridesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AttributeOverrides") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverrides") } } @@ -101,14 +107,16 @@ class AttributeOverridesAnnotation extends Annotation { * A `@javax.persistence.Basic` annotation. */ class BasicAnnotation extends Annotation { - BasicAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Basic") } + BasicAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Basic") } } /** * A `@javax.persistence.Cacheable` annotation. */ class CacheableAnnotation extends Annotation { - CacheableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Cacheable") } + CacheableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Cacheable") + } } /** @@ -116,7 +124,7 @@ class CacheableAnnotation extends Annotation { */ class CollectionTableAnnotation extends Annotation { CollectionTableAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "CollectionTable") + this.getType().hasQualifiedName(getAPersistencePackageName(), "CollectionTable") } } @@ -124,14 +132,16 @@ class CollectionTableAnnotation extends Annotation { * A `@javax.persistence.Column` annotation. */ class ColumnAnnotation extends Annotation { - ColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Column") } + ColumnAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Column") } } /** * A `@javax.persistence.ColumnResult` annotation. */ class ColumnResultAnnotation extends Annotation { - ColumnResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ColumnResult") } + ColumnResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ColumnResult") + } } /** @@ -139,7 +149,7 @@ class ColumnResultAnnotation extends Annotation { */ class DiscriminatorColumnAnnotation extends Annotation { DiscriminatorColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "DiscriminatorColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorColumn") } } @@ -148,7 +158,7 @@ class DiscriminatorColumnAnnotation extends Annotation { */ class DiscriminatorValueAnnotation extends Annotation { DiscriminatorValueAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "DiscriminatorValue") + this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorValue") } } @@ -157,7 +167,7 @@ class DiscriminatorValueAnnotation extends Annotation { */ class ElementCollectionAnnotation extends Annotation { ElementCollectionAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ElementCollection") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ElementCollection") } } @@ -165,28 +175,32 @@ class ElementCollectionAnnotation extends Annotation { * A `@javax.persistence.Embeddable` annotation. */ class EmbeddableAnnotation extends Annotation { - EmbeddableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embeddable") } + EmbeddableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Embeddable") + } } /** * A `@javax.persistence.Embedded` annotation. */ class EmbeddedAnnotation extends Annotation { - EmbeddedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embedded") } + EmbeddedAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Embedded") } } /** * A `@javax.persistence.EmbeddedId` annotation. */ class EmbeddedIdAnnotation extends Annotation { - EmbeddedIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EmbeddedId") } + EmbeddedIdAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "EmbeddedId") + } } /** * A `@javax.persistence.Entity` annotation. */ class EntityAnnotation extends Annotation { - EntityAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Entity") } + EntityAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Entity") } } /** @@ -194,7 +208,7 @@ class EntityAnnotation extends Annotation { */ class EntityListenersAnnotation extends Annotation { EntityListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "EntityListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityListeners") } } @@ -202,14 +216,18 @@ class EntityListenersAnnotation extends Annotation { * A `@javax.persistence.EntityResult` annotation. */ class EntityResultAnnotation extends Annotation { - EntityResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EntityResult") } + EntityResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityResult") + } } /** * A `@javax.persistence.Enumerated` annotation. */ class EnumeratedAnnotation extends Annotation { - EnumeratedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Enumerated") } + EnumeratedAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Enumerated") + } } /** @@ -217,7 +235,7 @@ class EnumeratedAnnotation extends Annotation { */ class ExcludeDefaultListenersAnnotation extends Annotation { ExcludeDefaultListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ExcludeDefaultListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeDefaultListeners") } } @@ -226,7 +244,7 @@ class ExcludeDefaultListenersAnnotation extends Annotation { */ class ExcludeSuperclassListenersAnnotation extends Annotation { ExcludeSuperclassListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ExcludeSuperclassListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeSuperclassListeners") } } @@ -234,7 +252,9 @@ class ExcludeSuperclassListenersAnnotation extends Annotation { * A `@javax.persistence.FieldResult` annotation. */ class FieldResultAnnotation extends Annotation { - FieldResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "FieldResult") } + FieldResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "FieldResult") + } } /** @@ -242,7 +262,7 @@ class FieldResultAnnotation extends Annotation { */ class GeneratedValueAnnotation extends Annotation { GeneratedValueAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "GeneratedValue") + this.getType().hasQualifiedName(getAPersistencePackageName(), "GeneratedValue") } } @@ -250,84 +270,100 @@ class GeneratedValueAnnotation extends Annotation { * A `@javax.persistence.Id` annotation. */ class IdAnnotation extends Annotation { - IdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Id") } + IdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Id") } } /** * A `@javax.persistence.IdClass` annotation. */ class IdClassAnnotation extends Annotation { - IdClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "IdClass") } + IdClassAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "IdClass") } } /** * A `@javax.persistence.Inheritance` annotation. */ class InheritanceAnnotation extends Annotation { - InheritanceAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Inheritance") } + InheritanceAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Inheritance") + } } /** * A `@javax.persistence.JoinColumn` annotation. */ class JoinColumnAnnotation extends Annotation { - JoinColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumn") } + JoinColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumn") + } } /** * A `@javax.persistence.JoinColumns` annotation. */ class JoinColumnsAnnotation extends Annotation { - JoinColumnsAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumns") } + JoinColumnsAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumns") + } } /** * A `@javax.persistence.JoinTable` annotation. */ class JoinTableAnnotation extends Annotation { - JoinTableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinTable") } + JoinTableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinTable") + } } /** * A `@javax.persistence.Lob` annotation. */ class LobAnnotation extends Annotation { - LobAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Lob") } + LobAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Lob") } } /** * A `@javax.persistence.ManyToMany` annotation. */ class ManyToManyAnnotation extends Annotation { - ManyToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToMany") } + ManyToManyAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToMany") + } } /** * A `@javax.persistence.ManyToOne` annotation. */ class ManyToOneAnnotation extends Annotation { - ManyToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToOne") } + ManyToOneAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToOne") + } } /** * A `@javax.persistence.MapKey` annotation. */ class MapKeyAnnotation extends Annotation { - MapKeyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKey") } + MapKeyAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKey") } } /** * A `@javax.persistence.MapKeyClass` annotation. */ class MapKeyClassAnnotation extends Annotation { - MapKeyClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyClass") } + MapKeyClassAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyClass") + } } /** * A `@javax.persistence.MapKeyColumn` annotation. */ class MapKeyColumnAnnotation extends Annotation { - MapKeyColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyColumn") } + MapKeyColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyColumn") + } } /** @@ -335,7 +371,7 @@ class MapKeyColumnAnnotation extends Annotation { */ class MapKeyEnumeratedAnnotation extends Annotation { MapKeyEnumeratedAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyEnumerated") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyEnumerated") } } @@ -344,7 +380,7 @@ class MapKeyEnumeratedAnnotation extends Annotation { */ class MapKeyJoinColumnAnnotation extends Annotation { MapKeyJoinColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumn") } } @@ -353,7 +389,7 @@ class MapKeyJoinColumnAnnotation extends Annotation { */ class MapKeyJoinColumnsAnnotation extends Annotation { MapKeyJoinColumnsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumns") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumns") } } @@ -362,7 +398,7 @@ class MapKeyJoinColumnsAnnotation extends Annotation { */ class MapKeyTemporalAnnotation extends Annotation { MapKeyTemporalAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyTemporal") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyTemporal") } } @@ -371,7 +407,7 @@ class MapKeyTemporalAnnotation extends Annotation { */ class MappedSuperclassAnnotation extends Annotation { MappedSuperclassAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MappedSuperclass") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MappedSuperclass") } } @@ -379,7 +415,7 @@ class MappedSuperclassAnnotation extends Annotation { * A `@javax.persistence.MapsId` annotation. */ class MapsIdAnnotation extends Annotation { - MapsIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapsId") } + MapsIdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapsId") } } /** @@ -387,7 +423,7 @@ class MapsIdAnnotation extends Annotation { */ class NamedNativeQueriesAnnotation extends Annotation { NamedNativeQueriesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "NamedNativeQueries") + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQueries") } } @@ -396,7 +432,7 @@ class NamedNativeQueriesAnnotation extends Annotation { */ class NamedNativeQueryAnnotation extends Annotation { NamedNativeQueryAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "NamedNativeQuery") + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQuery") } } @@ -404,42 +440,50 @@ class NamedNativeQueryAnnotation extends Annotation { * A `@javax.persistence.NamedQueries` annotation. */ class NamedQueriesAnnotation extends Annotation { - NamedQueriesAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQueries") } + NamedQueriesAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQueries") + } } /** * A `@javax.persistence.NamedQuery` annotation. */ class NamedQueryAnnotation extends Annotation { - NamedQueryAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQuery") } + NamedQueryAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQuery") + } } /** * A `@javax.persistence.OneToMany` annotation. */ class OneToManyAnnotation extends Annotation { - OneToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToMany") } + OneToManyAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToMany") + } } /** * A `@javax.persistence.OneToOne` annotation. */ class OneToOneAnnotation extends Annotation { - OneToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToOne") } + OneToOneAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToOne") } } /** * A `@javax.persistence.OrderBy` annotation. */ class OrderByAnnotation extends Annotation { - OrderByAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderBy") } + OrderByAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderBy") } } /** * A `@javax.persistence.OrderColumn` annotation. */ class OrderColumnAnnotation extends Annotation { - OrderColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderColumn") } + OrderColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderColumn") + } } /** @@ -447,7 +491,7 @@ class OrderColumnAnnotation extends Annotation { */ class PersistenceContextAnnotation extends Annotation { PersistenceContextAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceContext") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContext") } } @@ -456,7 +500,7 @@ class PersistenceContextAnnotation extends Annotation { */ class PersistenceContextsAnnotation extends Annotation { PersistenceContextsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceContexts") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContexts") } } @@ -465,7 +509,7 @@ class PersistenceContextsAnnotation extends Annotation { */ class PersistencePropertyAnnotation extends Annotation { PersistencePropertyAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceProperty") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceProperty") } } @@ -474,7 +518,7 @@ class PersistencePropertyAnnotation extends Annotation { */ class PersistenceUnitAnnotation extends Annotation { PersistenceUnitAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceUnit") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnit") } } @@ -483,7 +527,7 @@ class PersistenceUnitAnnotation extends Annotation { */ class PersistenceUnitsAnnotation extends Annotation { PersistenceUnitsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceUnits") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnits") } } @@ -491,49 +535,61 @@ class PersistenceUnitsAnnotation extends Annotation { * A `@javax.persistence.PostLoad` annotation. */ class PostLoadAnnotation extends Annotation { - PostLoadAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostLoad") } + PostLoadAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "PostLoad") } } /** * A `@javax.persistence.PostPersist` annotation. */ class PostPersistAnnotation extends Annotation { - PostPersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostPersist") } + PostPersistAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostPersist") + } } /** * A `@javax.persistence.PostRemove` annotation. */ class PostRemoveAnnotation extends Annotation { - PostRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostRemove") } + PostRemoveAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostRemove") + } } /** * A `@javax.persistence.PostUpdate` annotation. */ class PostUpdateAnnotation extends Annotation { - PostUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostUpdate") } + PostUpdateAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostUpdate") + } } /** * A `@javax.persistence.PrePersist` annotation. */ class PrePersistAnnotation extends Annotation { - PrePersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PrePersist") } + PrePersistAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrePersist") + } } /** * A `@javax.persistence.PreRemove` annotation. */ class PreRemoveAnnotation extends Annotation { - PreRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreRemove") } + PreRemoveAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PreRemove") + } } /** * A `@javax.persistence.PreUpdate` annotation. */ class PreUpdateAnnotation extends Annotation { - PreUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreUpdate") } + PreUpdateAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PreUpdate") + } } /** @@ -541,7 +597,7 @@ class PreUpdateAnnotation extends Annotation { */ class PrimaryKeyJoinColumnAnnotation extends Annotation { PrimaryKeyJoinColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumn") } } @@ -550,7 +606,7 @@ class PrimaryKeyJoinColumnAnnotation extends Annotation { */ class PrimaryKeyJoinColumnsAnnotation extends Annotation { PrimaryKeyJoinColumnsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumns") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumns") } } @@ -558,7 +614,9 @@ class PrimaryKeyJoinColumnsAnnotation extends Annotation { * A `@javax.persistence.QueryHint` annotation. */ class QueryHintAnnotation extends Annotation { - QueryHintAnnotation() { this.getType().hasQualifiedName("javax.persistence", "QueryHint") } + QueryHintAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "QueryHint") + } } /** @@ -566,7 +624,7 @@ class QueryHintAnnotation extends Annotation { */ class SecondaryTableAnnotation extends Annotation { SecondaryTableAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SecondaryTable") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTable") } } @@ -575,7 +633,7 @@ class SecondaryTableAnnotation extends Annotation { */ class SecondaryTablesAnnotation extends Annotation { SecondaryTablesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SecondaryTables") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTables") } } @@ -584,7 +642,7 @@ class SecondaryTablesAnnotation extends Annotation { */ class SequenceGeneratorAnnotation extends Annotation { SequenceGeneratorAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SequenceGenerator") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SequenceGenerator") } } @@ -593,7 +651,7 @@ class SequenceGeneratorAnnotation extends Annotation { */ class SqlResultSetMappingAnnotation extends Annotation { SqlResultSetMappingAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMapping") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMapping") } } @@ -602,7 +660,7 @@ class SqlResultSetMappingAnnotation extends Annotation { */ class SqlResultSetMappingsAnnotation extends Annotation { SqlResultSetMappingsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMappings") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMappings") } } @@ -610,7 +668,7 @@ class SqlResultSetMappingsAnnotation extends Annotation { * A `@javax.persistence.Table` annotation. */ class TableAnnotation extends Annotation { - TableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Table") } + TableAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Table") } } /** @@ -618,7 +676,7 @@ class TableAnnotation extends Annotation { */ class TableGeneratorAnnotation extends Annotation { TableGeneratorAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "TableGenerator") + this.getType().hasQualifiedName(getAPersistencePackageName(), "TableGenerator") } } @@ -626,14 +684,16 @@ class TableGeneratorAnnotation extends Annotation { * A `@javax.persistence.Temporal` annotation. */ class TemporalAnnotation extends Annotation { - TemporalAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Temporal") } + TemporalAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Temporal") } } /** * A `@javax.persistence.Transient` annotation. */ class TransientAnnotation extends Annotation { - TransientAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Transient") } + TransientAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Transient") + } } /** @@ -641,7 +701,7 @@ class TransientAnnotation extends Annotation { */ class UniqueConstraintAnnotation extends Annotation { UniqueConstraintAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "UniqueConstraint") + this.getType().hasQualifiedName(getAPersistencePackageName(), "UniqueConstraint") } } @@ -649,12 +709,12 @@ class UniqueConstraintAnnotation extends Annotation { * A `@javax.persistence.Version` annotation. */ class VersionAnnotation extends Annotation { - VersionAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Version") } + VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } } /** The interface `javax.persistence.EntityManager`. */ class TypeEntityManager extends Interface { - TypeEntityManager() { this.hasQualifiedName("javax.persistence", "EntityManager") } + TypeEntityManager() { this.hasQualifiedName(getAPersistencePackageName(), "EntityManager") } /** Gets a method named `createQuery` declared in the `EntityManager` interface. */ Method getACreateQueryMethod() { @@ -677,7 +737,7 @@ class TypeEntityManager extends Interface { /** The interface `javax.persistence.Query`, which represents queries in the Java Persistence Query Language. */ class TypeQuery extends Interface { - TypeQuery() { this.hasQualifiedName("javax.persistence", "Query") } + TypeQuery() { this.hasQualifiedName(getAPersistencePackageName(), "Query") } /** Gets a method named `setParameter` declared in the `Query` interface. */ Method getASetParameterMethod() { From d83f35ff648942215dd5db69151cca947eb2f8e3 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:43 +0200 Subject: [PATCH 130/409] actions: remove unneded API --- actions/ql/lib/codeql/actions/Ast.qll | 2 -- actions/ql/lib/codeql/actions/ast/internal/Ast.qll | 2 -- 2 files changed, 4 deletions(-) diff --git a/actions/ql/lib/codeql/actions/Ast.qll b/actions/ql/lib/codeql/actions/Ast.qll index a50febdea973..8c1925f3288c 100644 --- a/actions/ql/lib/codeql/actions/Ast.qll +++ b/actions/ql/lib/codeql/actions/Ast.qll @@ -242,8 +242,6 @@ class Step extends AstNode instanceof StepImpl { If getIf() { result = super.getIf() } - AstNode getUses() { result = super.getUses() } - StepsContainer getContainer() { result = super.getContainer() } Step getNextStep() { result = super.getNextStep() } diff --git a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll index 44ae082a34db..b0cbb8a1d79e 100644 --- a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll +++ b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll @@ -1194,8 +1194,6 @@ class StepImpl extends AstNodeImpl, TStepNode { /** Gets the value of the `if` field in this step, if any. */ IfImpl getIf() { result.getNode() = n.lookup("if") } - AstNodeImpl getUses() { result.getNode() = n.lookup("uses") } - /** Gets the Runs or LocalJob that this step is in. */ StepsContainerImpl getContainer() { result = this.getParentNode().(RunsImpl) or From 80ae8794f55a6bcedf90e12c6757270845a50e82 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:57 +0200 Subject: [PATCH 131/409] actions: update test expectations --- .../Security/CWE-275/MissingActionsPermissions.expected | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected index c7103d6f8ddc..1a3c36c78ca1 100644 --- a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected +++ b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected @@ -1,4 +1,5 @@ -| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read, id-token: write, pages: write} | +| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, id-token: write, pages: write} | +| .github/workflows/perms7.yml:7:5:10:38 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {} | From a5a6fd37dfc0f77f6db7bed6a9c6b5178263707c Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:19:42 +0100 Subject: [PATCH 132/409] Enable recognising jakarta.persistence in dead-code queries --- java/ql/lib/semmle/code/java/deadcode/DeadField.qll | 5 +++-- java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll | 3 ++- .../lib/semmle/code/java/frameworks/javaee/Persistence.qll | 5 ++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index 48cfd945375a..b1a990ac246f 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -3,6 +3,7 @@ import semmle.code.java.deadcode.DeadCode import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.jackson.JacksonSerializability +import semmle.code.java.frameworks.javaee.Persistence /** * A field that is from a source file. @@ -161,10 +162,10 @@ class JpaReadField extends ReflectivelyReadField { this = entity.getAField() and ( entity.getAccessType() = "field" or - this.hasAnnotation("javax.persistence", "Access") + this.hasAnnotation(getAPersistencePackageName(), "Access") ) | - not this.hasAnnotation("javax.persistence", "Transient") and + not this.hasAnnotation(getAPersistencePackageName(), "Transient") and not this.isStatic() and not this.isFinal() ) diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index bca78aeae05c..7c0a2fdc2d37 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -7,6 +7,7 @@ import semmle.code.java.deadcode.StrutsEntryPoints import semmle.code.java.deadcode.TestEntryPoints import semmle.code.java.deadcode.WebEntryPoints import semmle.code.java.frameworks.javaee.JavaServerFaces +import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.JaxWS import semmle.code.java.JMX @@ -395,7 +396,7 @@ class PersistencePropertyMethod extends CallableEntryPoint { this = e.getACallable() and ( e.getAccessType() = "property" or - this.hasAnnotation("javax.persistence", "Access") + this.hasAnnotation(getAPersistencePackageName(), "Access") ) and ( this.getName().matches("get%") or diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index b1f256878af5..482988050d2e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -4,7 +4,10 @@ import java -private string getAPersistencePackageName() { +/** + * Gets a JavaEE Persistence API package name. + */ +string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } From 50119ae481ed4a8f6fa4f89a26b89532624e6b80 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:20:06 +0100 Subject: [PATCH 133/409] Update docs --- .../java/frameworks/javaee/Persistence.qll | 162 +++++++++--------- 1 file changed, 80 insertions(+), 82 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index 482988050d2e..1cb9af2e0d9a 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -7,9 +7,7 @@ import java /** * Gets a JavaEE Persistence API package name. */ -string getAPersistencePackageName() { - result = ["javax.persistence", "jakarta.persistence"] -} +string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA @@ -40,7 +38,7 @@ class PersistentEntity extends RefType { } /** - * Gets the access type for this entity as defined by a `@javax.persistence.Access` annotation, + * Gets the access type for this entity as defined by a `@{javax,jakarta}.persistence.Access` annotation, * if any, in lower case. */ string getAccessTypeFromAnnotation() { @@ -51,18 +49,18 @@ class PersistentEntity extends RefType { } /* - * Annotations in the `javax.persistence` package. + * Annotations in the `{javax,jakarta}.persistence` package. */ /** - * A `@javax.persistence.Access` annotation. + * A `@{javax,jakarta}.persistence.Access` annotation. */ class AccessAnnotation extends Annotation { AccessAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Access") } } /** - * A `@javax.persistence.AccessType` annotation. + * A `@{javax,jakarta}.persistence.AccessType` annotation. */ class AccessTypeAnnotation extends Annotation { AccessTypeAnnotation() { @@ -71,7 +69,7 @@ class AccessTypeAnnotation extends Annotation { } /** - * A `@javax.persistence.AssociationOverride` annotation. + * A `@{javax,jakarta}.persistence.AssociationOverride` annotation. */ class AssociationOverrideAnnotation extends Annotation { AssociationOverrideAnnotation() { @@ -80,7 +78,7 @@ class AssociationOverrideAnnotation extends Annotation { } /** - * A `@javax.persistence.AssociationOverrides` annotation. + * A `@{javax,jakarta}.persistence.AssociationOverrides` annotation. */ class AssociationOverridesAnnotation extends Annotation { AssociationOverridesAnnotation() { @@ -89,7 +87,7 @@ class AssociationOverridesAnnotation extends Annotation { } /** - * A `@javax.persistence.AttributeOverride` annotation. + * A `@{javax,jakarta}.persistence.AttributeOverride` annotation. */ class AttributeOverrideAnnotation extends Annotation { AttributeOverrideAnnotation() { @@ -98,7 +96,7 @@ class AttributeOverrideAnnotation extends Annotation { } /** - * A `@javax.persistence.AttributeOverrides` annotation. + * A `@{javax,jakarta}.persistence.AttributeOverrides` annotation. */ class AttributeOverridesAnnotation extends Annotation { AttributeOverridesAnnotation() { @@ -107,14 +105,14 @@ class AttributeOverridesAnnotation extends Annotation { } /** - * A `@javax.persistence.Basic` annotation. + * A `@{javax,jakarta}.persistence.Basic` annotation. */ class BasicAnnotation extends Annotation { BasicAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Basic") } } /** - * A `@javax.persistence.Cacheable` annotation. + * A `@{javax,jakarta}.persistence.Cacheable` annotation. */ class CacheableAnnotation extends Annotation { CacheableAnnotation() { @@ -123,7 +121,7 @@ class CacheableAnnotation extends Annotation { } /** - * A `@javax.persistence.CollectionTable` annotation. + * A `@{javax,jakarta}.persistence.CollectionTable` annotation. */ class CollectionTableAnnotation extends Annotation { CollectionTableAnnotation() { @@ -132,14 +130,14 @@ class CollectionTableAnnotation extends Annotation { } /** - * A `@javax.persistence.Column` annotation. + * A `@{javax,jakarta}.persistence.Column` annotation. */ class ColumnAnnotation extends Annotation { ColumnAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Column") } } /** - * A `@javax.persistence.ColumnResult` annotation. + * A `@{javax,jakarta}.persistence.ColumnResult` annotation. */ class ColumnResultAnnotation extends Annotation { ColumnResultAnnotation() { @@ -148,7 +146,7 @@ class ColumnResultAnnotation extends Annotation { } /** - * A `@javax.persistence.DiscriminatorColumn` annotation. + * A `@{javax,jakarta}.persistence.DiscriminatorColumn` annotation. */ class DiscriminatorColumnAnnotation extends Annotation { DiscriminatorColumnAnnotation() { @@ -157,7 +155,7 @@ class DiscriminatorColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.DiscriminatorValue` annotation. + * A `@{javax,jakarta}.persistence.DiscriminatorValue` annotation. */ class DiscriminatorValueAnnotation extends Annotation { DiscriminatorValueAnnotation() { @@ -166,7 +164,7 @@ class DiscriminatorValueAnnotation extends Annotation { } /** - * A `@javax.persistence.ElementCollection` annotation. + * A `@{javax,jakarta}.persistence.ElementCollection` annotation. */ class ElementCollectionAnnotation extends Annotation { ElementCollectionAnnotation() { @@ -175,7 +173,7 @@ class ElementCollectionAnnotation extends Annotation { } /** - * A `@javax.persistence.Embeddable` annotation. + * A `@{javax,jakarta}.persistence.Embeddable` annotation. */ class EmbeddableAnnotation extends Annotation { EmbeddableAnnotation() { @@ -184,14 +182,14 @@ class EmbeddableAnnotation extends Annotation { } /** - * A `@javax.persistence.Embedded` annotation. + * A `@{javax,jakarta}.persistence.Embedded` annotation. */ class EmbeddedAnnotation extends Annotation { EmbeddedAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Embedded") } } /** - * A `@javax.persistence.EmbeddedId` annotation. + * A `@{javax,jakarta}.persistence.EmbeddedId` annotation. */ class EmbeddedIdAnnotation extends Annotation { EmbeddedIdAnnotation() { @@ -200,14 +198,14 @@ class EmbeddedIdAnnotation extends Annotation { } /** - * A `@javax.persistence.Entity` annotation. + * A `@{javax,jakarta}.persistence.Entity` annotation. */ class EntityAnnotation extends Annotation { EntityAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Entity") } } /** - * A `@javax.persistence.EntityListeners` annotation. + * A `@{javax,jakarta}.persistence.EntityListeners` annotation. */ class EntityListenersAnnotation extends Annotation { EntityListenersAnnotation() { @@ -216,7 +214,7 @@ class EntityListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.EntityResult` annotation. + * A `@{javax,jakarta}.persistence.EntityResult` annotation. */ class EntityResultAnnotation extends Annotation { EntityResultAnnotation() { @@ -225,7 +223,7 @@ class EntityResultAnnotation extends Annotation { } /** - * A `@javax.persistence.Enumerated` annotation. + * A `@{javax,jakarta}.persistence.Enumerated` annotation. */ class EnumeratedAnnotation extends Annotation { EnumeratedAnnotation() { @@ -234,7 +232,7 @@ class EnumeratedAnnotation extends Annotation { } /** - * A `@javax.persistence.ExcludeDefaultListeners` annotation. + * A `@{javax,jakarta}.persistence.ExcludeDefaultListeners` annotation. */ class ExcludeDefaultListenersAnnotation extends Annotation { ExcludeDefaultListenersAnnotation() { @@ -243,7 +241,7 @@ class ExcludeDefaultListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.ExcludeSuperclassListeners` annotation. + * A `@{javax,jakarta}.persistence.ExcludeSuperclassListeners` annotation. */ class ExcludeSuperclassListenersAnnotation extends Annotation { ExcludeSuperclassListenersAnnotation() { @@ -252,7 +250,7 @@ class ExcludeSuperclassListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.FieldResult` annotation. + * A `@{javax,jakarta}.persistence.FieldResult` annotation. */ class FieldResultAnnotation extends Annotation { FieldResultAnnotation() { @@ -261,7 +259,7 @@ class FieldResultAnnotation extends Annotation { } /** - * A `@javax.persistence.GeneratedValue` annotation. + * A `@{javax,jakarta}.persistence.GeneratedValue` annotation. */ class GeneratedValueAnnotation extends Annotation { GeneratedValueAnnotation() { @@ -270,21 +268,21 @@ class GeneratedValueAnnotation extends Annotation { } /** - * A `@javax.persistence.Id` annotation. + * A `@{javax,jakarta}.persistence.Id` annotation. */ class IdAnnotation extends Annotation { IdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Id") } } /** - * A `@javax.persistence.IdClass` annotation. + * A `@{javax,jakarta}.persistence.IdClass` annotation. */ class IdClassAnnotation extends Annotation { IdClassAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "IdClass") } } /** - * A `@javax.persistence.Inheritance` annotation. + * A `@{javax,jakarta}.persistence.Inheritance` annotation. */ class InheritanceAnnotation extends Annotation { InheritanceAnnotation() { @@ -293,7 +291,7 @@ class InheritanceAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinColumn` annotation. + * A `@{javax,jakarta}.persistence.JoinColumn` annotation. */ class JoinColumnAnnotation extends Annotation { JoinColumnAnnotation() { @@ -302,7 +300,7 @@ class JoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinColumns` annotation. + * A `@{javax,jakarta}.persistence.JoinColumns` annotation. */ class JoinColumnsAnnotation extends Annotation { JoinColumnsAnnotation() { @@ -311,7 +309,7 @@ class JoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinTable` annotation. + * A `@{javax,jakarta}.persistence.JoinTable` annotation. */ class JoinTableAnnotation extends Annotation { JoinTableAnnotation() { @@ -320,14 +318,14 @@ class JoinTableAnnotation extends Annotation { } /** - * A `@javax.persistence.Lob` annotation. + * A `@{javax,jakarta}.persistence.Lob` annotation. */ class LobAnnotation extends Annotation { LobAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Lob") } } /** - * A `@javax.persistence.ManyToMany` annotation. + * A `@{javax,jakarta}.persistence.ManyToMany` annotation. */ class ManyToManyAnnotation extends Annotation { ManyToManyAnnotation() { @@ -336,7 +334,7 @@ class ManyToManyAnnotation extends Annotation { } /** - * A `@javax.persistence.ManyToOne` annotation. + * A `@{javax,jakarta}.persistence.ManyToOne` annotation. */ class ManyToOneAnnotation extends Annotation { ManyToOneAnnotation() { @@ -345,14 +343,14 @@ class ManyToOneAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKey` annotation. + * A `@{javax,jakarta}.persistence.MapKey` annotation. */ class MapKeyAnnotation extends Annotation { MapKeyAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKey") } } /** - * A `@javax.persistence.MapKeyClass` annotation. + * A `@{javax,jakarta}.persistence.MapKeyClass` annotation. */ class MapKeyClassAnnotation extends Annotation { MapKeyClassAnnotation() { @@ -361,7 +359,7 @@ class MapKeyClassAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyColumn` annotation. + * A `@{javax,jakarta}.persistence.MapKeyColumn` annotation. */ class MapKeyColumnAnnotation extends Annotation { MapKeyColumnAnnotation() { @@ -370,7 +368,7 @@ class MapKeyColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyEnumerated` annotation. + * A `@{javax,jakarta}.persistence.MapKeyEnumerated` annotation. */ class MapKeyEnumeratedAnnotation extends Annotation { MapKeyEnumeratedAnnotation() { @@ -379,7 +377,7 @@ class MapKeyEnumeratedAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyJoinColumn` annotation. + * A `@{javax,jakarta}.persistence.MapKeyJoinColumn` annotation. */ class MapKeyJoinColumnAnnotation extends Annotation { MapKeyJoinColumnAnnotation() { @@ -388,7 +386,7 @@ class MapKeyJoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyJoinColumns` annotation. + * A `@{javax,jakarta}.persistence.MapKeyJoinColumns` annotation. */ class MapKeyJoinColumnsAnnotation extends Annotation { MapKeyJoinColumnsAnnotation() { @@ -397,7 +395,7 @@ class MapKeyJoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyTemporal` annotation. + * A `@{javax,jakarta}.persistence.MapKeyTemporal` annotation. */ class MapKeyTemporalAnnotation extends Annotation { MapKeyTemporalAnnotation() { @@ -406,7 +404,7 @@ class MapKeyTemporalAnnotation extends Annotation { } /** - * A `@javax.persistence.MappedSuperclass` annotation. + * A `@{javax,jakarta}.persistence.MappedSuperclass` annotation. */ class MappedSuperclassAnnotation extends Annotation { MappedSuperclassAnnotation() { @@ -415,14 +413,14 @@ class MappedSuperclassAnnotation extends Annotation { } /** - * A `@javax.persistence.MapsId` annotation. + * A `@{javax,jakarta}.persistence.MapsId` annotation. */ class MapsIdAnnotation extends Annotation { MapsIdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapsId") } } /** - * A `@javax.persistence.NamedNativeQueries` annotation. + * A `@{javax,jakarta}.persistence.NamedNativeQueries` annotation. */ class NamedNativeQueriesAnnotation extends Annotation { NamedNativeQueriesAnnotation() { @@ -431,7 +429,7 @@ class NamedNativeQueriesAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedNativeQuery` annotation. + * A `@{javax,jakarta}.persistence.NamedNativeQuery` annotation. */ class NamedNativeQueryAnnotation extends Annotation { NamedNativeQueryAnnotation() { @@ -440,7 +438,7 @@ class NamedNativeQueryAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedQueries` annotation. + * A `@{javax,jakarta}.persistence.NamedQueries` annotation. */ class NamedQueriesAnnotation extends Annotation { NamedQueriesAnnotation() { @@ -449,7 +447,7 @@ class NamedQueriesAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedQuery` annotation. + * A `@{javax,jakarta}.persistence.NamedQuery` annotation. */ class NamedQueryAnnotation extends Annotation { NamedQueryAnnotation() { @@ -458,7 +456,7 @@ class NamedQueryAnnotation extends Annotation { } /** - * A `@javax.persistence.OneToMany` annotation. + * A `@{javax,jakarta}.persistence.OneToMany` annotation. */ class OneToManyAnnotation extends Annotation { OneToManyAnnotation() { @@ -467,21 +465,21 @@ class OneToManyAnnotation extends Annotation { } /** - * A `@javax.persistence.OneToOne` annotation. + * A `@{javax,jakarta}.persistence.OneToOne` annotation. */ class OneToOneAnnotation extends Annotation { OneToOneAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToOne") } } /** - * A `@javax.persistence.OrderBy` annotation. + * A `@{javax,jakarta}.persistence.OrderBy` annotation. */ class OrderByAnnotation extends Annotation { OrderByAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderBy") } } /** - * A `@javax.persistence.OrderColumn` annotation. + * A `@{javax,jakarta}.persistence.OrderColumn` annotation. */ class OrderColumnAnnotation extends Annotation { OrderColumnAnnotation() { @@ -490,7 +488,7 @@ class OrderColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceContext` annotation. + * A `@{javax,jakarta}.persistence.PersistenceContext` annotation. */ class PersistenceContextAnnotation extends Annotation { PersistenceContextAnnotation() { @@ -499,7 +497,7 @@ class PersistenceContextAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceContexts` annotation. + * A `@{javax,jakarta}.persistence.PersistenceContexts` annotation. */ class PersistenceContextsAnnotation extends Annotation { PersistenceContextsAnnotation() { @@ -508,7 +506,7 @@ class PersistenceContextsAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceProperty` annotation. + * A `@{javax,jakarta}.persistence.PersistenceProperty` annotation. */ class PersistencePropertyAnnotation extends Annotation { PersistencePropertyAnnotation() { @@ -517,7 +515,7 @@ class PersistencePropertyAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceUnit` annotation. + * A `@{javax,jakarta}.persistence.PersistenceUnit` annotation. */ class PersistenceUnitAnnotation extends Annotation { PersistenceUnitAnnotation() { @@ -526,7 +524,7 @@ class PersistenceUnitAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceUnits` annotation. + * A `@{javax,jakarta}.persistence.PersistenceUnits` annotation. */ class PersistenceUnitsAnnotation extends Annotation { PersistenceUnitsAnnotation() { @@ -535,14 +533,14 @@ class PersistenceUnitsAnnotation extends Annotation { } /** - * A `@javax.persistence.PostLoad` annotation. + * A `@{javax,jakarta}.persistence.PostLoad` annotation. */ class PostLoadAnnotation extends Annotation { PostLoadAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "PostLoad") } } /** - * A `@javax.persistence.PostPersist` annotation. + * A `@{javax,jakarta}.persistence.PostPersist` annotation. */ class PostPersistAnnotation extends Annotation { PostPersistAnnotation() { @@ -551,7 +549,7 @@ class PostPersistAnnotation extends Annotation { } /** - * A `@javax.persistence.PostRemove` annotation. + * A `@{javax,jakarta}.persistence.PostRemove` annotation. */ class PostRemoveAnnotation extends Annotation { PostRemoveAnnotation() { @@ -560,7 +558,7 @@ class PostRemoveAnnotation extends Annotation { } /** - * A `@javax.persistence.PostUpdate` annotation. + * A `@{javax,jakarta}.persistence.PostUpdate` annotation. */ class PostUpdateAnnotation extends Annotation { PostUpdateAnnotation() { @@ -569,7 +567,7 @@ class PostUpdateAnnotation extends Annotation { } /** - * A `@javax.persistence.PrePersist` annotation. + * A `@{javax,jakarta}.persistence.PrePersist` annotation. */ class PrePersistAnnotation extends Annotation { PrePersistAnnotation() { @@ -578,7 +576,7 @@ class PrePersistAnnotation extends Annotation { } /** - * A `@javax.persistence.PreRemove` annotation. + * A `@{javax,jakarta}.persistence.PreRemove` annotation. */ class PreRemoveAnnotation extends Annotation { PreRemoveAnnotation() { @@ -587,7 +585,7 @@ class PreRemoveAnnotation extends Annotation { } /** - * A `@javax.persistence.PreUpdate` annotation. + * A `@{javax,jakarta}.persistence.PreUpdate` annotation. */ class PreUpdateAnnotation extends Annotation { PreUpdateAnnotation() { @@ -596,7 +594,7 @@ class PreUpdateAnnotation extends Annotation { } /** - * A `@javax.persistence.PrimaryKeyJoinColumn` annotation. + * A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumn` annotation. */ class PrimaryKeyJoinColumnAnnotation extends Annotation { PrimaryKeyJoinColumnAnnotation() { @@ -605,7 +603,7 @@ class PrimaryKeyJoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.PrimaryKeyJoinColumns` annotation. + * A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumns` annotation. */ class PrimaryKeyJoinColumnsAnnotation extends Annotation { PrimaryKeyJoinColumnsAnnotation() { @@ -614,7 +612,7 @@ class PrimaryKeyJoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.QueryHint` annotation. + * A `@{javax,jakarta}.persistence.QueryHint` annotation. */ class QueryHintAnnotation extends Annotation { QueryHintAnnotation() { @@ -623,7 +621,7 @@ class QueryHintAnnotation extends Annotation { } /** - * A `@javax.persistence.SecondaryTable` annotation. + * A `@{javax,jakarta}.persistence.SecondaryTable` annotation. */ class SecondaryTableAnnotation extends Annotation { SecondaryTableAnnotation() { @@ -632,7 +630,7 @@ class SecondaryTableAnnotation extends Annotation { } /** - * A `@javax.persistence.SecondaryTables` annotation. + * A `@{javax,jakarta}.persistence.SecondaryTables` annotation. */ class SecondaryTablesAnnotation extends Annotation { SecondaryTablesAnnotation() { @@ -641,7 +639,7 @@ class SecondaryTablesAnnotation extends Annotation { } /** - * A `@javax.persistence.SequenceGenerator` annotation. + * A `@{javax,jakarta}.persistence.SequenceGenerator` annotation. */ class SequenceGeneratorAnnotation extends Annotation { SequenceGeneratorAnnotation() { @@ -650,7 +648,7 @@ class SequenceGeneratorAnnotation extends Annotation { } /** - * A `@javax.persistence.SqlResultSetMapping` annotation. + * A `@{javax,jakarta}.persistence.SqlResultSetMapping` annotation. */ class SqlResultSetMappingAnnotation extends Annotation { SqlResultSetMappingAnnotation() { @@ -659,7 +657,7 @@ class SqlResultSetMappingAnnotation extends Annotation { } /** - * A `@javax.persistence.SqlResultSetMappings` annotation. + * A `@{javax,jakarta}.persistence.SqlResultSetMappings` annotation. */ class SqlResultSetMappingsAnnotation extends Annotation { SqlResultSetMappingsAnnotation() { @@ -668,14 +666,14 @@ class SqlResultSetMappingsAnnotation extends Annotation { } /** - * A `@javax.persistence.Table` annotation. + * A `@{javax,jakarta}.persistence.Table` annotation. */ class TableAnnotation extends Annotation { TableAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Table") } } /** - * A `@javax.persistence.TableGenerator` annotation. + * A `@{javax,jakarta}.persistence.TableGenerator` annotation. */ class TableGeneratorAnnotation extends Annotation { TableGeneratorAnnotation() { @@ -684,14 +682,14 @@ class TableGeneratorAnnotation extends Annotation { } /** - * A `@javax.persistence.Temporal` annotation. + * A `@{javax,jakarta}.persistence.Temporal` annotation. */ class TemporalAnnotation extends Annotation { TemporalAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Temporal") } } /** - * A `@javax.persistence.Transient` annotation. + * A `@{javax,jakarta}.persistence.Transient` annotation. */ class TransientAnnotation extends Annotation { TransientAnnotation() { @@ -700,7 +698,7 @@ class TransientAnnotation extends Annotation { } /** - * A `@javax.persistence.UniqueConstraint` annotation. + * A `@{javax,jakarta}.persistence.UniqueConstraint` annotation. */ class UniqueConstraintAnnotation extends Annotation { UniqueConstraintAnnotation() { @@ -709,7 +707,7 @@ class UniqueConstraintAnnotation extends Annotation { } /** - * A `@javax.persistence.Version` annotation. + * A `@{javax,jakarta}.persistence.Version` annotation. */ class VersionAnnotation extends Annotation { VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } From 20839745bdef8c13662321d96c33027234d62afb Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:49:56 +0100 Subject: [PATCH 134/409] Remove redundant import --- java/ql/lib/semmle/code/java/deadcode/DeadField.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index b1a990ac246f..2dcbb96f3b59 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -3,7 +3,6 @@ import semmle.code.java.deadcode.DeadCode import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.jackson.JacksonSerializability -import semmle.code.java.frameworks.javaee.Persistence /** * A field that is from a source file. From 5d37ccfa9046e1d26659209bc99ee367994bd3d0 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:51:29 +0100 Subject: [PATCH 135/409] Change note --- java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md diff --git a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md new file mode 100644 index 000000000000..0a5759ec3dbc --- /dev/null +++ b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. From 3c555fce112a1b699255dfd26aace94407e25c00 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 17:12:35 +0100 Subject: [PATCH 136/409] Add basic test for SQL injection vs Jakarta Persistence --- .../CWE-089/semmle/examples/JakartaPersistence.java | 13 +++++++++++++ .../security/CWE-089/semmle/examples/options | 2 +- .../jakarta/persistence/EntityManager.java | 7 +++++++ .../jakarta/persistence/Query.java | 7 +++++++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java create mode 100644 java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java create mode 100644 java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java new file mode 100644 index 000000000000..0327a75cf778 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java @@ -0,0 +1,13 @@ +import jakarta.persistence.EntityManager; + +public class JakartaPersistence { + + public static String source() { return null; } + + public static void test(EntityManager entityManager) { + + entityManager.createNativeQuery(source()); // $ sqlInjection + + } + +} diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options index 832af0f3423c..0252ff61ad38 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive --release 21 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21 diff --git a/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java new file mode 100644 index 000000000000..3adc0fdd41e3 --- /dev/null +++ b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java @@ -0,0 +1,7 @@ +package jakarta.persistence; + +public interface EntityManager extends AutoCloseable { + + Query createNativeQuery(String sqlString); + +} diff --git a/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java new file mode 100644 index 000000000000..1bf5197b5c85 --- /dev/null +++ b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java @@ -0,0 +1,7 @@ +package jakarta.persistence; + +public interface Query { + + int executeUpdate(); + +} From 1d7dac485eb0a15aa88d8d5bcb032ae54b0fbff9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Apr 2025 17:40:34 +0100 Subject: [PATCH 137/409] Rust: switch the query to taint flow so that we get taint through conversions (without needing a special case). --- .../AccessInvalidPointerExtensions.qll | 14 -------- .../security/CWE-825/AccessInvalidPointer.ql | 3 +- .../CWE-825/AccessInvalidPointer.expected | 35 ++++++++++--------- .../security/CWE-825/deallocation.rs | 2 +- 4 files changed, 22 insertions(+), 32 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 360a66e402c0..377886092117 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -46,20 +46,6 @@ module AccessInvalidPointer { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } } - /** - * A pointer invalidation from an argument of a modeled call (this is a workaround). - */ - private class ModelsAsDataArgumentSource extends Source { - ModelsAsDataArgumentSource() { - exists(DataFlow::Node n, CallExpr ce, Expr arg | - sourceNode(n, "pointer-invalidate") and - n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and - arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr().getParentNode+() = arg - ) - } - } - /** * A pointer access using the unary `*` operator. */ diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index 1d84fffe1ee0..d0a13b9ddb14 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -14,6 +14,7 @@ import rust import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking import codeql.rust.security.AccessInvalidPointerExtensions import AccessInvalidPointerFlow::PathGraph @@ -33,7 +34,7 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig { } } -module AccessInvalidPointerFlow = DataFlow::Global; +module AccessInvalidPointerFlow = TaintTracking::Global; from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 9479cffc7f5e..7bccaa02f635 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -3,17 +3,16 @@ | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:14:112:19 | my_ptr | invalid | +| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:3:112:12 | ...::free | invalid | | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:189:29:189:30 | p3 | invalid | | deallocation.rs:248:18:248:20 | ptr | deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:248:18:248:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:242:3:242:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | @@ -23,13 +22,15 @@ edges | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | | deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:33:95:34 | m2 | provenance | | +| deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:70:23:70:35 | [post] m2 as ... | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:76:16:76:17 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:81:16:81:17 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:90:7:90:8 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:95:33:95:34 | m2 | provenance | | | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | +| deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:112:14:112:40 | [post] my_ptr as ... | provenance | Src:MaD:8 MaD:8 | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | deallocation.rs:115:13:115:18 | my_ptr | provenance | | | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:4 MaD:4 | | deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | @@ -51,6 +52,7 @@ models | 5 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | | 6 | Source: lang:core; crate::ptr::drop_in_place; pointer-invalidate; Argument[0] | | 7 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 8 | Source: repo:https://github.com/rust-lang/libc:libc; ::free; pointer-invalidate; Argument[0] | nodes | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | @@ -60,14 +62,16 @@ nodes | deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | | deallocation.rs:49:5:49:25 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:49:27:49:28 | m1 | semmle.label | m1 | -| deallocation.rs:70:23:70:24 | m2 | semmle.label | m2 | +| deallocation.rs:70:3:70:21 | ...::dealloc | semmle.label | ...::dealloc | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | semmle.label | [post] m2 as ... | | deallocation.rs:76:16:76:17 | m2 | semmle.label | m2 | | deallocation.rs:81:16:81:17 | m2 | semmle.label | m2 | | deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | | deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 | | deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 | -| deallocation.rs:112:14:112:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:112:3:112:12 | ...::free | semmle.label | ...::free | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | semmle.label | [post] my_ptr as ... | | deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr | | deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 | | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling | @@ -84,7 +88,6 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:189:29:189:30 | p3 | semmle.label | p3 | | deallocation.rs:242:3:242:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:242:27:242:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:248:18:248:20 | ptr | semmle.label | ptr | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index dde42aa9414b..361f938e02c4 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -186,7 +186,7 @@ pub fn test_ptr_drop(mode: i32) { } let p3 = std::alloc::alloc(layout) as *mut Vec; - std::ptr::drop_in_place((*p3).as_mut_ptr()); // $ SPURIOUS: Alert[rust/access-invalid-pointer] + std::ptr::drop_in_place((*p3).as_mut_ptr()); // GOOD } } From 00bb9056c2a36563f85a1f7c154657a289ddc3b0 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Tue, 1 Apr 2025 15:42:36 -0500 Subject: [PATCH 138/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index 4c3f5b8814fe..e45d88ffab56 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -180,7 +180,7 @@ There are also more specific `@tags` that can be added. See, the following pages Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. -TODO: should we have a severity value for quality queries? +We will use the `problem.severity` attribute to handle the severity for quality-related queries. ### Metric/summary `@tags` From 74587f0d646ec0fbc464adddf3ec689bddd22c3f Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Tue, 1 Apr 2025 18:47:52 -0500 Subject: [PATCH 139/409] Update ExprHasNoEffect.ql adding quality tags per metadata styleguide --- javascript/ql/src/Expressions/ExprHasNoEffect.ql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.ql b/javascript/ql/src/Expressions/ExprHasNoEffect.ql index f0cd3addcb62..197564244afa 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.ql +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.ql @@ -5,10 +5,12 @@ * @kind problem * @problem.severity warning * @id js/useless-expression - * @tags maintainability + * @tags quality +* maintainability * correctness * external/cwe/cwe-480 * external/cwe/cwe-561 + * useless-code * @precision very-high */ From 09de7cfe4d7128076d21ca5fc16df760701676a0 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 17:01:47 -0700 Subject: [PATCH 140/409] Docs: Add GitHub Actions as a supported language Include GitHub Actions (identifier `actions`) everywhere we list supported languages, query packs, and library packs. Query and library documentation link targets do not exist yet. --- docs/codeql/codeql-overview/codeql-tools.rst | 2 ++ .../reusables/actions-further-reading.rst | 2 ++ docs/codeql/reusables/extractors.rst | 2 ++ docs/codeql/reusables/supported-frameworks.rst | 17 +++++++++++++++++ .../reusables/supported-versions-compilers.rst | 2 ++ .../about-codeql-queries.rst | 1 + docs/query-help-style-guide.md | 7 +++++-- docs/query-metadata-style-guide.md | 5 ++++- 8 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 docs/codeql/reusables/actions-further-reading.rst diff --git a/docs/codeql/codeql-overview/codeql-tools.rst b/docs/codeql/codeql-overview/codeql-tools.rst index f3d37880ab65..ada1a75689ed 100644 --- a/docs/codeql/codeql-overview/codeql-tools.rst +++ b/docs/codeql/codeql-overview/codeql-tools.rst @@ -23,6 +23,8 @@ The standard CodeQL query and library packs (`source `__) maintained by GitHub are: +- ``codeql/actions-queries`` (`changelog `__, `source `__) +- ``codeql/actions-all`` (`changelog `__, `source `__) - ``codeql/cpp-queries`` (`changelog `__, `source `__) - ``codeql/cpp-all`` (`changelog `__, `source `__) - ``codeql/csharp-queries`` (`changelog `__, `source `__) diff --git a/docs/codeql/reusables/actions-further-reading.rst b/docs/codeql/reusables/actions-further-reading.rst new file mode 100644 index 000000000000..03fe948a1cd6 --- /dev/null +++ b/docs/codeql/reusables/actions-further-reading.rst @@ -0,0 +1,2 @@ +- `CodeQL queries for GitHub Actions `__ +- `CodeQL library reference for GitHub Actions `__ diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index bfcd7571cb76..30ccef6e4654 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -4,6 +4,8 @@ * - Language - Identifier + * - GitHub Actions + - ``actions`` * - C/C++ - ``cpp`` * - C# diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 68ce952f70f3..e6bf21a20ff5 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -40,6 +40,23 @@ and the CodeQL library pack ``codeql/csharp-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/actions-all`` (`changelog `__, `source `__). + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + :align: left + + Name, Category + `GitHub Actions workflow YAML files `, Workflows + `GitHub Actions action metadata YAML files `, Actions + Go built-in support ================================ diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 92821d9556f7..a1d655565803 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -16,6 +16,7 @@ .NET Core up to 3.1 .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" + GitHub Actions [12]_,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``action.yml``, ``action.yaml``" Go (aka Golang), "Go up to 1.24", "Go 1.11 or more recent", ``.go`` Java,"Java 7 to 24 [5]_","javac (OpenJDK and Oracle JDK), @@ -40,3 +41,4 @@ .. [9] Requires glibc 2.17. .. [10] Support for the analysis of Swift requires macOS. .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. + .. [12] Support for GitHub Actions is in public preview. diff --git a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst index 6d263b80303b..f4e60b513c9a 100644 --- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst @@ -74,6 +74,7 @@ When writing your own alert queries, you would typically import the standard lib - :ref:`CodeQL library guide for C and C++ ` - :ref:`CodeQL library guide for C# ` - :ref:`CodeQL library guide for Go ` +- :ref:`CodeQL library guide for GitHub Actions ` - :ref:`CodeQL library guide for Java and Kotlin ` - :ref:`CodeQL library guide for JavaScript ` - :ref:`CodeQL library guide for Python ` diff --git a/docs/query-help-style-guide.md b/docs/query-help-style-guide.md index 143d9f4b8218..88b9844fc224 100644 --- a/docs/query-help-style-guide.md +++ b/docs/query-help-style-guide.md @@ -7,9 +7,12 @@ When you contribute a new [supported query](supported-queries.md) to this reposi * [C/C++ queries](https://codeql.github.com/codeql-query-help/cpp/) * [C# queries](https://codeql.github.com/codeql-query-help/csharp/) * [Go queries](https://codeql.github.com/codeql-query-help/go/) -* [Java queries](https://codeql.github.com/codeql-query-help/java/) -* [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) +* [GitHub Actions queries](https://codeql.github.com/codeql-query-help/actions/) +* [Java/Kotlin queries](https://codeql.github.com/codeql-query-help/java/) +* [JavaScript/TypeScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +* [Ruby queries](https://codeql.github.com/codeql-query-help/ruby/) +* [Swift queries](https://codeql.github.com/codeql-query-help/swift/) ### Location and file name diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index ff478340b101..f5f2143d8be4 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -19,10 +19,13 @@ For examples of query files for the languages supported by CodeQL, visit the fol * [C/C++ queries](https://codeql.github.com/codeql-query-help/cpp/) * [C# queries](https://codeql.github.com/codeql-query-help/csharp/) +* [GitHub Actions queries](https://codeql.github.com/codeql-query-help/actions/) * [Go queries](https://codeql.github.com/codeql-query-help/go/) -* [Java queries](https://codeql.github.com/codeql-query-help/java/) +* [Java/Kotlin queries](https://codeql.github.com/codeql-query-help/java/) * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +* [Ruby queries](https://codeql.github.com/codeql-query-help/ruby/) +* [Swift queries](https://codeql.github.com/codeql-query-help/swift/) ## Metadata area From f6442d20db6f37ee24f4580ce4656521e275c0cc Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 17:09:03 -0700 Subject: [PATCH 141/409] Docs: Add Actions pages for CWE coverage --- docs/codeql/query-help/codeql-cwe-coverage.rst | 1 + docs/codeql/query-help/index.rst | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst index ab78764e6aab..6236289a9ab5 100644 --- a/docs/codeql/query-help/codeql-cwe-coverage.rst +++ b/docs/codeql/query-help/codeql-cwe-coverage.rst @@ -27,6 +27,7 @@ Note that the CWE coverage includes both "`supported queries ` - :doc:`CodeQL query help for C# ` +- :doc:`CodeQL query help for GitHub Actions ` - :doc:`CodeQL query help for Go ` - :doc:`CodeQL query help for Java and Kotlin ` - :doc:`CodeQL query help for JavaScript and TypeScript ` @@ -28,6 +29,7 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove :hidden: :titlesonly: + actions cpp csharp go From f379f23216d391873f675edeeed667c8a674ea42 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 00:22:37 +0000 Subject: [PATCH 142/409] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 14 +++++++------- csharp/documentation/library-coverage/coverage.rst | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index 8ec9be900605..2d786f62d6ef 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -8,20 +8,20 @@ ILLink.Shared,,,37,,,,,,,,,,,,,,,,,,,11,26 ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1 Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26 Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7 -Internal.TypeSystem,,,345,,,,,,,,,,,,,,,,,,,205,140 +Internal.TypeSystem,,,342,,,,,,,,,,,,,,,,,,,205,137 Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,, Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1 Microsoft.AspNetCore.Http,,,1,,,,,,,,,,,,,,,,,,,1, Microsoft.AspNetCore.Mvc,,,2,,,,,,,,,,,,,,,,,,,,2 Microsoft.AspNetCore.WebUtilities,,,2,,,,,,,,,,,,,,,,,,,2, Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2, -Microsoft.Diagnostics.Tools.Pgo,,,23,,,,,,,,,,,,,,,,,,,,23 +Microsoft.Diagnostics.Tools.Pgo,,,21,,,,,,,,,,,,,,,,,,,,21 Microsoft.DotNet.Build.Tasks,,,11,,,,,,,,,,,,,,,,,,,9,2 Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1, Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12 Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3 Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32 -Microsoft.Extensions.Configuration,,3,123,,,,,,,,,,,,,3,,,,,,40,83 +Microsoft.Extensions.Configuration,,3,118,,,,,,,,,,,,,3,,,,,,41,77 Microsoft.Extensions.DependencyInjection,,,209,,,,,,,,,,,,,,,,,,,15,194 Microsoft.Extensions.DependencyModel,,1,57,,,,,,,,,,,,,1,,,,,,13,44 Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13 @@ -31,16 +31,16 @@ Microsoft.Extensions.Hosting,,,61,,,,,,,,,,,,,,,,,,,29,32 Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2 Microsoft.Extensions.Logging,,,107,,,,,,,,,,,,,,,,,,,26,81 Microsoft.Extensions.Options,,,174,,,,,,,,,,,,,,,,,,,48,126 -Microsoft.Extensions.Primitives,,,76,,,,,,,,,,,,,,,,,,,67,9 +Microsoft.Extensions.Primitives,,,75,,,,,,,,,,,,,,,,,,,68,7 Microsoft.Interop,,,216,,,,,,,,,,,,,,,,,,,71,145 Microsoft.JSInterop,2,,,,,,,,,,2,,,,,,,,,,,, Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2 -Microsoft.VisualBasic,,,13,,,,,,,,,,,,,,,,,,,1,12 +Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5 Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2 -Mono.Linker,,,280,,,,,,,,,,,,,,,,,,,129,151 +Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,130,148 MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7, SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5 -System,54,47,12255,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5955,6300 +System,54,47,12111,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5993,6118 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,, diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst index 64adc5839430..a7c9f8bc54cd 100644 --- a/csharp/documentation/library-coverage/coverage.rst +++ b/csharp/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ C# framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting` `ServiceStack `_,"``ServiceStack.*``, ``ServiceStack``",,7,194, - System,"``System.*``, ``System``",47,12255,54,5 - Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4 - Totals,,107,14534,400,9 + System,"``System.*``, ``System``",47,12111,54,5 + Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2252,152,4 + Totals,,107,14370,400,9 From a1ceaa0aa32f0452a2eb6e36a1c0dfa6c19735a6 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:02:46 -0700 Subject: [PATCH 143/409] Docs: Add initial library docs for Actions Create the basic structure, state the key importable libraries. Describe a workflow. State the extensible predicates available. Other elements are to be filled in later. --- .../codeql-library-for-actions.rst | 139 ++++++++++++++++++ ...customizing-library-models-for-actions.rst | 46 ++++++ 2 files changed, 185 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/codeql-library-for-actions.rst create mode 100644 docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst new file mode 100644 index 000000000000..3d31d5e1d233 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -0,0 +1,139 @@ +.. _codeql-library-for-actions: + +CodeQL library for GitHub Actions +======================= + +When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. + +Overview +-------- + +CodeQL ships with an extensive library for analyzing GitHub Actions code, particularly GitHub Actions workflow files and Action metadata files, each written in YAML. +The classes in this library present the data from a CodeQL database in an object-oriented form and provide abstractions and predicates +to help you with common analysis tasks. + +The library is implemented as a set of CodeQL modules, that is, files with the extension ``.qll``. The +module `actions.qll `__ imports most other standard library modules, so you can include the complete +library by beginning your query with: + +.. code-block:: ql + + import actions + +The CodeQL libraries model various aspects of the YAML code used to define workflows and actions. +The above import includes the abstract syntax tree (AST) library, which is used for locating program elements, to match syntactic +elements in the YAML source code. This can be used to find values, patterns and structures. +Both the underlying YAML elements and the GitHub Actions-specific meaning of those elements are modeled. + +See the GitHub Actions documentation on `workflow syntax `__ and `metadata syntax `__ for more information on GitHub Actions YAML syntax and meaning. + +The control flow graph (CFG) is imported using + +.. code-block:: ql + + import codeql.actions.Cfg + +The CFG models the control flow between statements and expressions, for example whether one expression can +be evaluated before another expression, or whether an expression "dominates" another one, meaning that all paths to an +expression must flow through another expression first. + +The data flow library is imported using + +.. code-block:: ql + + import codeql.actions.DataFlow + +Data flow tracks the flow of data through the program, including through function calls (interprocedural data flow) and between steps in a job or workflow. +Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program +to exploit it. Related to data flow, is the taint-tracking library, which finds how data can *influence* other values +in a program, even when it is not copied exactly. + +To summarize, the main GitHub Actions library modules are: + +.. list-table:: Main GitHub Actions library modules + :header-rows: 1 + + * - Import + - Description + * - ``actions`` + - The standard GitHub Actions library + * - ``codeql.actions.Ast`` + - The abstract syntax tree library (also imported by `actions.qll`) + * - ``codeql.actions.Cfg`` + - The control flow graph library + * - ``codeql.actions.DataFlow`` + - The data flow library + * - ``codeql.actions.TaintTracking`` + - The taint tracking library + +The CodeQL examples in this article are only excerpts and are not meant to represent complete queries. + +Abstract syntax +--------------- + +The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer `__ +in Visual Studio Code shows the AST nodes, including the relevant CodeQL classes and predicates. + +All CodeQL AST classes inherit from the `AstNode` class, which provides the following member predicates +to all AST classes: + +.. list-table:: Main predicates in ``AstNode`` + :header-rows: 1 + + * - Predicate + - Description + * - ``getEnclosingWorkflow()`` + - Gets the enclosing Actions workflow, if any. Applies only to elements within a workflow. + * - ``getEnclosingJob()`` + - Gets the enclosing Actions workflow job, if any. Applies only to elements within a workflow. + * - ``getEnclosingStep()`` + - Gets the enclosing Actions workflow job step, if any. + * - ``getEnclosingCompositeAction()`` + - Gets the enclosing composite action, if any. Applies only to elements within an action metadata file. + * - ``getLocation()`` + - Gets the location of this node. + * - ``getAChildNode()`` + - Gets a child node of this node. + * - ``getParentNode()`` + - Gets the parent of this `AstNode`, if this node is not a root node. + * - ``getATriggerEvent()`` + - Gets an Actions trigger event that can start the enclosing Actions workflow, if any. + + +Workflows +~~~~~~~ + +A workflow is a configurable automated process made up of one or more jobs, +defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. + +In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file. + +See the GitHub Actions documentation on `workflows `__ and `workflow syntax `__ for more information. + +.. list-table:: Callable classes + :header-rows: 1 + + * - CodeQL class + - Description and selected predicates + * - ``Workflow`` + - An Actions workflow. This is a mapping at the top level of an Actions YAML workflow file. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. + + On getOn() { result = super.getOn() } + + - `getAJob()` - Gets a job within the `jobs` mapping of this workflow. + - `getEnv()` - Gets an `env` mapping within this workflow declaring workflow-level environment variables, if any. + - `getJob(string jobId)` - Gets a job within the `jobs` mapping of this workflow with the given job ID. + - `getOn()` - Gets the `on` mapping defining the events that trigger this workflow. + - `getPermissions()` - Gets a `permissions` mapping within this workflow declaring workflow-level token permissions, if any. + - `getStrategy()` - Gets a `strategy` mapping for the jobs in this workflow, if any. + - `getName()` - Gets the name of this workflow, if defined within the workflow. + +The following example lists all jobs in a workflow with the name declaration `name: test`: + +.. code-block:: ql + + import actions + + from Workflow w + where w.getName() = "test" + select w, m.getAJob() diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst new file mode 100644 index 000000000000..40bee7079b5e --- /dev/null +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst @@ -0,0 +1,46 @@ +.. _customizing-library-models-for-actions: + +Customizing Library Models for GitHub Actions +========================================= + +.. include:: ../reusables/beta-note-customizing-library-models.rst + +GitHub Actions analysis can be customized by adding library models in data extension files. + +A data extension for GitHub Actions is a YAML file of the form: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/actions-all + extensible: + data: + - + - + - ... + +The CodeQL library for GitHub Actions exposes the following extensible predicates: + +Customizing data flow and taint tracking: + +- **actionsSourceModel**\(action, version, output, kind, provenance) +- **actionsSinkModel**\(action, version, input, kind, provenance) +- **actionsSummaryModel**\(action, version, input, output, kind, provenance) + +Customizing Actions-specific analysis: + +- **argumentInjectionSinksDataModel**\(regexp, command_group, argument_group) +- **contextTriggerDataModel**\(trigger, context_prefix) +- **externallyTriggerableEventsDataModel**\(event) +- **immutableActionsDataModel**\(action) +- **poisonableActionsDataModel**\(action) +- **poisonableCommandsDataModel**\(regexp) +- **poisonableLocalScriptsDataModel**\(regexp, group) +- **repositoryDataModel**\(visibility, default_branch_name) +- **trustedActionsOwnerDataModel**\(owner) +- **untrustedEventPropertiesDataModel**\(property, kind) +- **untrustedGhCommandDataModel**\(cmd_regex, flag) +- **untrustedGitCommandDataModel**\(cmd_regex, flag) +- **vulnerableActionsDataModel**\(action, vulnerable_version, vulnerable_sha, fixed_version) +- **workflowDataModel**\(path, trigger, job, secrets_source, permissions, runner) \ No newline at end of file From 9db5cdf957fda415afafa900fee517e1e2a89489 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:03:59 -0700 Subject: [PATCH 144/409] Docs: Add query help page placeholders for Actions --- docs/codeql/query-help/actions-cwe.md | 8 ++++++++ docs/codeql/query-help/actions.rst | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 docs/codeql/query-help/actions-cwe.md create mode 100644 docs/codeql/query-help/actions.rst diff --git a/docs/codeql/query-help/actions-cwe.md b/docs/codeql/query-help/actions-cwe.md new file mode 100644 index 000000000000..d594e0e76c4c --- /dev/null +++ b/docs/codeql/query-help/actions-cwe.md @@ -0,0 +1,8 @@ +# CWE coverage for GitHub Actions + +An overview of CWE coverage for GitHub Actions in the latest release of CodeQL. + +## Overview + + + diff --git a/docs/codeql/query-help/actions.rst b/docs/codeql/query-help/actions.rst new file mode 100644 index 000000000000..38debf918190 --- /dev/null +++ b/docs/codeql/query-help/actions.rst @@ -0,0 +1,8 @@ +CodeQL query help for GitHub Actions +============================ + +.. include:: ../reusables/query-help-overview.rst + +These queries are published in the CodeQL query pack ``codeql/actions-queries`` (`changelog `__, `source `__). + +.. include:: toc-actions.rst From 3b8c4d970ff293d40e70bd41700cc8915c0e2530 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:07:34 -0700 Subject: [PATCH 145/409] Docs: Remove spurious predicate reference --- .../codeql-language-guides/codeql-library-for-actions.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 3d31d5e1d233..52baa1ed51e9 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -117,9 +117,6 @@ See the GitHub Actions documentation on `workflows Date: Wed, 2 Apr 2025 08:43:29 +0200 Subject: [PATCH 146/409] Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- actions/ql/lib/codeql/actions/config/Config.qll | 4 ++-- actions/ql/lib/codeql/actions/config/ConfigExtensions.qll | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/actions/ql/lib/codeql/actions/config/Config.qll b/actions/ql/lib/codeql/actions/config/Config.qll index e55d36f1bab8..e6359c142582 100644 --- a/actions/ql/lib/codeql/actions/config/Config.qll +++ b/actions/ql/lib/codeql/actions/config/Config.qll @@ -158,8 +158,8 @@ predicate untrustedGhCommandDataModel(string cmd_regex, string flag) { /** * MaD models for permissions needed by actions * Fields: - * - action: action name - * - permission: permission name + * - action: action name, e.g. `actions/checkout` + * - permission: permission name, e.g. `contents: read` */ predicate actionsPermissionsDataModel(string action, string permission) { Extensions::actionsPermissionsDataModel(action, permission) diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index 906cabbd27d1..87a919359404 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -85,5 +85,6 @@ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); * - `permission` is of the form `scope-name: read|write`, for example `contents: read`. * - see https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions * for an example of recommended permissions. + * - see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token for documentation of token permissions. */ extensible predicate actionsPermissionsDataModel(string action, string permission); From c18529086af3b0f0c4a1452944a9cf338564a734 Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 2 Apr 2025 08:50:05 +0200 Subject: [PATCH 147/409] actions: add change note --- .../change-notes/2025-02-04-suggest-actions-permissions.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md diff --git a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md new file mode 100644 index 000000000000..c775b70274fb --- /dev/null +++ b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. \ No newline at end of file From 1d81c77fcdc01e30f86bc8dd5209ae88a6b9ad17 Mon Sep 17 00:00:00 2001 From: Ian Roof Date: Thu, 26 Sep 2024 16:56:41 -0400 Subject: [PATCH 148/409] C#: Enhanced LogForgingQuery to treat C# Enums as simple types. --- .../code/csharp/security/Sanitizers.qll | 3 +- .../2024-09-18-csharp-log-forging-enum.md | 4 ++ .../CWE-117/LogForgingSimpleTypes.cs | 46 +++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 2a456b14c684..c356014432a2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,7 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct + t instanceof SystemDateTimeStruct or + t instanceof Enum ) } } diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md new file mode 100644 index 000000000000..5c0dc208ac82 --- /dev/null +++ b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs new file mode 100644 index 000000000000..32c746abc0c5 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs @@ -0,0 +1,46 @@ +using System; +using System.Diagnostics; +using System.IO; +using System.Net; +using System.Web; +using Microsoft.Extensions.Logging; + +class ILogger +{ + public void Warn(string message) { } +} + +enum TestEnum +{ + TestEnumValue +} + +public class LogForgingSimpleTypes +{ + public void Execute(HttpContext ctx) + { + // GOOD: int + logger.Warn("Logging simple type (int):" 1); + + // GOOD: long + logger.Warn("Logging simple type (int):" 1L); + + // GOOD: float + logger.Warn("Logging simple type (float):" 1.1); + + // GOOD: double + logger.Warn("Logging simple type (double):" 1.1d); + + // GOOD: decimal + logger.Warn("Logging simple type (double):" 1.1m); + + // GOOD: Enum + logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); + + // GOOD: DateTime + logger.Warn("Logging simple type (int):" new DateTime()); + + // GOOD: DateTimeOffset + logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); + } +} From 48db2b9315f4eb2ab29f711881f52bfbbe4847ea Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 10:12:16 +0200 Subject: [PATCH 149/409] JS: Add test --- .../ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js new file mode 100644 index 000000000000..51adf27b6d3c --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js @@ -0,0 +1,5 @@ +function t1() { + const elm = document.getElementById("foo"); + const e2 = elm.getElementsByTagName("bar")[0]; + e2.innerHTML = window.name; // $ MISSING: Alert +} From 46f88e7ce765db957f20a7396dca18797e094747 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 09:50:09 +0200 Subject: [PATCH 150/409] JS: Updates to DOM model --- javascript/ql/lib/semmle/javascript/DOM.qll | 6 ++++-- .../query-tests/Security/CWE-079/DomBasedXss/Xss.expected | 2 ++ .../CWE-079/DomBasedXss/XssWithAdditionalSources.expected | 1 + .../ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/DOM.qll b/javascript/ql/lib/semmle/javascript/DOM.qll index 50a529b4a53a..21854c1a9d0e 100644 --- a/javascript/ql/lib/semmle/javascript/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/DOM.qll @@ -247,7 +247,7 @@ module DOM { ] | ( - result = documentRef().getAMethodCall(collectionName) or + result = domValueRef().getAMethodCall(collectionName) or result = DataFlow::globalVarRef(collectionName).getACall() ) ) @@ -441,10 +441,12 @@ module DOM { DataFlow::SourceNode domValueRef() { result = domValueRef(DataFlow::TypeTracker::end()) or - result.hasUnderlyingType("Element") + result.hasUnderlyingType(["Element", "HTMLCollection", "HTMLCollectionOf"]) or result.hasUnderlyingType(any(string s | s.matches("HTML%Element"))) or + result = documentRef() + or exists(DataFlow::ClassNode cls | cls.getASuperClassNode().getALocalSource() = DataFlow::globalVarRef(any(string s | s.matches("HTML%Element"))) and diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index 7de1561f79e8..6ba8ab703bff 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -53,6 +53,7 @@ | dates.js:57:31:57:101 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:57:31:57:101 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | | dates.js:59:31:59:87 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:59:31:59:87 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | | dates.js:61:31:61:88 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:61:31:61:88 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | +| dom.js:4:20:4:30 | window.name | dom.js:4:20:4:30 | window.name | dom.js:4:20:4:30 | window.name | Cross-site scripting vulnerability due to $@. | dom.js:4:20:4:30 | window.name | user-provided value | | dragAndDrop.ts:15:25:15:28 | html | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | user-provided value | | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | user-provided value | | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | user-provided value | @@ -937,6 +938,7 @@ nodes | dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | | dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | semmle.label | taint | +| dom.js:4:20:4:30 | window.name | semmle.label | window.name | | dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | | dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected index eb961fc83dbf..7780ae82dc4d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected @@ -138,6 +138,7 @@ nodes | dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | | dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | semmle.label | taint | +| dom.js:4:20:4:30 | window.name | semmle.label | window.name | | dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | | dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js index 51adf27b6d3c..cf4f0bb3fbe2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js @@ -1,5 +1,5 @@ function t1() { const elm = document.getElementById("foo"); const e2 = elm.getElementsByTagName("bar")[0]; - e2.innerHTML = window.name; // $ MISSING: Alert + e2.innerHTML = window.name; // $ Alert } From 78b25388ca8dcf3013b357b343ec6d365f45575f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 09:51:24 +0200 Subject: [PATCH 151/409] JS: Protect against bad join in BadRandomness This code resulted in bad join orders in response to certain library changes. The actual library changes have to be split into smaller pieces but I'd like to ensure I don't run into the bad join again. --- .../ql/src/Security/CWE-327/BadRandomness.ql | 32 ++++++++----------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/javascript/ql/src/Security/CWE-327/BadRandomness.ql b/javascript/ql/src/Security/CWE-327/BadRandomness.ql index dd6de6cc1c01..5de0f9b3dfd9 100644 --- a/javascript/ql/src/Security/CWE-327/BadRandomness.ql +++ b/javascript/ql/src/Security/CWE-327/BadRandomness.ql @@ -30,30 +30,26 @@ private int powerOfTwo() { * Gets a node that has value 2^n for some n. */ private DataFlow::Node isPowerOfTwo() { - exists(DataFlow::Node prev | - prev.getIntValue() = powerOfTwo() - or - // Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000 - prev.asExpr().(NumberLiteral).getValue() = - ["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"] - | - result = prev.getASuccessor*() - ) + result.getIntValue() = powerOfTwo() + or + // Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000 + result.asExpr().(NumberLiteral).getValue() = + ["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"] + or + result = isPowerOfTwo().getASuccessor() } /** * Gets a node that has value (2^n)-1 for some n. */ private DataFlow::Node isPowerOfTwoMinusOne() { - exists(DataFlow::Node prev | - prev.getIntValue() = powerOfTwo() - 1 - or - // Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff - prev.asExpr().(NumberLiteral).getValue() = - ["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"] - | - result = prev.getASuccessor*() - ) + result.getIntValue() = powerOfTwo() - 1 + or + // Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff + result.asExpr().(NumberLiteral).getValue() = + ["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"] + or + result = isPowerOfTwoMinusOne().getASuccessor() } /** From efdb4a6d82845fe0ef1ccaaf6cda4ac2d1bcdcd1 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 27 Mar 2025 10:11:11 +0000 Subject: [PATCH 152/409] Use global dataflow for loop variable capture --- .../ql/src/Variables/LoopVariableCapture.ql | 66 ++++++++++++------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index e4ccd73e5e1c..16130d5d50f5 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -10,38 +10,60 @@ */ import python +import semmle.python.dataflow.new.DataFlow -// Gets the scope of the iteration variable of the looping scope -Scope iteration_variable_scope(AstNode loop) { - result = loop.(For).getScope() - or - result = loop.(Comp).getFunction() +abstract class Loop extends AstNode { + abstract Variable getALoopVariable(); } -predicate capturing_looping_construct(CallableExpr capturing, AstNode loop, Variable var) { - var.getScope() = iteration_variable_scope(loop) and +class ForLoop extends Loop, For { + override Variable getALoopVariable() { + this.getTarget() = result.getAnAccess().getParentNode*() and + result.getScope() = this.getScope() + } +} + +predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { var.getAnAccess().getScope() = capturing.getInnerScope() and capturing.getParentNode+() = loop and - ( - loop.(For).getTarget() = var.getAnAccess() - or - var = loop.(Comp).getAnIterationVariable() - ) + var = loop.getALoopVariable() } -predicate escaping_capturing_looping_construct(CallableExpr capturing, AstNode loop, Variable var) { - capturing_looping_construct(capturing, loop, var) and - // Escapes if used out side of for loop or is a lambda in a comprehension - ( - loop instanceof For and - exists(Expr e | e.pointsTo(_, _, capturing) | not loop.contains(e)) +module EscapingCaptureFlowSig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } + + predicate isSink(DataFlow::Node node) { + // Stored in a field. + exists(DataFlow::AttrWrite aw | aw.getObject() = node) + or + // Stored in a dict/list. + exists(Assign assign, Subscript sub | + sub = assign.getATarget() and node.asExpr() = assign.getValue() + ) or - loop.(Comp).getElt() = capturing + // Stored in a list. + exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) or - loop.(Comp).getElt().(Tuple).getAnElt() = capturing - ) + // Used in a yeild statement, likely included in a collection. + // The element of comprehension expressions desugar to involve a yield statement internally. + exists(Yield y | node.asExpr() = y.getValue()) + } + + predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { + isSink(node) and + exists(cs) + } +} + +module EscapingCaptureFlow = DataFlow::Global; + +predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { + capturesLoopVariable(capturing, loop, var) and + EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) } from CallableExpr capturing, AstNode loop, Variable var -where escaping_capturing_looping_construct(capturing, loop, var) +where escapingCapture(capturing, loop, var) select capturing, "Capture of loop variable $@.", loop, var.getId() From 08b428118790ee14875d4f8ea1d59e12142ae94c Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 10:23:12 +0100 Subject: [PATCH 153/409] Update query message and remove field case --- python/ql/src/Variables/LoopVariableCapture.ql | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index 16130d5d50f5..4682e682d815 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -34,8 +34,9 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { // Stored in a field. - exists(DataFlow::AttrWrite aw | aw.getObject() = node) - or + // This appeared to lead to FPs through wrapper classes. + // exists(DataFlow::AttrWrite aw | aw.getObject() = node) + // or // Stored in a dict/list. exists(Assign assign, Subscript sub | sub = assign.getATarget() and node.asExpr() = assign.getValue() @@ -44,7 +45,7 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { // Stored in a list. exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) or - // Used in a yeild statement, likely included in a collection. + // Used in a yield statement, likely included in a collection. // The element of comprehension expressions desugar to involve a yield statement internally. exists(Yield y | node.asExpr() = y.getValue()) } @@ -64,6 +65,8 @@ predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) } -from CallableExpr capturing, AstNode loop, Variable var -where escapingCapture(capturing, loop, var) -select capturing, "Capture of loop variable $@.", loop, var.getId() +from CallableExpr capturing, AstNode loop, Variable var, string descr +where + escapingCapture(capturing, loop, var) and + if capturing instanceof Lambda then descr = "lambda" else descr = "function" +select capturing, "This " + descr + " captures the loop variable $@.", loop, var.getId() From 5b7200a0418ca7a86a8ed863de755cd355c44634 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 11:04:13 +0100 Subject: [PATCH 154/409] Use flow path in alerts --- .../ql/src/Variables/LoopVariableCapture.ql | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index 4682e682d815..e0a3d5211445 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -1,7 +1,7 @@ /** * @name Loop variable capture * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. - * @kind problem + * @kind path-problem * @tags correctness * @problem.severity error * @sub-severity low @@ -60,13 +60,23 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { module EscapingCaptureFlow = DataFlow::Global; -predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { +import EscapingCaptureFlow::PathGraph + +predicate escapingCapture( + CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, + EscapingCaptureFlow::PathNode sink +) { capturesLoopVariable(capturing, loop, var) and - EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) + capturing = source.getNode().asExpr() and + EscapingCaptureFlow::flowPath(source, sink) } -from CallableExpr capturing, AstNode loop, Variable var, string descr +from + CallableExpr capturing, AstNode loop, Variable var, string descr, + EscapingCaptureFlow::PathNode source, EscapingCaptureFlow::PathNode sink where - escapingCapture(capturing, loop, var) and + escapingCapture(capturing, loop, var, source, sink) and if capturing instanceof Lambda then descr = "lambda" else descr = "function" -select capturing, "This " + descr + " captures the loop variable $@.", loop, var.getId() +select capturing, source, sink, + "This " + descr + " captures the loop variable $@, and may escape the loop by being stored $@.", + loop, var.getId(), sink, "here" From 11830bf66132f39c9df6567ef71193ac98213a4b Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 14:33:55 +0100 Subject: [PATCH 155/409] Move to separate folder --- .../{ => LoopVariableCapture}/LoopVariableCapture.py | 0 .../{ => LoopVariableCapture}/LoopVariableCapture.qhelp | 0 .../{ => LoopVariableCapture}/LoopVariableCapture.ql | 8 ++++++++ .../{ => LoopVariableCapture}/LoopVariableCapture2.py | 0 4 files changed, 8 insertions(+) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.py (100%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.qhelp (100%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.ql (91%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture2.py (100%) diff --git a/python/ql/src/Variables/LoopVariableCapture.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture.py rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py diff --git a/python/ql/src/Variables/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture.qhelp rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql similarity index 91% rename from python/ql/src/Variables/LoopVariableCapture.ql rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index e0a3d5211445..b2ed802e9c39 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -52,6 +52,14 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + predicate isBarrier(DataFlow::Node node) { + // Incorrect virtual dispatch to __call__ methods is a source of FPs. + exists(Function call | + call.getName() = "__call__" and + call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() + ) + } + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { isSink(node) and exists(cs) diff --git a/python/ql/src/Variables/LoopVariableCapture2.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture2.py similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture2.py rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture2.py From 2d6476ad2138138c6fa1ac3b5fb6127254496aa4 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 1 Apr 2025 09:56:01 +0100 Subject: [PATCH 156/409] Update names and alert message --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index b2ed802e9c39..6c979ffdf828 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -29,7 +29,7 @@ predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) var = loop.getALoopVariable() } -module EscapingCaptureFlowSig implements DataFlow::ConfigSig { +module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } predicate isSink(DataFlow::Node node) { @@ -66,7 +66,7 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { } } -module EscapingCaptureFlow = DataFlow::Global; +module EscapingCaptureFlow = DataFlow::Global; import EscapingCaptureFlow::PathGraph @@ -86,5 +86,5 @@ where escapingCapture(capturing, loop, var, source, sink) and if capturing instanceof Lambda then descr = "lambda" else descr = "function" select capturing, source, sink, - "This " + descr + " captures the loop variable $@, and may escape the loop by being stored $@.", - loop, var.getId(), sink, "here" + "This " + descr + " captures the loop variable $@, and may escape the loop by being stored at $@.", + loop, var.getId(), sink, "this location" From c37809a187bf948186b23d548471931a398cc808 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Wed, 2 Apr 2025 09:33:30 +0100 Subject: [PATCH 157/409] Reduce scope of allowImplicitRead to avoid cartesian product. --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 6c979ffdf828..49392e3d01e7 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -62,7 +62,12 @@ module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { isSink(node) and - exists(cs) + ( + cs instanceof DataFlow::TupleElementContent or + cs instanceof DataFlow::ListElementContent or + cs instanceof DataFlow::SetElementContent or + cs instanceof DataFlow::DictionaryElementAnyContent + ) } } From 77e4d9e6920b01fb51d47177f0a061df17aa4d49 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 2 Apr 2025 10:03:49 +0100 Subject: [PATCH 158/409] Fix stray references to the javax package name Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com> --- .../ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index 1cb9af2e0d9a..b38cba889e00 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -713,7 +713,7 @@ class VersionAnnotation extends Annotation { VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } } -/** The interface `javax.persistence.EntityManager`. */ +/** The interface `{javax,jakarta}.persistence.EntityManager`. */ class TypeEntityManager extends Interface { TypeEntityManager() { this.hasQualifiedName(getAPersistencePackageName(), "EntityManager") } @@ -736,7 +736,7 @@ class TypeEntityManager extends Interface { } } -/** The interface `javax.persistence.Query`, which represents queries in the Java Persistence Query Language. */ +/** The interface `{javax,jakarta}.persistence.Query`, which represents queries in the Java Persistence Query Language. */ class TypeQuery extends Interface { TypeQuery() { this.hasQualifiedName(getAPersistencePackageName(), "Query") } From 024712c073a8351965faea00175a8e0d9345711e Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:48:32 +0200 Subject: [PATCH 159/409] C#: Temporarily comment out considering Enums as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index c356014432a2..08874cb533e9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct or - t instanceof Enum + t instanceof SystemDateTimeStruct + // or t instanceof Enum ) } } From 60e3b4351a41890b65395684c575a98f1adabcd8 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:16:52 +0200 Subject: [PATCH 160/409] C#: Fix simple types testcases. --- .../CWE-117/LogForgingAsp.cs | 54 +++++++++++++++++++ .../CWE-117/LogForgingSimpleTypes.cs | 46 ---------------- 2 files changed, 54 insertions(+), 46 deletions(-) delete mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index a3293344b33f..1bbef682496b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -3,6 +3,11 @@ using Microsoft.AspNetCore.Http.Headers; using Microsoft.AspNetCore.Mvc; +public enum TestEnum +{ + TestEnumValue +} + public class AspController : ControllerBase { public void Action1(string username) @@ -38,4 +43,53 @@ public void Action2(bool? b) logger.Warn($"Warning about the bool: {b}"); } } + + public void ActionInt(int i) + { + var logger = new ILogger(); + // GOOD: int is a sanitizer. + logger.Warn($"Warning about the int: {i}"); + } + + public void ActionLong(long l) + { + var logger = new ILogger(); + // GOOD: long is a sanitizer. + logger.Warn($"Warning about the long: {l}"); + } + + public void ActionFloat(float f) + { + var logger = new ILogger(); + // GOOD: float is a sanitizer. + logger.Warn($"Warning about the float: {f}"); + } + + public void ActionDouble(double d) + { + var logger = new ILogger(); + // GOOD: double is a sanitizer. + logger.Warn($"Warning about the double: {d}"); + } + + public void ActionDecimal(decimal d) + { + var logger = new ILogger(); + // GOOD: decimal is a sanitizer. + logger.Warn($"Warning about the decimal: {d}"); + } + + public void ActionEnum(TestEnum e) + { + var logger = new ILogger(); + // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + logger.Warn($"Warning about the enum: {e}"); + } + + public void ActionDateTime(DateTimeOffset dt) + { + var logger = new ILogger(); + // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + logger.Warn($"Warning about the DateTimeOffset: {dt}"); + } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs deleted file mode 100644 index 32c746abc0c5..000000000000 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs +++ /dev/null @@ -1,46 +0,0 @@ -using System; -using System.Diagnostics; -using System.IO; -using System.Net; -using System.Web; -using Microsoft.Extensions.Logging; - -class ILogger -{ - public void Warn(string message) { } -} - -enum TestEnum -{ - TestEnumValue -} - -public class LogForgingSimpleTypes -{ - public void Execute(HttpContext ctx) - { - // GOOD: int - logger.Warn("Logging simple type (int):" 1); - - // GOOD: long - logger.Warn("Logging simple type (int):" 1L); - - // GOOD: float - logger.Warn("Logging simple type (float):" 1.1); - - // GOOD: double - logger.Warn("Logging simple type (double):" 1.1d); - - // GOOD: decimal - logger.Warn("Logging simple type (double):" 1.1m); - - // GOOD: Enum - logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); - - // GOOD: DateTime - logger.Warn("Logging simple type (int):" new DateTime()); - - // GOOD: DateTimeOffset - logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); - } -} From 08159896f385d2e24eb422c69b49bde911822d79 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:33:08 +0200 Subject: [PATCH 161/409] C#: Convert cs/log-forging tests to inline expectations. --- .../Security Features/CWE-117/LogForging.cs | 8 +++---- .../CWE-117/LogForging.expected | 21 +++++++++++++++---- .../CWE-117/LogForging.qlref | 4 +++- .../CWE-117/LogForgingAsp.cs | 6 +++--- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs index 691d98f986e0..18169e4a4b0b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs @@ -15,10 +15,10 @@ public class LogForgingHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String username = ctx.Request.QueryString["username"]; + String username = ctx.Request.QueryString["username"]; // $ Source ILogger logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert // GOOD: New-lines removed logger.Warn(username.Replace(Environment.NewLine, "") + " logged in"); // GOOD: New-lines removed @@ -28,11 +28,11 @@ public void ProcessRequest(HttpContext ctx) // GOOD: Html encoded logger.Warn(WebUtility.HtmlEncode(username) + " logged in"); // BAD: Logged as-is to TraceSource - new TraceSource("Test").TraceInformation(username + " logged in"); + new TraceSource("Test").TraceInformation(username + " logged in"); // $ Alert Microsoft.Extensions.Logging.ILogger logger2 = null; // BAD: Logged as-is - logger2.LogError(username); + logger2.LogError(username); // $ Alert } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index f817ebd27b03..d7177aaf0de9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -2,7 +2,9 @@ | LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | +| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | +| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -10,7 +12,9 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | -| LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | +| LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -20,6 +24,15 @@ nodes | LogForging.cs:21:21:21:43 | ... + ... | semmle.label | ... + ... | | LogForging.cs:31:50:31:72 | ... + ... | semmle.label | ... + ... | | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | -| LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | +| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | +| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths +testFailures +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | +| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | +| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref index a41529bfeb1c..7396362dcbf1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-117/LogForging.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index 1bbef682496b..b65b42ce9691 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -10,11 +10,11 @@ public enum TestEnum public class AspController : ControllerBase { - public void Action1(string username) + public void Action1(string username) // $ Source { var logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert } public void Action1(DateTime date) @@ -89,7 +89,7 @@ public void ActionEnum(TestEnum e) public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From cf75493fe9b6f9ea21882f2c124af8a28637527b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:16:06 +0200 Subject: [PATCH 162/409] C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/frameworks/System.qll | 5 +++++ csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 56e063b1b5e0..678563589e8a 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -756,6 +756,11 @@ class SystemDateTimeStruct extends SystemStruct { SystemDateTimeStruct() { this.hasName("DateTime") } } +/** The `System.DateTimeOffset` struct. */ +class SystemDateTimeOffsetStruct extends SystemStruct { + SystemDateTimeOffsetStruct() { this.hasName("DateTimeOffset") } +} + /** The `System.Span` struct. */ class SystemSpanStruct extends SystemUnboundGenericStruct { SystemSpanStruct() { diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 08874cb533e9..db4b3c6da18d 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,9 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct - // or t instanceof Enum + t instanceof SystemDateTimeStruct or + t instanceof SystemDateTimeOffsetStruct or + t instanceof Enum ) } } From d7f5ce249297b16dd9d7ffb9e3972116f6c0f12d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:19:37 +0200 Subject: [PATCH 163/409] C#: Update log forging expected test output. --- .../Security Features/CWE-117/LogForging.expected | 13 ------------- .../Security Features/CWE-117/LogForgingAsp.cs | 4 ++-- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index d7177aaf0de9..1820eaa07d96 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -3,8 +3,6 @@ | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | -| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | -| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -13,8 +11,6 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -26,13 +22,4 @@ nodes | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | | LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | | LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | -| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | -| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths -testFailures -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | -| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | -| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index b65b42ce9691..64f0e34e569b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -82,14 +82,14 @@ public void ActionDecimal(decimal d) public void ActionEnum(TestEnum e) { var logger = new ILogger(); - // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + // GOOD: Enum is a sanitizer. logger.Warn($"Warning about the enum: {e}"); } public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] + // GOOD: DateTimeOffset is a sanitizer. logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From 22c943657aae161afbbe79fa5fbb96306bac4c55 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:38:15 +0200 Subject: [PATCH 164/409] C#: Update change note. --- .../ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md | 4 ---- csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md deleted file mode 100644 index 5c0dc208ac82..000000000000 --- a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md new file mode 100644 index 000000000000..ac93bd31b3e9 --- /dev/null +++ b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. From c737ee9b529f33c9c3ba1c2da5f351cbcbf1b85b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 10:58:47 +0100 Subject: [PATCH 165/409] Rust: Accept another consistency check failure. --- .../security/CWE-696/CONSISTENCY/DataFlowConsistency.expected | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 000000000000..ad26ad761aa1 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +postWithInFlow +| test.rs:118:17:118:19 | [post] ptr | PostUpdateNode should not be the target of local flow. | From 8663f3b8b2db90f6c804b023173e47df1b0ca60a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 2 Apr 2025 12:32:28 +0200 Subject: [PATCH 166/409] Rust: Add another disjunct to `postWithInFlowExclude` --- .../lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll index c95056a7dba0..f8e24c4c34a9 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll @@ -1,6 +1,7 @@ import codeql.rust.dataflow.DataFlow::DataFlow as DataFlow private import rust private import codeql.rust.dataflow.internal.DataFlowImpl +private import codeql.rust.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import codeql.rust.dataflow.internal.Node as Node private import codeql.rust.dataflow.internal.TaintTrackingImpl private import codeql.dataflow.internal.DataFlowImplConsistency @@ -20,6 +21,8 @@ private module Input implements InputSig { n.(Node::PostUpdateNode).getPreUpdateNode().asExpr() = any(Node::ReceiverNode r).getReceiver() or n.(Node::PostUpdateNode).getPreUpdateNode().asExpr() = getPostUpdateReverseStep(_, _) + or + FlowSummaryImpl::Private::Steps::sourceLocalStep(_, n, _) } predicate missingLocationExclude(RustDataFlow::Node n) { not exists(n.asExpr().getLocation()) } From 14999c19dacc263ec37f0d0bad1124a6ffa33dd8 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 10:21:17 +0200 Subject: [PATCH 167/409] Added test cases for `rimraf` library. --- .../Security/CWE-022/TaintedPath/rimraf.js | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js new file mode 100644 index 000000000000..a6f3c52068ac --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js @@ -0,0 +1,30 @@ +const express = require('express'); +const rimraf = require('rimraf'); + +const app = express(); +app.use(express.json()); + +app.post('/rmsync', async (req, res) => { + const { path } = req.body; // $ MISSING: Source + + rimraf.sync(path); // $ MISSING: Alert + rimraf.rimrafSync(path); // $ MISSING: Alert + rimraf.native(path); // $ MISSING: Alert + await rimraf.native(path); // $ MISSING: Alert + rimraf.native.sync(path); // $ MISSING: Alert + rimraf.nativeSync(path); // $ MISSING: Alert + await rimraf.manual(path); // $ MISSING: Alert + rimraf.manual(path); // $ MISSING: Alert + rimraf.manual.sync(path); // $ MISSING: Alert + rimraf.manualSync(path); // $ MISSING: Alert + await rimraf.windows(path); // $ MISSING: Alert + rimraf.windows(path); // $ MISSING: Alert + rimraf.windows.sync(path); // $ MISSING: Alert + rimraf.windowsSync(path); // $ MISSING: Alert + rimraf.moveRemove(path); // $ MISSING: Alert + rimraf.moveRemove.sync(path); // $ MISSING: Alert + rimraf.moveRemoveSync(path); // $ MISSING: Alert + rimraf.posixSync(path); // $ MISSING: Alert + rimraf.posix(path); // $ MISSING: Alert + rimraf.posix.sync(path); // $ MISSING: Alert +}); From b16b407f892d4adaf377f84ea099ad14fa3366e5 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 12:49:48 +0200 Subject: [PATCH 168/409] Add `rimraf` model and update tests for path injection vulnerabilities --- javascript/ql/lib/ext/rimraf.model.yml | 8 +++ .../CWE-022/TaintedPath/TaintedPath.expected | 67 +++++++++++++++++++ .../Security/CWE-022/TaintedPath/rimraf.js | 42 ++++++------ 3 files changed, 96 insertions(+), 21 deletions(-) create mode 100644 javascript/ql/lib/ext/rimraf.model.yml diff --git a/javascript/ql/lib/ext/rimraf.model.yml b/javascript/ql/lib/ext/rimraf.model.yml new file mode 100644 index 000000000000..8afd53e47efe --- /dev/null +++ b/javascript/ql/lib/ext/rimraf.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["rimraf", "Member[sync,native,manual,windows,moveRemove,posix].Argument[0]", "path-injection"] + - ["rimraf", "Member[rimrafSync,nativeSync,manualSync,windowsSync,moveRemoveSync,posixSync].Argument[0]", "path-injection"] + - ["rimraf", "Member[native,manual,windows,moveRemove,posix].Member[sync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 4147726065ec..99be2545b8e3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -168,6 +168,26 @@ | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | | pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| rimraf.js:10:17:10:20 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:10:17:10:20 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:11:23:11:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:11:23:11:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:12:19:12:22 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:12:19:12:22 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:13:25:13:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:13:25:13:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:14:24:14:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:14:24:14:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:15:23:15:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:15:23:15:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:16:25:16:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:16:25:16:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:17:19:17:22 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:17:19:17:22 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:18:24:18:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:18:24:18:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:19:23:19:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:19:23:19:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:20:26:20:29 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:20:26:20:29 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:21:20:21:23 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:21:20:21:23 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:22:25:22:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:22:25:22:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:23:24:23:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:23:24:23:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:24:23:24:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:24:23:24:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:25:28:25:31 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:25:28:25:31 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:26:27:26:30 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:26:27:26:30 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:27:22:27:25 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:27:22:27:25 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:28:18:28:21 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:28:18:28:21 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:29:23:29:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:29:23:29:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | | sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | @@ -594,6 +614,29 @@ edges | pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | provenance | | | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | provenance | | | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | provenance | Config | +| rimraf.js:8:11:8:18 | { path } | rimraf.js:8:13:8:16 | path | provenance | Config | +| rimraf.js:8:11:8:29 | path | rimraf.js:10:17:10:20 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:11:23:11:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:12:19:12:22 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:13:25:13:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:14:24:14:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:15:23:15:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:16:25:16:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:17:19:17:22 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:18:24:18:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:19:23:19:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:20:26:20:29 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:21:20:21:23 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:22:25:22:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:23:24:23:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:24:23:24:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:25:28:25:31 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:26:27:26:30 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:27:22:27:25 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:28:18:28:21 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:29:23:29:26 | path | provenance | | +| rimraf.js:8:13:8:16 | path | rimraf.js:8:11:8:29 | path | provenance | | +| rimraf.js:8:22:8:29 | req.body | rimraf.js:8:11:8:18 | { path } | provenance | | | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | provenance | | | sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | provenance | | | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | provenance | | @@ -1133,6 +1176,30 @@ nodes | pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | | pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | | pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| rimraf.js:8:11:8:18 | { path } | semmle.label | { path } | +| rimraf.js:8:11:8:29 | path | semmle.label | path | +| rimraf.js:8:13:8:16 | path | semmle.label | path | +| rimraf.js:8:22:8:29 | req.body | semmle.label | req.body | +| rimraf.js:10:17:10:20 | path | semmle.label | path | +| rimraf.js:11:23:11:26 | path | semmle.label | path | +| rimraf.js:12:19:12:22 | path | semmle.label | path | +| rimraf.js:13:25:13:28 | path | semmle.label | path | +| rimraf.js:14:24:14:27 | path | semmle.label | path | +| rimraf.js:15:23:15:26 | path | semmle.label | path | +| rimraf.js:16:25:16:28 | path | semmle.label | path | +| rimraf.js:17:19:17:22 | path | semmle.label | path | +| rimraf.js:18:24:18:27 | path | semmle.label | path | +| rimraf.js:19:23:19:26 | path | semmle.label | path | +| rimraf.js:20:26:20:29 | path | semmle.label | path | +| rimraf.js:21:20:21:23 | path | semmle.label | path | +| rimraf.js:22:25:22:28 | path | semmle.label | path | +| rimraf.js:23:24:23:27 | path | semmle.label | path | +| rimraf.js:24:23:24:26 | path | semmle.label | path | +| rimraf.js:25:28:25:31 | path | semmle.label | path | +| rimraf.js:26:27:26:30 | path | semmle.label | path | +| rimraf.js:27:22:27:25 | path | semmle.label | path | +| rimraf.js:28:18:28:21 | path | semmle.label | path | +| rimraf.js:29:23:29:26 | path | semmle.label | path | | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | | sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | | sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js index a6f3c52068ac..9595078cf8df 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js @@ -5,26 +5,26 @@ const app = express(); app.use(express.json()); app.post('/rmsync', async (req, res) => { - const { path } = req.body; // $ MISSING: Source + const { path } = req.body; // $ Source - rimraf.sync(path); // $ MISSING: Alert - rimraf.rimrafSync(path); // $ MISSING: Alert - rimraf.native(path); // $ MISSING: Alert - await rimraf.native(path); // $ MISSING: Alert - rimraf.native.sync(path); // $ MISSING: Alert - rimraf.nativeSync(path); // $ MISSING: Alert - await rimraf.manual(path); // $ MISSING: Alert - rimraf.manual(path); // $ MISSING: Alert - rimraf.manual.sync(path); // $ MISSING: Alert - rimraf.manualSync(path); // $ MISSING: Alert - await rimraf.windows(path); // $ MISSING: Alert - rimraf.windows(path); // $ MISSING: Alert - rimraf.windows.sync(path); // $ MISSING: Alert - rimraf.windowsSync(path); // $ MISSING: Alert - rimraf.moveRemove(path); // $ MISSING: Alert - rimraf.moveRemove.sync(path); // $ MISSING: Alert - rimraf.moveRemoveSync(path); // $ MISSING: Alert - rimraf.posixSync(path); // $ MISSING: Alert - rimraf.posix(path); // $ MISSING: Alert - rimraf.posix.sync(path); // $ MISSING: Alert + rimraf.sync(path); // $ Alert + rimraf.rimrafSync(path); // $ Alert + rimraf.native(path); // $ Alert + await rimraf.native(path); // $ Alert + rimraf.native.sync(path); // $ Alert + rimraf.nativeSync(path); // $ Alert + await rimraf.manual(path); // $ Alert + rimraf.manual(path); // $ Alert + rimraf.manual.sync(path); // $ Alert + rimraf.manualSync(path); // $ Alert + await rimraf.windows(path); // $ Alert + rimraf.windows(path); // $ Alert + rimraf.windows.sync(path); // $ Alert + rimraf.windowsSync(path); // $ Alert + rimraf.moveRemove(path); // $ Alert + rimraf.moveRemove.sync(path); // $ Alert + rimraf.moveRemoveSync(path); // $ Alert + rimraf.posixSync(path); // $ Alert + rimraf.posix(path); // $ Alert + rimraf.posix.sync(path); // $ Alert }); From 390d9ffe668f3218d939788ae7ebdeb6e61c6006 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 12:50:53 +0200 Subject: [PATCH 169/409] Added change note --- javascript/ql/lib/change-notes/2025-04-02-rimraf.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-02-rimraf.md diff --git a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md new file mode 100644 index 000000000000..3d0521643d59 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for additional `rimraf` methods as sinks in path-injection queries. From 9fc0ee185b02fd13b0ebbeca13a85ddfd23d2257 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:03:20 +0100 Subject: [PATCH 170/409] Rust: Change the query ID to rust/summary/summary-statistics-reduced. --- rust/ql/src/queries/summary/SummaryStatsLess.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsLess.ql index ddcc76d16bcb..75358064bba7 100644 --- a/rust/ql/src/queries/summary/SummaryStatsLess.ql +++ b/rust/ql/src/queries/summary/SummaryStatsLess.ql @@ -1,9 +1,9 @@ /** - * @name Summary Statistics Less + * @name Summary Statistics Reduced * @description A table of summary statistics about a database, with data that * has been found to be noisy on tests removed. * @kind metric - * @id rust/summary/summary-statistics-less + * @id rust/summary/summary-statistics-reduced * @tags summary */ From 02245af3ca64272acb2ddf8b7588922a580705db Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:11:55 +0100 Subject: [PATCH 171/409] Rust: Rename the query file. --- rust/ql/integration-tests/hello-project/summary.qlref | 2 +- rust/ql/integration-tests/hello-workspace/summary.qlref | 2 +- .../summary/{SummaryStatsLess.ql => SummaryStatsReduced.ql} | 0 rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename rust/ql/src/queries/summary/{SummaryStatsLess.ql => SummaryStatsReduced.ql} (100%) diff --git a/rust/ql/integration-tests/hello-project/summary.qlref b/rust/ql/integration-tests/hello-project/summary.qlref index 3d1b7ac7f1b7..926fc7903911 100644 --- a/rust/ql/integration-tests/hello-project/summary.qlref +++ b/rust/ql/integration-tests/hello-project/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.qlref b/rust/ql/integration-tests/hello-workspace/summary.qlref index 3d1b7ac7f1b7..926fc7903911 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.qlref +++ b/rust/ql/integration-tests/hello-workspace/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsReduced.ql similarity index 100% rename from rust/ql/src/queries/summary/SummaryStatsLess.ql rename to rust/ql/src/queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref index 3d1b7ac7f1b7..926fc7903911 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql From fbde235253853fe0387b7947e9a9689a0b8ec7fc Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:16:10 +0100 Subject: [PATCH 172/409] Rust: Rename the test as well. --- .../{SummaryStatsLess.expected => SummaryStatsReeduced.expected} | 0 .../{SummaryStatsLess.qlref => SummaryStatsReeduced.qlref} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsLess.expected => SummaryStatsReeduced.expected} (100%) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsLess.qlref => SummaryStatsReeduced.qlref} (100%) diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref From 9ebaac82cf4ecdeb50cb118e644b584d4837bf98 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:47:18 +0200 Subject: [PATCH 173/409] JS: Add tests for Response object sink --- .../CWE-079/ReflectedXss/response-object.js | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js new file mode 100644 index 000000000000..7dbeb14d30d3 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -0,0 +1,39 @@ +const express = require('express'); + +// Note: We're using using express for the taint source in order to to test 'Response' +// in isolation from the more complicated http frameworks. + +express().get('/foo', (req) => { + const data = req.body; // $ MISSING: Source + + new Response(data); // $ MISSING: Alert + new Response(data, {}); // $ MISSING: Alert + new Response(data, { headers: null }); // $ MISSING: Alert + + new Response(data, { headers: { 'content-type': 'text/plain'}}); + new Response(data, { headers: { 'content-type': 'text/html'}}); // $ MISSING: Alert + + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); + new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ MISSING: Alert + + const headers1 = new Headers({ 'content-type': 'text/plain'}); + new Response(data, { headers: headers1 }); + + const headers2 = new Headers({ 'content-type': 'text/html'}); + new Response(data, { headers: headers2 }); // $ MISSING: Alert + + const headers3 = new Headers(); + new Response(data, { headers: headers3 }); // $ MISSING: Alert + + const headers4 = new Headers(); + headers4.set('content-type', 'text/plain'); + new Response(data, { headers: headers4 }); + + const headers5 = new Headers(); + headers5.set('content-type', 'text/html'); + new Response(data, { headers: headers5 }); // $ MISSING: Alert + + const headers6 = new Headers(); + headers6.set('unrelated-header', 'text/plain'); + new Response(data, { headers: headers6 }); // $ MISSING: Alert +}); From 6820cbabc8ac9eefda6ab6bc7a179990cf747aba Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 14:01:00 +0200 Subject: [PATCH 174/409] C#: Accept file sync mismatch for C# testfiles if they are identical modulo comments. --- config/sync-files.py | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/config/sync-files.py b/config/sync-files.py index 9645d42f1e59..66d4d017ed8c 100644 --- a/config/sync-files.py +++ b/config/sync-files.py @@ -58,7 +58,19 @@ def file_checksum(filename): with open(filename, 'rb') as file_handle: return hashlib.sha1(file_handle.read()).hexdigest() -def check_group(group_name, files, master_file_picker, emit_error): +def accept_prefix(line1, line2): + suffix = line2.removeprefix(line1) + return not suffix or suffix.lstrip().startswith("//") + +def equivalent_lines(lines1, lines2): + if len(lines1) != len(lines2): + return False + for line1, line2 in zip(lines1, lines2): + if not accept_prefix(line1, line2) and not accept_prefix(line2, line1): + return False + return True + +def check_group(group_name, files, master_file_picker, emit_error, accept_prefix): extant_files = [f for f in files if path.isfile(f)] if len(extant_files) == 0: emit_error(__file__, 0, "No files found from group '" + group_name + "'.") @@ -70,11 +82,23 @@ def check_group(group_name, files, master_file_picker, emit_error): return checksums = {file_checksum(f) for f in extant_files} - - if len(checksums) == 1 and len(extant_files) == len(files): + same_lengths = len(extant_files) == len(files) + if len(checksums) == 1 and same_lengths: # All files are present and identical. return + # In this case we also consider files indentical, if + # (1) The group only containts two files. + # (2) The lines of one file are the same as the lines of another file + # modulo comments. + if accept_prefix and same_lengths and len(extant_files) == 2: + with open(extant_files[0], 'r') as f1: + file1_lines = [l.strip('\n\r') for l in f1.readlines()] + with open(extant_files[1], 'r') as f2: + file2_lines = [l.strip('\n\r') for l in f2.readlines()] + if equivalent_lines(file1_lines, file2_lines): + return + master_file = master_file_picker(extant_files) if master_file is None: emit_error(__file__, 0, @@ -139,9 +163,10 @@ def sync_identical_files(emit_error): raise Exception("Bad command line or file not found") chdir_repo_root() load_if_exists('.', 'config/identical-files.json') - file_groups.update(csharp_test_files()) + for group_name, files in csharp_test_files().items(): + check_group(group_name, files, master_file_picker, emit_error, True) for group_name, files in file_groups.items(): - check_group(group_name, files, master_file_picker, emit_error) + check_group(group_name, files, master_file_picker, emit_error, False) def main(): sync_identical_files(emit_local_error) From 30a9cd7c8a7cda2649996e680c525057adeba97e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 14:09:52 +0200 Subject: [PATCH 175/409] JS: Include document as a DOM value --- .../ql/test/library-tests/DOM/Customizations.expected | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/javascript/ql/test/library-tests/DOM/Customizations.expected b/javascript/ql/test/library-tests/DOM/Customizations.expected index 3fc5570c743c..df15c409be2d 100644 --- a/javascript/ql/test/library-tests/DOM/Customizations.expected +++ b/javascript/ql/test/library-tests/DOM/Customizations.expected @@ -7,20 +7,26 @@ test_documentRef test_locationRef | customization.js:3:3:3:14 | doc.location | test_domValueRef +| customization.js:2:13:2:31 | customGetDocument() | +| customization.js:3:3:3:14 | doc.location | | customization.js:4:3:4:20 | doc.getElementById | | customization.js:4:3:4:28 | doc.get ... 'test') | | event-handler-receiver.html:4:20:4:19 | this | +| event-handler-receiver.js:1:1:1:8 | document | | event-handler-receiver.js:1:1:1:23 | documen ... entById | | event-handler-receiver.js:1:1:1:32 | documen ... my-id') | | event-handler-receiver.js:1:44:1:43 | this | | event-handler-receiver.js:2:3:2:17 | this.parentNode | +| event-handler-receiver.js:5:1:5:8 | document | | event-handler-receiver.js:5:1:5:23 | documen ... entById | | event-handler-receiver.js:5:1:5:32 | documen ... my-id') | | event-handler-receiver.js:5:60:5:59 | this | | event-handler-receiver.js:6:3:6:17 | this.parentNode | +| nameditems.js:1:1:1:8 | document | | nameditems.js:1:1:1:23 | documen ... entById | | nameditems.js:1:1:1:30 | documen ... ('foo') | | nameditems.js:1:1:2:19 | documen ... em('x') | +| querySelectorAll.js:2:5:2:12 | document | | querySelectorAll.js:2:5:2:29 | documen ... ctorAll | | querySelectorAll.js:2:5:2:36 | documen ... ('foo') | | querySelectorAll.js:2:46:2:48 | elm | From 2c40359143e07e32c59fac49981b911429428671 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 14:11:54 +0200 Subject: [PATCH 176/409] JS: Change note --- .../2025-04-02-name-resolution-independent-fixes.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md diff --git a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md new file mode 100644 index 000000000000..4773744a984f --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. From 10564fac4d86207c52946125ee3c700c97394194 Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Wed, 2 Apr 2025 14:20:24 +0200 Subject: [PATCH 177/409] Add @ps-codeql to CODEOWNERS for experimental cryptography MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This pull request adds @github/ps-codeql as a code owner of `**/experimental/quantum/` to support the development of post-quantum cryptography-related libraries and queries. We’ll be committing stable but experimental work to these directories as it becomes ready for public use, with a near-term goal of moving it out of experimental. To get started, we’d also need write access to `github/codeql`. cc @adityasharad @lcartey --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index e7fb27e9f860..90c3cb9af601 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -14,6 +14,9 @@ /java/ql/test-kotlin1/ @github/codeql-kotlin /java/ql/test-kotlin2/ @github/codeql-kotlin +# Experimental CodeQL cryptography +**/experimental/quantum/ @github/ps-codeql + # CodeQL tools and associated docs /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers /docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers From 93d0f364d6c2441e867279c5c36566756e116e0a Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:00:05 +0200 Subject: [PATCH 178/409] C#: Add ConstantConditionBad file. --- .../Control-Flow/ConstantCondition/ConstantConditionBad.cs | 7 +++++++ .../Control-Flow/ConstantCondition/ConstantIfCondition.cs | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs new file mode 100644 index 000000000000..66af12c057af --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs @@ -0,0 +1,7 @@ +class Bad +{ + public int Max(int a, int b) + { + return a > a ? a : b; // $ Alert + } +} diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs index 146dbcf56611..04c91cc222da 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs @@ -25,11 +25,6 @@ public void Foo() } } - public int Max(int a, int b) - { - return a > a ? a : b; // $ Alert - } - public int Bar() { return ZERO; From 88b061e27ee45584e31d2c2c9c9c15c1c275f909 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 16:24:41 +0000 Subject: [PATCH 179/409] Add change note --- .../change-notes/2025-03-27-database-local-source-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-03-27-database-local-source-models.md diff --git a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md new file mode 100644 index 000000000000..95f08d00b9ca --- /dev/null +++ b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. From 89e853b4bec561e272e2b2cb6fdfd6eafd568c9f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 22:09:55 +0000 Subject: [PATCH 180/409] Don't use non-existent dependency This makes some go tooling, like `go mod tidy`, not work. --- .../go/dataflow/flowsources/local/database/go.mod | 1 - .../flowsources/local/database/source.ext.yml | 2 +- .../flowsources/local/database/test.ext.yml | 2 +- .../local/database/test_Masterminds_squirrel.go | 13 ++++++++----- .../vendor/github.com/nonexistent/sources/stub.go | 5 ----- .../flowsources/local/database/vendor/modules.txt | 3 --- 6 files changed, 10 insertions(+), 16 deletions(-) delete mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 560bcd759c34..66d6a2e6ed8e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -12,7 +12,6 @@ require ( github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a go.mongodb.org/mongo-driver v1.17.3 gorm.io/gorm v1.25.12 - github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 ) require ( diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml index 5e7e11e1b313..476c0cf7212f 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml @@ -8,4 +8,4 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file + - ["test", "", False, "Source", "", "", "ReturnValue", "database", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml index 45623fd20ad2..8e91b5dfb48f 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml @@ -10,4 +10,4 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file + - ["test", "", False, "Source", "", "", "ReturnValue", "database", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go index cc1418e884cf..6a5a57df2898 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go @@ -6,9 +6,12 @@ import ( "context" "github.com/Masterminds/squirrel" - src "github.com/nonexistent/sources" ) +func Source[T any]() T { + return *new(T) +} + func test_Masterminds_squirrel_QueryRower(ctx context.Context, db squirrel.QueryRower, sqlizer squirrel.Sqlizer) { scanner := db.QueryRow("") // $ source @@ -136,7 +139,7 @@ func test_Masterminds_squirrel_DeleteBuilder(ctx context.Context, builder squirr sink(r32) // $ hasTaintFlow="r32" sink(r33) // $ hasTaintFlow="r33" - builder2 := src.Source[squirrel.DeleteBuilder]() // $ source + builder2 := Source[squirrel.DeleteBuilder]() // $ source var r41, r42, r43 string builder2.ScanContext(ctx, &r41, &r42, &r43) @@ -177,7 +180,7 @@ func test_Masterminds_squirrel_InsertBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.InsertBuilder]() // $ source + builder2 := Source[squirrel.InsertBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) @@ -225,7 +228,7 @@ func test_Masterminds_squirrel_SelectBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.SelectBuilder]() // $ source + builder2 := Source[squirrel.SelectBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) @@ -273,7 +276,7 @@ func test_Masterminds_squirrel_UpdateBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.UpdateBuilder]() // $ source + builder2 := Source[squirrel.UpdateBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go deleted file mode 100644 index afc57a3900d7..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go +++ /dev/null @@ -1,5 +0,0 @@ -package sources - -func Source[T any]() T { - return *new(T) -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index 01fbca5130d4..bba2801e9c33 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -25,9 +25,6 @@ go.mongodb.org/mongo-driver/mongo # gorm.io/gorm v1.25.12 ## explicit gorm.io/gorm -# github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 -## explicit -github.com/nonexistent/sources # github.com/couchbase/gocbcore/v10 v10.5.4 ## explicit github.com/couchbase/gocbcore/v10 From c54f0d82e2b072d8d7f0833a0ecf998565901b57 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 23 Oct 2024 13:02:30 -0400 Subject: [PATCH 181/409] [bun] Model github.com/uptrace/bun --- .../lib/ext/github.com.uptrace.bun.model.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/go/ql/lib/ext/github.com.uptrace.bun.model.yml b/go/ql/lib/ext/github.com.uptrace.bun.model.yml index a08adb07973d..6d56db783206 100644 --- a/go/ql/lib/ext/github.com.uptrace.bun.model.yml +++ b/go/ql/lib/ext/github.com.uptrace.bun.model.yml @@ -1,4 +1,26 @@ extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/uptrace/bun", "AddColumnQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "CreateIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "CreateTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DeleteQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DropIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DropTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "InsertQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "MergeQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "TruncateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "UpdateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DeleteQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "InsertQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "MergeQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "TruncateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "UpdateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel From db65a6ff850cc2554ca8aa7802ec545126eec540 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 22 Oct 2024 22:15:03 -0400 Subject: [PATCH 182/409] [gogf] Model github.com/gogf/gf/database/gdb Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> --- .../github.com.gogf.gf.database.gdb.model.yml | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml index 030656c6eb8a..a667507009c4 100644 --- a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml +++ b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml @@ -55,3 +55,54 @@ extensions: - ["github.com/gogf/gf/database/gdb", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/gogf/gf/database/gdb", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/gogf/gf/database/gdb", "Tx", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"] + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + # These models are for v1. Some of them hold for v2, but we should model v2 properly. + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "GMap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Map", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Struct", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Array", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Chunk", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "List", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "ScanList", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Structs", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] From 9cf411712087098c042eec359192257e74c31631 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 8 Jan 2025 14:43:26 -0500 Subject: [PATCH 183/409] Add tests for gogf/gf/database/gdb --- .../local/database/test_gogf_gf_database_gdb.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go new file mode 100644 index 000000000000..e13266529e9b --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -0,0 +1,17 @@ +package test + +import ( + "fmt" + + "github.com/gogf/gf/database/gdb" +) + +func gogf(g gdb.DB) { + u1, err := g.GetOne("SELECT user from users") // $source + + if err != nil { + return + } + + fmt.Println(u1) +} From ddb7da4c13d4503fbe6d17e0b0aaa5eacb508e17 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 28 Mar 2025 09:03:35 +0000 Subject: [PATCH 184/409] Add gogf models and tests --- .../github.com.gogf.gf.database.gdb.model.yml | 52 ++-- .../database/test_gogf_gf_database_gdb.go | 241 +++++++++++++++++- 2 files changed, 270 insertions(+), 23 deletions(-) diff --git a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml index a667507009c4..fbca149dd7ac 100644 --- a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml +++ b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml @@ -60,36 +60,59 @@ extensions: extensible: sourceModel data: # These models are for v1. Some of them hold for v2, but we should model v2 properly. - - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetArray", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetArray", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + + - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "ScanList", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Select", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Struct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Structs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Value", "", "", "ReturnValue[0]", "database", "manual"] + + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel data: - - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "GMap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Map", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Struct", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Array", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Chunk", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] @@ -102,7 +125,6 @@ extensions: - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "ScanList", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Structs", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go index e13266529e9b..436c9dab677d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -1,17 +1,242 @@ package test -import ( - "fmt" +//go:generate depstubber -vendor github.com/gogf/gf/database/gdb Core,DB,Model,TX,Record,Result +import ( "github.com/gogf/gf/database/gdb" ) -func gogf(g gdb.DB) { - u1, err := g.GetOne("SELECT user from users") // $source +func gogf_Core(g gdb.Core) { + v1, _ := g.DoGetAll(nil, nil, "SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.DoQuery(nil, nil, "SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" + + v3, _ := g.GetAll("SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.GetArray("SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.GetOne("SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.GetScan(&v6, "SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + var v7 User + g.GetStruct(&v7, "SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" + + var v8 []User // $ source + g.GetStructs(v8, "SELECT user from users") + sink(v8) // $ hasTaintFlow="v8" + + v9, _ := g.GetValue("SELECT user from users") // $ source + sink(v9) // $ hasTaintFlow="v9" + + v10, _ := g.Query("SELECT user from users") // $ source + sink(v10) // $ hasTaintFlow="v10" +} + +func gogf_DB(g gdb.DB) { + v1, _ := g.DoGetAll(nil, nil, "SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.DoQuery(nil, nil, "SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" + + v3, _ := g.GetAll("SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.GetArray("SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.GetOne("SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.GetScan(&v6, "SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.GetValue("SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" + + v8, _ := g.Query("SELECT user from users") // $ source + sink(v8) // $ hasTaintFlow="v8" +} + +func gogf_Model(g gdb.Model) { + v1, _ := g.All() // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.Array() // $ source + sink(v2) // $ hasTaintFlow="v2" + + v3, _ := g.FindAll() // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.FindArray() // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.FindOne() // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.FindScan(&v6) // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.FindValue() // $ source + sink(v7) // $ hasTaintFlow="v7" + + v8, _ := g.One() // $ source + sink(v8) // $ hasTaintFlow="v8" + + var v9 User + g.Scan(&v9) // $ source + sink(v9) // $ hasTaintFlow="v9" + + var v10 []User + g.ScanList(&v10, "") // $ source + sink(v10) // $ hasTaintFlow="v10" + + v11, _ := g.Select() // $ source + sink(v11) // $ hasTaintFlow="v11" + + var v12 User + g.Struct(&v12) // $ source + sink(v12) // $ hasTaintFlow="v12" + + var v13 []User + g.Structs(&v13, "") // $ source + sink(v13) // $ hasTaintFlow="v13" + + v14, _ := g.Value() // $ source + sink(v14) // $ hasTaintFlow="v14" +} + +func gogf_TX(g gdb.TX) { + v1, _ := g.GetAll("SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.GetOne("SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" + + var v3 User + g.GetScan(&v3, "SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + var v4 User + g.GetStruct(&v4, "SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + var v5 []User // $ source + g.GetStructs(v5, "SELECT user from users") + sink(v5) // $ hasTaintFlow="v5" + + v6, _ := g.GetValue("SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.Query("SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" +} + +func gogf_Record_summary(g gdb.Core) { + record1, _ := g.GetOne("SELECT summary from records") // $ source + gmap := record1.GMap() + sink(gmap) // $ hasTaintFlow="gmap" + + record2, _ := g.GetOne("SELECT summary from records") // $ source + interface_ := record2.Interface() + sink(interface_) // $ hasTaintFlow="interface_" + + record3, _ := g.GetOne("SELECT summary from records") // $ source + json := record3.Json() + sink(json) // $ hasTaintFlow="json" + + record4, _ := g.GetOne("SELECT summary from records") // $ source + map_ := record4.Map() + sink(map_) // $ hasTaintFlow="map_" + + record5, _ := g.GetOne("SELECT summary from records") // $ source + var struct_ struct{} + record5.Struct(&struct_) + sink(struct_) // $ hasTaintFlow="struct_" + + record6, _ := g.GetOne("SELECT summary from records") // $ source + xml := record6.Xml() + sink(xml) // $ hasTaintFlow="xml" + + // Note: currently missing models for methods on return type of `GMap`, + // which is `StrAnyMap` from package "github.com/gogf/gf/container/gmap". +} + +func gogf_Result_summary(g gdb.Core) { + result1, _ := g.GetAll("SELECT summary from records") // $ source + array := result1.Array() + sink(array) // $ hasTaintFlow="array" + + result2, _ := g.GetAll("SELECT summary from records") // $ source + chunk := result2.Chunk(1) + sink(chunk) // $ hasTaintFlow="chunk" + + result3, _ := g.GetAll("SELECT summary from records") // $ source + interface_ := result3.Interface() + sink(interface_) // $ hasTaintFlow="interface_" + + result4, _ := g.GetAll("SELECT summary from records") // $ source + json := result4.Json() + sink(json) // $ hasTaintFlow="json" + + result5, _ := g.GetAll("SELECT summary from records") // $ source + list := result5.List() + sink(list) // $ hasTaintFlow="list" + + result6, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyint := result6.MapKeyInt("") + sink(mapkeyint) // $ hasTaintFlow="mapkeyint" + + result7, _ := g.GetAll("SELECT summary from records") // $ source + mapkeystr := result7.MapKeyStr("") + sink(mapkeystr) // $ hasTaintFlow="mapkeystr" + + result8, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyuint := result8.MapKeyUint("") + sink(mapkeyuint) // $ hasTaintFlow="mapkeyuint" + + result9, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyvalue := result9.MapKeyValue("") + sink(mapkeyvalue) // $ hasTaintFlow="mapkeyvalue" + + result10, _ := g.GetAll("SELECT summary from records") // $ source + recordkeyint := result10.RecordKeyInt("") + sink(recordkeyint) // $ hasTaintFlow="recordkeyint" + + result11, _ := g.GetAll("SELECT summary from records") // $ source + recordkeystr := result11.RecordKeyStr("") + sink(recordkeystr) // $ hasTaintFlow="recordkeystr" + + result12, _ := g.GetAll("SELECT summary from records") // $ source + recordkeyuint := result12.RecordKeyUint("") + sink(recordkeyuint) // $ hasTaintFlow="recordkeyuint" + + result13, _ := g.GetAll("SELECT summary from records") // $ source + var structslice1 []struct{} + result13.ScanList(&structslice1, "") + sink(structslice1) // $ hasTaintFlow="structslice1" + + result14, _ := g.GetAll("SELECT summary from records") // $ source + var structslice2 []struct{} + result14.Structs(&structslice2) + sink(structslice2) // $ hasTaintFlow="structslice2" - if err != nil { - return - } + result15, _ := g.GetAll("SELECT summary from records") // $ source + xml := result15.Xml() + sink(xml) // $ hasTaintFlow="xml" - fmt.Println(u1) + // Note: currently missing models for methods on the type `Var` from + // package "github.com/gogf/gf/container/gvar", which is involved in the + // return type of `Array` and `MapKeyValue`. } From 1687042c3be5d5a07e80c9465b0e4867cefb5ba8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 2 Apr 2025 14:06:29 +0100 Subject: [PATCH 185/409] Add Bun models and tests --- .../lib/ext/github.com.uptrace.bun.model.yml | 35 ++++---- go/ql/lib/go.qll | 1 + go/ql/lib/semmle/go/frameworks/Bun.qll | 90 +++++++++++++++++++ .../local/database/test_uptrace_bun.go | 77 ++++++++++++++++ 4 files changed, 186 insertions(+), 17 deletions(-) create mode 100644 go/ql/lib/semmle/go/frameworks/Bun.qll create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go diff --git a/go/ql/lib/ext/github.com.uptrace.bun.model.yml b/go/ql/lib/ext/github.com.uptrace.bun.model.yml index 6d56db783206..45af9c15a44c 100644 --- a/go/ql/lib/ext/github.com.uptrace.bun.model.yml +++ b/go/ql/lib/ext/github.com.uptrace.bun.model.yml @@ -3,24 +3,19 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/uptrace/bun", "AddColumnQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "CreateIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "CreateTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DeleteQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DropIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DropTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "InsertQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "MergeQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DB", True, "QueryRow", "", "", "ReturnValue", "database", "manual"] + - ["github.com/uptrace/bun", "IDB", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "IDB", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"] + # - ["github.com/uptrace/bun", "RawQuery", True, "Exec", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "SelectQuery", True, "Exec", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet - ["github.com/uptrace/bun", "SelectQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "TruncateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "UpdateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DeleteQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "InsertQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "MergeQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "TruncateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "UpdateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Rows", "", "", "ReturnValue[0]", "database", "manual"] + # - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[1]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "SelectQuery", True, "ScanAndCount", "", "", "Argument[1]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + - ["github.com/uptrace/bun", "Tx", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "Tx", True, "QueryRow", "", "", "ReturnValue", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel @@ -88,3 +83,9 @@ extensions: - ["github.com/uptrace/bun", "UpdateQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/uptrace/bun", "UpdateQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/uptrace/bun", "UpdateQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"] + # - addsTo: + # pack: codeql/go-all + # extensible: summaryModel + # data: + # - ["github.com/uptrace/bun", "DB", True, "ScanRow", "", "", "Argument[1]", "Argument[2].ArrayElement", "taint", "manual"] # Implemented in QL because variadic arguments as outputs aren't supported in this format yet + # - ["github.com/uptrace/bun", "DB", True, "ScanRows", "", "", "Argument[1]", "Argument[2].ArrayElement", "taint", "manual"] # Implemented in QL because variadic arguments as outputs aren't supported in this format yet diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll index 51ff4916e16f..16f2f1702faa 100644 --- a/go/ql/lib/go.qll +++ b/go/ql/lib/go.qll @@ -32,6 +32,7 @@ import semmle.go.frameworks.Afero import semmle.go.frameworks.AwsLambda import semmle.go.frameworks.Beego import semmle.go.frameworks.BeegoOrm +import semmle.go.frameworks.Bun import semmle.go.frameworks.RsCors import semmle.go.frameworks.Couchbase import semmle.go.frameworks.Echo diff --git a/go/ql/lib/semmle/go/frameworks/Bun.qll b/go/ql/lib/semmle/go/frameworks/Bun.qll new file mode 100644 index 000000000000..65c524f9fde7 --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Bun.qll @@ -0,0 +1,90 @@ +/** + * Provides classes modeling security-relevant aspects of the `Bun` package. + */ + +import go + +/** + * Provides classes modeling security-relevant aspects of the `Bun` package. + */ +private module Bun { + private string packagePath() { result = package("github.com/uptrace/bun", "") } + + private class RawQuerySources extends SourceNode { + RawQuerySources() { + // func (q *RawQuery) Exec(ctx context.Context, dest ...interface{}) (sql.Result, error) + // func (q *RawQuery) Scan(ctx context.Context, dest ...interface{}) error + exists(DataFlow::CallNode cn, int i | + cn.getTarget().(Method).hasQualifiedName(packagePath(), "RawQuery", ["Exec", "Scan"]) and + i >= 1 + | + this = cn.getSyntacticArgument(i) + ) + } + + override string getThreatModel() { result = "database" } + } + + private class SelectQuerySources extends SourceNode { + SelectQuerySources() { + // func (q *SelectQuery) Exec(ctx context.Context, dest ...interface{}) (res sql.Result, err error) + // func (q *SelectQuery) Scan(ctx context.Context, dest ...interface{}) error + // func (q *SelectQuery) ScanAndCount(ctx context.Context, dest ...interface{}) (int, error) + exists(DataFlow::CallNode cn, int i | + cn.getTarget() + .(Method) + .hasQualifiedName(packagePath(), "SelectQuery", ["Exec", "Scan", "ScanAndCount"]) and + i >= 1 + | + this = cn.getSyntacticArgument(i) + ) + } + + override string getThreatModel() { result = "database" } + } + + private class DBScanRows extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + DBScanRows() { + // func (db *DB) ScanRow(ctx context.Context, rows *sql.Rows, dest ...interface{}) error + // func (db *DB) ScanRows(ctx context.Context, rows *sql.Rows, dest ...interface{}) error + this.hasQualifiedName(packagePath(), "DB", ["ScanRow", "ScanRows"]) and + inp.isParameter(1) and + outp.isParameter(any(int i | i >= 2)) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + // private class BuilderScan extends TaintTracking::FunctionModel, Method { + // FunctionInput inp; + // FunctionOutput outp; + // BuilderScan() { + // // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error + // this.hasQualifiedName(packagePath(), + // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and + // inp.isReceiver() and + // outp.isParameter(_) + // } + // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + // input = inp and output = outp + // } + // } + // private class BuilderScanContext extends TaintTracking::FunctionModel, Method { + // FunctionInput inp; + // FunctionOutput outp; + // BuilderScanContext() { + // // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error + // this.hasQualifiedName(packagePath(), + // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and + // inp.isReceiver() and + // exists(int i | i > 0 | outp.isParameter(i)) + // } + // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + // input = inp and output = outp + // } + // } +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go new file mode 100644 index 000000000000..dc8b5c7e3662 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go @@ -0,0 +1,77 @@ +package test + +//go:generate depstubber -vendor github.com/uptrace/bun Conn,DB,RawQuery,SelectQuery,Tx + +import ( + "context" + + "github.com/uptrace/bun" +) + +func Test_bun_conn(conn bun.Conn) { + ctx := context.Background() + + rows1, _ := conn.QueryContext(ctx, "SELECT * FROM users") // $ source + conn.QueryRowContext(ctx, "SELECT * FROM users") // $ source + + ignore(rows1) +} + +func Test_bun_db(db bun.DB) { + ctx := context.Background() + + rows1, _ := db.Query("SELECT * FROM users") // $ source + + for rows1.Next() { + var user User + db.ScanRow(ctx, rows1, &user) + sink(user) // $ hasTaintFlow="user" + } + + rows2, _ := db.QueryContext(ctx, "SELECT * FROM users") // $ source + var users []User + + db.ScanRows(ctx, rows2, &users) + sink(users) // $ hasTaintFlow="users" + + db.QueryRow("SELECT * FROM users") // $ source + db.QueryRowContext(ctx, "SELECT * FROM users") // $ source +} + +func Test_bun_rawquery(q bun.RawQuery) { + ctx := context.Background() + + var u1 []User + q.Exec(ctx, &u1) // $ source + var u2 []User + q.Scan(ctx, &u2) // $ source +} + +func Test_bun_selectquery(q bun.SelectQuery) { + ctx := context.Background() + + rows, _ := q.Rows(ctx) // $ source + var u1 []User + q.Exec(ctx, &u1) // $ source + var u2 []User + q.Model(&u2).Scan(ctx) // $ source + var u3 map[string]interface{} + q.Scan(ctx, &u3) // $ source + var u4 []User + q.Model(&u4).ScanAndCount(ctx) // $ source + var u5 map[string]interface{} + q.ScanAndCount(ctx, &u5) // $ source + + ignore(rows) +} + +func Test_bun_tx(tx bun.Tx) { + ctx := context.Background() + + rows1, _ := tx.Query("SELECT * FROM users") // $ source + rows2, _ := tx.QueryContext(ctx, "SELECT * FROM users") // $ source + tx.QueryRow("SELECT * FROM users") // $ source + tx.QueryRowContext(ctx, "SELECT * FROM users") // $ source + + ignore(rows1, rows2) +} From ecd09edf6443286f703f0124659d45e8b049d8e7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 2 Apr 2025 14:15:58 +0100 Subject: [PATCH 186/409] Add stubs for gogf/gf and uptrace/bun --- .../flowsources/local/database/go.mod | 2 + .../github.com/gogf/gf/database/gdb/stub.go | 1175 +++++++ .../vendor/github.com/uptrace/bun/stub.go | 2763 +++++++++++++++++ .../local/database/vendor/modules.txt | 6 + 4 files changed, 3946 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 66d6a2e6ed8e..ade22aaf7647 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -7,9 +7,11 @@ require ( github.com/beego/beego/v2 v2.3.5 github.com/couchbase/gocb v1.6.7 github.com/couchbase/gocb/v2 v2.9.4 + github.com/gogf/gf v1.16.9 github.com/jmoiron/sqlx v1.4.0 github.com/Masterminds/squirrel v1.5.4 github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a + github.com/uptrace/bun v1.2.11 go.mongodb.org/mongo-driver v1.17.3 gorm.io/gorm v1.25.12 ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go new file mode 100644 index 000000000000..6554cbb324ae --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go @@ -0,0 +1,1175 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/gogf/gf/database/gdb, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/gogf/gf/database/gdb (exports: Core,DB,Model,TX,Record,Result; functions: ) + +// Package gdb is a stub of github.com/gogf/gf/database/gdb, generated by depstubber. +package gdb + +import ( + context "context" + sql "database/sql" + time "time" +) + +type ChunkHandler func(Result, error) bool + +type ConfigNode struct { + Host string + Port string + User string + Pass string + Name string + Type string + Link string + Role string + Debug bool + Prefix string + DryRun bool + Weight int + Charset string + Timezone string + MaxIdleConnCount int + MaxOpenConnCount int + MaxConnLifeTime time.Duration + QueryTimeout time.Duration + ExecTimeout time.Duration + TranTimeout time.Duration + PrepareTimeout time.Duration + CreatedAt string + UpdatedAt string + DeletedAt string + TimeMaintainDisabled bool + CtxStrict bool +} + +func (_ *ConfigNode) String() string { + return "" +} + +type Core struct{} + +func (_ *Core) Begin() (*TX, error) { + return nil, nil +} + +func (_ *Core) Close(_ context.Context) error { + return nil +} + +func (_ *Core) Ctx(_ context.Context) DB { + return nil +} + +func (_ *Core) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error) { + return "", nil, nil +} + +func (_ *Core) DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Core) DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error) { + return nil, nil +} + +func (_ *Core) DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Core) DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) GetAll(_ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Core) GetArray(_ string, _ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Core) GetCache() interface{} { + return nil +} + +func (_ *Core) GetChars() (string, string) { + return "", "" +} + +func (_ *Core) GetConfig() *ConfigNode { + return nil +} + +func (_ *Core) GetCore() *Core { + return nil +} + +func (_ *Core) GetCount(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Core) GetCtx() context.Context { + return nil +} + +func (_ *Core) GetCtxTimeout(_ int, _ context.Context) (context.Context, context.CancelFunc) { + return nil, nil +} + +func (_ *Core) GetDebug() bool { + return false +} + +func (_ *Core) GetDryRun() bool { + return false +} + +func (_ *Core) GetGroup() string { + return "" +} + +func (_ *Core) GetLogger() interface{} { + return nil +} + +func (_ *Core) GetOne(_ string, _ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Core) GetPrefix() string { + return "" +} + +func (_ *Core) GetScan(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetSchema() string { + return "" +} + +func (_ *Core) GetStruct(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetStructs(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetValue(_ string, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Core) HasTable(_ string) (bool, error) { + return false, nil +} + +func (_ *Core) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) { + return 0, nil +} + +func (_ *Core) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *Core) Master(_ ...string) (*sql.DB, error) { + return nil, nil +} + +func (_ *Core) MasterLink(_ ...string) (Link, error) { + return nil, nil +} + +func (_ *Core) Model(_ ...interface{}) *Model { + return nil +} + +func (_ *Core) PingMaster() error { + return nil +} + +func (_ *Core) PingSlave() error { + return nil +} + +func (_ *Core) Prepare(_ string, _ ...bool) (*Stmt, error) { + return nil, nil +} + +func (_ *Core) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Core) QuotePrefixTableName(_ string) string { + return "" +} + +func (_ *Core) QuoteString(_ string) string { + return "" +} + +func (_ *Core) QuoteWord(_ string) string { + return "" +} + +func (_ *Core) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Core) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Schema(_ string) *Schema { + return nil +} + +func (_ *Core) SetDebug(_ bool) {} + +func (_ *Core) SetDryRun(_ bool) {} + +func (_ *Core) SetLogger(_ interface{}) {} + +func (_ *Core) SetMaxConnLifeTime(_ time.Duration) {} + +func (_ *Core) SetMaxIdleConnCount(_ int) {} + +func (_ *Core) SetMaxOpenConnCount(_ int) {} + +func (_ *Core) SetSchema(_ string) {} + +func (_ *Core) Slave(_ ...string) (*sql.DB, error) { + return nil, nil +} + +func (_ *Core) SlaveLink(_ ...string) (Link, error) { + return nil, nil +} + +func (_ *Core) Table(_ ...interface{}) *Model { + return nil +} + +func (_ *Core) TableFields(_ string, _ ...string) (map[string]*TableField, error) { + return nil, nil +} + +func (_ *Core) Tables(_ ...string) ([]string, error) { + return nil, nil +} + +func (_ *Core) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *Core) Union(_ ...*Model) *Model { + return nil +} + +func (_ *Core) UnionAll(_ ...*Model) *Model { + return nil +} + +func (_ *Core) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) With(_ ...interface{}) *Model { + return nil +} + +type DB interface { + Begin() (*TX, error) + Close(_ context.Context) error + Ctx(_ context.Context) DB + Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) + DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error) + DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error) + DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error) + DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error) + DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error) + DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error) + DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error) + DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error) + Exec(_ string, _ ...interface{}) (sql.Result, error) + FilteredLink() string + GetAll(_ string, _ ...interface{}) (Result, error) + GetArray(_ string, _ ...interface{}) ([]interface{}, error) + GetCache() interface{} + GetChars() (string, string) + GetConfig() *ConfigNode + GetCore() *Core + GetCount(_ string, _ ...interface{}) (int, error) + GetCtx() context.Context + GetDebug() bool + GetDryRun() bool + GetGroup() string + GetLogger() interface{} + GetOne(_ string, _ ...interface{}) (Record, error) + GetPrefix() string + GetScan(_ interface{}, _ string, _ ...interface{}) error + GetSchema() string + GetValue(_ string, _ ...interface{}) (interface{}, error) + Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) + InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) + InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) + Master(_ ...string) (*sql.DB, error) + Model(_ ...interface{}) *Model + Open(_ *ConfigNode) (*sql.DB, error) + PingMaster() error + PingSlave() error + Prepare(_ string, _ ...bool) (*Stmt, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + Raw(_ string, _ ...interface{}) *Model + Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) + Save(_ string, _ interface{}, _ ...int) (sql.Result, error) + Schema(_ string) *Schema + SetDebug(_ bool) + SetDryRun(_ bool) + SetLogger(_ interface{}) + SetMaxConnLifeTime(_ time.Duration) + SetMaxIdleConnCount(_ int) + SetMaxOpenConnCount(_ int) + SetSchema(_ string) + Slave(_ ...string) (*sql.DB, error) + Table(_ ...interface{}) *Model + TableFields(_ context.Context, _ string, _ ...string) (map[string]*TableField, error) + Tables(_ context.Context, _ ...string) ([]string, error) + Transaction(_ context.Context, _ func(context.Context, *TX) error) error + Union(_ ...*Model) *Model + UnionAll(_ ...*Model) *Model + Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) + With(_ ...interface{}) *Model +} + +type DoInsertOption struct { + OnDuplicateStr string + OnDuplicateMap map[string]interface{} + InsertOption int + BatchCount int +} + +type Link interface { + Exec(_ string, _ ...interface{}) (sql.Result, error) + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + IsTransaction() bool + Prepare(_ string) (*sql.Stmt, error) + PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) +} + +type Model struct{} + +func (_ *Model) All(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) And(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Args(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) Array(_ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Model) As(_ string) *Model { + return nil +} + +func (_ *Model) Avg(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Batch(_ int) *Model { + return nil +} + +func (_ *Model) Cache(_ time.Duration, _ ...string) *Model { + return nil +} + +func (_ *Model) Chunk(_ int, _ ChunkHandler) {} + +func (_ *Model) Clone() *Model { + return nil +} + +func (_ *Model) Count(_ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Model) CountColumn(_ string) (int, error) { + return 0, nil +} + +func (_ *Model) Ctx(_ context.Context) *Model { + return nil +} + +func (_ *Model) DB(_ DB) *Model { + return nil +} + +func (_ *Model) Data(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) Decrement(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Delete(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Distinct() *Model { + return nil +} + +func (_ *Model) FieldAvg(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldCount(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldMax(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldMin(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldSum(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) Fields(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) FieldsEx(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) FieldsExStr(_ string, _ ...string) string { + return "" +} + +func (_ *Model) FieldsStr(_ ...string) string { + return "" +} + +func (_ *Model) Filter() *Model { + return nil +} + +func (_ *Model) FindAll(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) FindArray(_ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Model) FindCount(_ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Model) FindOne(_ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Model) FindScan(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) FindValue(_ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Model) ForPage(_ int, _ int) *Model { + return nil +} + +func (_ *Model) GetCtx() context.Context { + return nil +} + +func (_ *Model) GetFieldsExStr(_ string, _ ...string) string { + return "" +} + +func (_ *Model) GetFieldsStr(_ ...string) string { + return "" +} + +func (_ *Model) Group(_ ...string) *Model { + return nil +} + +func (_ *Model) GroupBy(_ string) *Model { + return nil +} + +func (_ *Model) Handler(_ ...ModelHandler) *Model { + return nil +} + +func (_ *Model) HasField(_ string) (bool, error) { + return false, nil +} + +func (_ *Model) Having(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Increment(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) InnerJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Insert(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) InsertAndGetId(_ ...interface{}) (int64, error) { + return 0, nil +} + +func (_ *Model) InsertIgnore(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) LeftJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Limit(_ ...int) *Model { + return nil +} + +func (_ *Model) LockShared() *Model { + return nil +} + +func (_ *Model) LockUpdate() *Model { + return nil +} + +func (_ *Model) Master() *Model { + return nil +} + +func (_ *Model) Max(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Min(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Offset(_ int) *Model { + return nil +} + +func (_ *Model) OmitEmpty() *Model { + return nil +} + +func (_ *Model) OmitEmptyData() *Model { + return nil +} + +func (_ *Model) OmitEmptyWhere() *Model { + return nil +} + +func (_ *Model) OmitNil() *Model { + return nil +} + +func (_ *Model) OmitNilData() *Model { + return nil +} + +func (_ *Model) OmitNilWhere() *Model { + return nil +} + +func (_ *Model) OnDuplicate(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) OnDuplicateEx(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) One(_ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Model) Option(_ int) *Model { + return nil +} + +func (_ *Model) Or(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Order(_ ...string) *Model { + return nil +} + +func (_ *Model) OrderAsc(_ string) *Model { + return nil +} + +func (_ *Model) OrderBy(_ string) *Model { + return nil +} + +func (_ *Model) OrderDesc(_ string) *Model { + return nil +} + +func (_ *Model) OrderRandom() *Model { + return nil +} + +func (_ *Model) Page(_ int, _ int) *Model { + return nil +} + +func (_ *Model) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Replace(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) RightJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Safe(_ ...bool) *Model { + return nil +} + +func (_ *Model) Save(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Scan(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) ScanList(_ interface{}, _ string, _ ...string) error { + return nil +} + +func (_ *Model) Schema(_ string) *Model { + return nil +} + +func (_ *Model) Select(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) Slave() *Model { + return nil +} + +func (_ *Model) Struct(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) Structs(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) Sum(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) TX(_ *TX) *Model { + return nil +} + +func (_ *Model) TableFields(_ string, _ ...string) (map[string]*TableField, error) { + return nil, nil +} + +func (_ *Model) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *Model) Union(_ ...*Model) *Model { + return nil +} + +func (_ *Model) UnionAll(_ ...*Model) *Model { + return nil +} + +func (_ *Model) Unscoped() *Model { + return nil +} + +func (_ *Model) Update(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Value(_ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Model) Where(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WhereBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereGT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereGTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNot(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOr(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrGT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrGTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOrNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOrf(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WherePri(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Wheref(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) With(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) WithAll() *Model { + return nil +} + +type ModelHandler func(*Model) *Model + +type Record map[string]interface{} + +func (_ Record) GMap() interface{} { + return nil +} + +func (_ Record) Interface() interface{} { + return nil +} + +func (_ Record) IsEmpty() bool { + return false +} + +func (_ Record) Json() string { + return "" +} + +func (_ Record) Map() map[string]interface{} { + return nil +} + +func (_ Record) Struct(_ interface{}) error { + return nil +} + +func (_ Record) Xml(_ ...string) string { + return "" +} + +type Result []Record + +func (_ Result) Array(_ ...string) []interface{} { + return nil +} + +func (_ Result) Chunk(_ int) []Result { + return nil +} + +func (_ Result) Interface() interface{} { + return nil +} + +func (_ Result) IsEmpty() bool { + return false +} + +func (_ Result) Json() string { + return "" +} + +func (_ Result) Len() int { + return 0 +} + +func (_ Result) List() []map[string]interface{} { + return nil +} + +func (_ Result) MapKeyInt(_ string) map[int]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyStr(_ string) map[string]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyUint(_ string) map[uint]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyValue(_ string) map[string]interface{} { + return nil +} + +func (_ Result) RecordKeyInt(_ string) map[int]Record { + return nil +} + +func (_ Result) RecordKeyStr(_ string) map[string]Record { + return nil +} + +func (_ Result) RecordKeyUint(_ string) map[uint]Record { + return nil +} + +func (_ Result) ScanList(_ interface{}, _ string, _ ...string) error { + return nil +} + +func (_ Result) Size() int { + return 0 +} + +func (_ Result) Structs(_ interface{}) error { + return nil +} + +func (_ Result) Xml(_ ...string) string { + return "" +} + +type Schema struct{} + +func (_ *Schema) Model(_ string) *Model { + return nil +} + +func (_ *Schema) Table(_ string) *Model { + return nil +} + +type Stmt struct { + *sql.Stmt +} + +func (_ *Stmt) Close() error { + return nil +} + +func (_ *Stmt) Exec(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Stmt) ExecContext(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Stmt) Query(_ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Stmt) QueryContext(_ context.Context, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Stmt) QueryRow(_ ...interface{}) *sql.Row { + return nil +} + +func (_ *Stmt) QueryRowContext(_ context.Context, _ ...interface{}) *sql.Row { + return nil +} + +type TX struct{} + +func (_ *TX) Begin() error { + return nil +} + +func (_ *TX) Commit() error { + return nil +} + +func (_ *TX) Ctx(_ context.Context) *TX { + return nil +} + +func (_ *TX) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) GetAll(_ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *TX) GetCount(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *TX) GetOne(_ string, _ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *TX) GetScan(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetStruct(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetStructs(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetValue(_ string, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *TX) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) { + return 0, nil +} + +func (_ *TX) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) IsClosed() bool { + return false +} + +func (_ *TX) Model(_ ...interface{}) *Model { + return nil +} + +func (_ *TX) Prepare(_ string) (*Stmt, error) { + return nil, nil +} + +func (_ *TX) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *TX) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *TX) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) Rollback() error { + return nil +} + +func (_ *TX) RollbackTo(_ string) error { + return nil +} + +func (_ *TX) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) SavePoint(_ string) error { + return nil +} + +func (_ *TX) Schema(_ string) *Schema { + return nil +} + +func (_ *TX) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *TX) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) With(_ interface{}) *Model { + return nil +} + +type TableField struct { + Index int + Name string + Type string + Null bool + Key string + Default interface{} + Extra string + Comment string +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go new file mode 100644 index 000000000000..4500c8209586 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go @@ -0,0 +1,2763 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/uptrace/bun, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/uptrace/bun (exports: Conn,DB,RawQuery,SelectQuery,Tx; functions: ) + +// Package bun is a stub of github.com/uptrace/bun, generated by depstubber. +package bun + +import ( + context "context" + sql "database/sql" + driver "database/sql/driver" + reflect "reflect" + time "time" +) + +type AddColumnQuery struct{} + +func (_ *AddColumnQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *AddColumnQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *AddColumnQuery) Apply(_ ...func(*AddColumnQuery) *AddColumnQuery) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) ColumnExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Comment(_ string) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Conn(_ IConn) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) DB() *DB { + return nil +} + +func (_ *AddColumnQuery) Dialect() interface{} { + return nil +} + +func (_ *AddColumnQuery) Err(_ error) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *AddColumnQuery) GetModel() interface{} { + return nil +} + +func (_ *AddColumnQuery) GetTableName() string { + return "" +} + +func (_ *AddColumnQuery) IfNotExists() *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Model(_ interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) ModelTableExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *AddColumnQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *AddColumnQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *AddColumnQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *AddColumnQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *AddColumnQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *AddColumnQuery) Operation() string { + return "" +} + +func (_ *AddColumnQuery) Table(_ ...string) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) TableExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +type Conn struct { + *sql.Conn +} + +func (_ Conn) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ Conn) Close() error { + return nil +} + +func (_ Conn) Dialect() interface{} { + return nil +} + +func (_ Conn) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Conn) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ Conn) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ Conn) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ Conn) NewDelete() *DeleteQuery { + return nil +} + +func (_ Conn) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ Conn) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ Conn) NewDropTable() *DropTableQuery { + return nil +} + +func (_ Conn) NewInsert() *InsertQuery { + return nil +} + +func (_ Conn) NewMerge() *MergeQuery { + return nil +} + +func (_ Conn) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ Conn) NewSelect() *SelectQuery { + return nil +} + +func (_ Conn) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ Conn) NewUpdate() *UpdateQuery { + return nil +} + +func (_ Conn) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ Conn) PingContext(_ context.Context) error { + return nil +} + +func (_ Conn) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Conn) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Conn) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Conn) Raw(_ func(interface{}) error) error { + return nil +} + +func (_ Conn) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +type CreateIndexQuery struct{} + +func (_ *CreateIndexQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *CreateIndexQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *CreateIndexQuery) Column(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ColumnExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Comment(_ string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Concurrently() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Conn(_ IConn) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) DB() *DB { + return nil +} + +func (_ *CreateIndexQuery) Dialect() interface{} { + return nil +} + +func (_ *CreateIndexQuery) Err(_ error) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ExcludeColumn(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *CreateIndexQuery) GetModel() interface{} { + return nil +} + +func (_ *CreateIndexQuery) GetTableName() string { + return "" +} + +func (_ *CreateIndexQuery) IfNotExists() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Include(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) IncludeExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Index(_ string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) IndexExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Model(_ interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ModelTableExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *CreateIndexQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *CreateIndexQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *CreateIndexQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *CreateIndexQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *CreateIndexQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *CreateIndexQuery) Operation() string { + return "" +} + +func (_ *CreateIndexQuery) Table(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) TableExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Unique() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Using(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Where(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) WhereOr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +type CreateTableQuery struct{} + +func (_ *CreateTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *CreateTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *CreateTableQuery) ColumnExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Comment(_ string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Conn(_ IConn) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) DB() *DB { + return nil +} + +func (_ *CreateTableQuery) Dialect() interface{} { + return nil +} + +func (_ *CreateTableQuery) Err(_ error) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *CreateTableQuery) ForeignKey(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) GetModel() interface{} { + return nil +} + +func (_ *CreateTableQuery) GetTableName() string { + return "" +} + +func (_ *CreateTableQuery) IfNotExists() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Model(_ interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) ModelTableExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *CreateTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *CreateTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *CreateTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *CreateTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *CreateTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *CreateTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *CreateTableQuery) Operation() string { + return "" +} + +func (_ *CreateTableQuery) PartitionBy(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) String() string { + return "" +} + +func (_ *CreateTableQuery) Table(_ ...string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) TableExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) TableSpace(_ string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Temp() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Varchar(_ int) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) WithForeignKeys() *CreateTableQuery { + return nil +} + +type DB struct{} + +func (_ DB) Driver() driver.Driver { + return nil +} + +func (_ DB) Ping() error { + return nil +} + +func (_ DB) PingContext(_ context.Context) error { + return nil +} + +func (_ DB) SetConnMaxIdleTime(_ time.Duration) {} + +func (_ DB) SetConnMaxLifetime(_ time.Duration) {} + +func (_ DB) SetMaxIdleConns(_ int) {} + +func (_ DB) SetMaxOpenConns(_ int) {} + +func (_ DB) Stats() sql.DBStats { + return sql.DBStats{} +} + +func (_ *DB) AddQueryHook(_ QueryHook) {} + +func (_ *DB) Begin() (Tx, error) { + return Tx{}, nil +} + +func (_ *DB) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ *DB) Close() error { + return nil +} + +func (_ *DB) Conn(_ context.Context) (Conn, error) { + return Conn{}, nil +} + +func (_ *DB) DBStats() DBStats { + return DBStats{} +} + +func (_ *DB) Dialect() interface{} { + return nil +} + +func (_ *DB) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) Formatter() interface{} { + return nil +} + +func (_ *DB) HasFeature(_ interface{}) bool { + return false +} + +func (_ *DB) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DB) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DB) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DB) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DB) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DB) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DB) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DB) NewInsert() *InsertQuery { + return nil +} + +func (_ *DB) NewMerge() *MergeQuery { + return nil +} + +func (_ *DB) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DB) NewSelect() *SelectQuery { + return nil +} + +func (_ *DB) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DB) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DB) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DB) Prepare(_ string) (Stmt, error) { + return Stmt{}, nil +} + +func (_ *DB) PrepareContext(_ context.Context, _ string) (Stmt, error) { + return Stmt{}, nil +} + +func (_ *DB) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *DB) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *DB) QueryRow(_ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ *DB) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ *DB) RegisterModel(_ ...interface{}) {} + +func (_ *DB) ResetModel(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *DB) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +func (_ *DB) ScanRow(_ context.Context, _ *sql.Rows, _ ...interface{}) error { + return nil +} + +func (_ *DB) ScanRows(_ context.Context, _ *sql.Rows, _ ...interface{}) error { + return nil +} + +func (_ *DB) String() string { + return "" +} + +func (_ *DB) Table(_ reflect.Type) interface{} { + return nil +} + +func (_ *DB) UpdateFQN(_ string, _ string) interface{} { + return nil +} + +func (_ *DB) WithNamedArg(_ string, _ interface{}) *DB { + return nil +} + +type DBStats struct { + Queries uint32 + Errors uint32 +} + +type DeleteQuery struct{} + +func (_ *DeleteQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DeleteQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DeleteQuery) Apply(_ ...func(*DeleteQuery) *DeleteQuery) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Comment(_ string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Conn(_ IConn) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) DB() *DB { + return nil +} + +func (_ *DeleteQuery) Dialect() interface{} { + return nil +} + +func (_ *DeleteQuery) Err(_ error) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DeleteQuery) ForceDelete() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) GetModel() interface{} { + return nil +} + +func (_ *DeleteQuery) GetTableName() string { + return "" +} + +func (_ *DeleteQuery) Limit(_ int) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Model(_ interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) ModelTableExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DeleteQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DeleteQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DeleteQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DeleteQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DeleteQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DeleteQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DeleteQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DeleteQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DeleteQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DeleteQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DeleteQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DeleteQuery) Operation() string { + return "" +} + +func (_ *DeleteQuery) Order(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) OrderExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *DeleteQuery) Returning(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *DeleteQuery) String() string { + return "" +} + +func (_ *DeleteQuery) Table(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) TableExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Where(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereAllWithDeleted() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereDeleted() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereGroup(_ string, _ func(*DeleteQuery) *DeleteQuery) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereOr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WherePK(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) With(_ string, _ interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WithRecursive(_ string, _ interface{}) *DeleteQuery { + return nil +} + +type DropColumnQuery struct{} + +func (_ *DropColumnQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropColumnQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropColumnQuery) Apply(_ ...func(*DropColumnQuery) *DropColumnQuery) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Column(_ ...string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) ColumnExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Comment(_ string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Conn(_ IConn) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) DB() *DB { + return nil +} + +func (_ *DropColumnQuery) Dialect() interface{} { + return nil +} + +func (_ *DropColumnQuery) Err(_ error) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropColumnQuery) GetModel() interface{} { + return nil +} + +func (_ *DropColumnQuery) GetTableName() string { + return "" +} + +func (_ *DropColumnQuery) Model(_ interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) ModelTableExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropColumnQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropColumnQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropColumnQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropColumnQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropColumnQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropColumnQuery) Operation() string { + return "" +} + +func (_ *DropColumnQuery) Table(_ ...string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) TableExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +type DropIndexQuery struct{} + +func (_ *DropIndexQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropIndexQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropIndexQuery) Cascade() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Comment(_ string) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Concurrently() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Conn(_ IConn) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) DB() *DB { + return nil +} + +func (_ *DropIndexQuery) Dialect() interface{} { + return nil +} + +func (_ *DropIndexQuery) Err(_ error) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropIndexQuery) GetModel() interface{} { + return nil +} + +func (_ *DropIndexQuery) GetTableName() string { + return "" +} + +func (_ *DropIndexQuery) IfExists() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Index(_ string, _ ...interface{}) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Model(_ interface{}) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropIndexQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropIndexQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropIndexQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropIndexQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropIndexQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropIndexQuery) Operation() string { + return "" +} + +func (_ *DropIndexQuery) Restrict() *DropIndexQuery { + return nil +} + +type DropTableQuery struct{} + +func (_ *DropTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropTableQuery) Cascade() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Comment(_ string) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Conn(_ IConn) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) DB() *DB { + return nil +} + +func (_ *DropTableQuery) Dialect() interface{} { + return nil +} + +func (_ *DropTableQuery) Err(_ error) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropTableQuery) GetModel() interface{} { + return nil +} + +func (_ *DropTableQuery) GetTableName() string { + return "" +} + +func (_ *DropTableQuery) IfExists() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Model(_ interface{}) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) ModelTableExpr(_ string, _ ...interface{}) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropTableQuery) Operation() string { + return "" +} + +func (_ *DropTableQuery) Restrict() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) String() string { + return "" +} + +func (_ *DropTableQuery) Table(_ ...string) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) TableExpr(_ string, _ ...interface{}) *DropTableQuery { + return nil +} + +type IConn interface { + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row +} + +type InsertQuery struct{} + +func (_ *InsertQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *InsertQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *InsertQuery) Apply(_ ...func(*InsertQuery) *InsertQuery) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Column(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ColumnExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Comment(_ string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Conn(_ IConn) *InsertQuery { + return nil +} + +func (_ *InsertQuery) DB() *DB { + return nil +} + +func (_ *InsertQuery) Dialect() interface{} { + return nil +} + +func (_ *InsertQuery) Err(_ error) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ExcludeColumn(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *InsertQuery) GetModel() interface{} { + return nil +} + +func (_ *InsertQuery) GetTableName() string { + return "" +} + +func (_ *InsertQuery) Ignore() *InsertQuery { + return nil +} + +func (_ *InsertQuery) Model(_ interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ModelTableExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *InsertQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *InsertQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *InsertQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *InsertQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *InsertQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *InsertQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *InsertQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *InsertQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *InsertQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *InsertQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *InsertQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *InsertQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *InsertQuery) On(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Operation() string { + return "" +} + +func (_ *InsertQuery) Replace() *InsertQuery { + return nil +} + +func (_ *InsertQuery) Returning(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *InsertQuery) Set(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) String() string { + return "" +} + +func (_ *InsertQuery) Table(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) TableExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Value(_ string, _ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Where(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) WhereOr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) With(_ string, _ interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) WithRecursive(_ string, _ interface{}) *InsertQuery { + return nil +} + +type MergeQuery struct{} + +func (_ *MergeQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *MergeQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *MergeQuery) Apply(_ ...func(*MergeQuery) *MergeQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Comment(_ string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Conn(_ IConn) *MergeQuery { + return nil +} + +func (_ *MergeQuery) DB() *DB { + return nil +} + +func (_ *MergeQuery) Dialect() interface{} { + return nil +} + +func (_ *MergeQuery) Err(_ error) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *MergeQuery) GetModel() interface{} { + return nil +} + +func (_ *MergeQuery) GetTableName() string { + return "" +} + +func (_ *MergeQuery) Model(_ interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) ModelTableExpr(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *MergeQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *MergeQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *MergeQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *MergeQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *MergeQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *MergeQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *MergeQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *MergeQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *MergeQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *MergeQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *MergeQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *MergeQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *MergeQuery) On(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Operation() string { + return "" +} + +func (_ *MergeQuery) Returning(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *MergeQuery) String() string { + return "" +} + +func (_ *MergeQuery) Table(_ ...string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) TableExpr(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Using(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) When(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenDelete(_ string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenInsert(_ string, _ func(*InsertQuery) *InsertQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenUpdate(_ string, _ func(*UpdateQuery) *UpdateQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) With(_ string, _ interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WithRecursive(_ string, _ interface{}) *MergeQuery { + return nil +} + +type QueryBuilder interface { + AppendQuery(_ interface{}, _ []byte) ([]byte, error) + GetModel() interface{} + GetTableName() string + Operation() string + Unwrap() interface{} + Where(_ string, _ ...interface{}) QueryBuilder + WhereAllWithDeleted() QueryBuilder + WhereDeleted() QueryBuilder + WhereGroup(_ string, _ func(QueryBuilder) QueryBuilder) QueryBuilder + WhereOr(_ string, _ ...interface{}) QueryBuilder + WherePK(_ ...string) QueryBuilder +} + +type QueryEvent struct { + DB *DB + QueryAppender interface{} + IQuery interface{} + Query string + QueryTemplate string + QueryArgs []interface{} + Model interface{} + StartTime time.Time + Result sql.Result + Err error + Stash map[interface{}]interface{} +} + +func (_ *QueryEvent) Operation() string { + return "" +} + +type QueryHook interface { + AfterQuery(_ context.Context, _ *QueryEvent) + BeforeQuery(_ context.Context, _ *QueryEvent) context.Context +} + +type RawQuery struct{} + +func (_ *RawQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *RawQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *RawQuery) Comment(_ string) *RawQuery { + return nil +} + +func (_ *RawQuery) Conn(_ IConn) *RawQuery { + return nil +} + +func (_ *RawQuery) DB() *DB { + return nil +} + +func (_ *RawQuery) Dialect() interface{} { + return nil +} + +func (_ *RawQuery) Err(_ error) *RawQuery { + return nil +} + +func (_ *RawQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *RawQuery) GetModel() interface{} { + return nil +} + +func (_ *RawQuery) GetTableName() string { + return "" +} + +func (_ *RawQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *RawQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *RawQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *RawQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *RawQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *RawQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *RawQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *RawQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *RawQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *RawQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *RawQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *RawQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *RawQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *RawQuery) Operation() string { + return "" +} + +func (_ *RawQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *RawQuery) String() string { + return "" +} + +type RelationOpts struct { + Apply func(*SelectQuery) *SelectQuery + AdditionalJoinOnConditions []interface{} +} + +type SelectQuery struct{} + +func (_ *SelectQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *SelectQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *SelectQuery) Apply(_ ...func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Clone() *SelectQuery { + return nil +} + +func (_ *SelectQuery) Column(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ColumnExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Comment(_ string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Conn(_ IConn) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Count(_ context.Context) (int, error) { + return 0, nil +} + +func (_ *SelectQuery) DB() *DB { + return nil +} + +func (_ *SelectQuery) Dialect() interface{} { + return nil +} + +func (_ *SelectQuery) Distinct() *SelectQuery { + return nil +} + +func (_ *SelectQuery) DistinctOn(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Err(_ error) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Except(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ExceptAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ExcludeColumn(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *SelectQuery) Exists(_ context.Context) (bool, error) { + return false, nil +} + +func (_ *SelectQuery) For(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) GetModel() interface{} { + return nil +} + +func (_ *SelectQuery) GetTableName() string { + return "" +} + +func (_ *SelectQuery) Group(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) GroupExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Having(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Intersect(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IntersectAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Join(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) JoinOn(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) JoinOnOr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Limit(_ int) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Model(_ interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ModelTableExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *SelectQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *SelectQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *SelectQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *SelectQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *SelectQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *SelectQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *SelectQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *SelectQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *SelectQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *SelectQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *SelectQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *SelectQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *SelectQuery) Offset(_ int) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Operation() string { + return "" +} + +func (_ *SelectQuery) Order(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) OrderExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *SelectQuery) Relation(_ string, _ ...func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) RelationWithOpts(_ string, _ RelationOpts) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Rows(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ *SelectQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *SelectQuery) ScanAndCount(_ context.Context, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *SelectQuery) String() string { + return "" +} + +func (_ *SelectQuery) Table(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) TableExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Union(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UnionAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Where(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereAllWithDeleted() *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereDeleted() *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereGroup(_ string, _ func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereOr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WherePK(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) With(_ string, _ interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WithRecursive(_ string, _ interface{}) *SelectQuery { + return nil +} + +type Stmt struct { + *sql.Stmt +} + +func (_ Stmt) Close() error { + return nil +} + +func (_ Stmt) Exec(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Stmt) ExecContext(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Stmt) Query(_ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Stmt) QueryContext(_ context.Context, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Stmt) QueryRow(_ ...interface{}) *sql.Row { + return nil +} + +func (_ Stmt) QueryRowContext(_ context.Context, _ ...interface{}) *sql.Row { + return nil +} + +type TruncateTableQuery struct{} + +func (_ *TruncateTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *TruncateTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *TruncateTableQuery) Cascade() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Comment(_ string) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Conn(_ IConn) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) ContinueIdentity() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) DB() *DB { + return nil +} + +func (_ *TruncateTableQuery) Dialect() interface{} { + return nil +} + +func (_ *TruncateTableQuery) Err(_ error) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TruncateTableQuery) GetModel() interface{} { + return nil +} + +func (_ *TruncateTableQuery) GetTableName() string { + return "" +} + +func (_ *TruncateTableQuery) Model(_ interface{}) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) ModelTableExpr(_ string, _ ...interface{}) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *TruncateTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *TruncateTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *TruncateTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *TruncateTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *TruncateTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *TruncateTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *TruncateTableQuery) Operation() string { + return "" +} + +func (_ *TruncateTableQuery) Restrict() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Table(_ ...string) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) TableExpr(_ string, _ ...interface{}) *TruncateTableQuery { + return nil +} + +type Tx struct { + *sql.Tx +} + +func (_ Tx) Begin() (Tx, error) { + return Tx{}, nil +} + +func (_ Tx) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ Tx) Commit() error { + return nil +} + +func (_ Tx) Dialect() interface{} { + return nil +} + +func (_ Tx) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Tx) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Tx) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ Tx) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ Tx) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ Tx) NewDelete() *DeleteQuery { + return nil +} + +func (_ Tx) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ Tx) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ Tx) NewDropTable() *DropTableQuery { + return nil +} + +func (_ Tx) NewInsert() *InsertQuery { + return nil +} + +func (_ Tx) NewMerge() *MergeQuery { + return nil +} + +func (_ Tx) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ Tx) NewSelect() *SelectQuery { + return nil +} + +func (_ Tx) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ Tx) NewUpdate() *UpdateQuery { + return nil +} + +func (_ Tx) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ Tx) Prepare(_ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Tx) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Tx) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Tx) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Tx) QueryRow(_ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Tx) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Tx) Rollback() error { + return nil +} + +func (_ Tx) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +func (_ Tx) Stmt(_ *sql.Stmt) *sql.Stmt { + return nil +} + +func (_ Tx) StmtContext(_ context.Context, _ *sql.Stmt) *sql.Stmt { + return nil +} + +type UpdateQuery struct{} + +func (_ *UpdateQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *UpdateQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *UpdateQuery) Apply(_ ...func(*UpdateQuery) *UpdateQuery) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Bulk() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Column(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Comment(_ string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Conn(_ IConn) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) DB() *DB { + return nil +} + +func (_ *UpdateQuery) Dialect() interface{} { + return nil +} + +func (_ *UpdateQuery) Err(_ error) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ExcludeColumn(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *UpdateQuery) FQN(_ string) interface{} { + return nil +} + +func (_ *UpdateQuery) ForceIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) GetModel() interface{} { + return nil +} + +func (_ *UpdateQuery) GetTableName() string { + return "" +} + +func (_ *UpdateQuery) IgnoreIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Join(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) JoinOn(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) JoinOnOr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Limit(_ int) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Model(_ interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ModelTableExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *UpdateQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *UpdateQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *UpdateQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *UpdateQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *UpdateQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *UpdateQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *UpdateQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *UpdateQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *UpdateQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *UpdateQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *UpdateQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *UpdateQuery) OmitZero() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Operation() string { + return "" +} + +func (_ *UpdateQuery) Order(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) OrderExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *UpdateQuery) Returning(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *UpdateQuery) Set(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) SetColumn(_ string, _ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) String() string { + return "" +} + +func (_ *UpdateQuery) Table(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) TableExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) UseIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Value(_ string, _ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Where(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereAllWithDeleted() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereDeleted() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereGroup(_ string, _ func(*UpdateQuery) *UpdateQuery) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereOr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WherePK(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) With(_ string, _ interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WithRecursive(_ string, _ interface{}) *UpdateQuery { + return nil +} + +type ValuesQuery struct{} + +func (_ *ValuesQuery) AppendColumns(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *ValuesQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *ValuesQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *ValuesQuery) Column(_ ...string) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Comment(_ string) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Conn(_ IConn) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) DB() *DB { + return nil +} + +func (_ *ValuesQuery) Dialect() interface{} { + return nil +} + +func (_ *ValuesQuery) Err(_ error) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) GetModel() interface{} { + return nil +} + +func (_ *ValuesQuery) GetTableName() string { + return "" +} + +func (_ *ValuesQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *ValuesQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *ValuesQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *ValuesQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *ValuesQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *ValuesQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *ValuesQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *ValuesQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *ValuesQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *ValuesQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *ValuesQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *ValuesQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *ValuesQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Operation() string { + return "" +} + +func (_ *ValuesQuery) Value(_ string, _ string, _ ...interface{}) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) WithOrder() *ValuesQuery { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index bba2801e9c33..0b90dd899e32 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -10,6 +10,9 @@ github.com/couchbase/gocb # github.com/couchbase/gocb/v2 v2.9.4 ## explicit github.com/couchbase/gocb/v2 +# github.com/gogf/gf v1.16.9 +## explicit +github.com/gogf/gf/database/gdb # github.com/jmoiron/sqlx v1.4.0 ## explicit github.com/jmoiron/sqlx @@ -19,6 +22,9 @@ github.com/Masterminds/squirrel # github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a ## explicit github.com/rqlite/gorqlite +# github.com/uptrace/bun v1.2.11 +## explicit +github.com/uptrace/bun # go.mongodb.org/mongo-driver v1.17.3 ## explicit go.mongodb.org/mongo-driver/mongo From 14a84c3209702151076e8267bff66c8eb3a242ce Mon Sep 17 00:00:00 2001 From: idrissrio Date: Wed, 2 Apr 2025 15:20:06 +0200 Subject: [PATCH 187/409] C++: update expected test results after extractor changes --- cpp/ql/test/library-tests/specifiers2/specifiers2.expected | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/specifiers2/specifiers2.expected b/cpp/ql/test/library-tests/specifiers2/specifiers2.expected index c0259eb09019..d2af0d309e87 100644 --- a/cpp/ql/test/library-tests/specifiers2/specifiers2.expected +++ b/cpp/ql/test/library-tests/specifiers2/specifiers2.expected @@ -27,7 +27,7 @@ | Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public | | Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public | | Function | cpp20.cpp:64:5:64:21 | TestExplicitBool4 | TestExplicitBool4 | explicit, extern, public | -| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit, has_trailing_return_type | +| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit | | Function | file://:0:0:0:0 | operator delete | operator delete | extern | | Function | file://:0:0:0:0 | operator new | operator new | extern | | Function | specifiers2.c:11:6:11:6 | f | f | c_linkage, extern | @@ -67,6 +67,8 @@ | Function | specifiers2pp.cpp:63:19:63:34 | member_constexpr | member_constexpr | const, declared_constexpr, inline, is_constexpr, private | | Function | specifiers2pp.cpp:64:19:64:40 | member_const_constexpr | member_const_constexpr | const, declared_constexpr, inline, is_constexpr, private | | FunctionDeclarationEntry | cpp20.cpp:11:14:11:24 | declaration of TestExplict | TestExplict | explicit | +| FunctionDeclarationEntry | cpp20.cpp:23:1:23:1 | declaration of TestExplicitBool | TestExplicitBool | has_trailing_return_type | +| FunctionDeclarationEntry | cpp20.cpp:24:1:24:16 | definition of TestExplicitBool | TestExplicitBool | has_trailing_return_type | | FunctionDeclarationEntry | cpp20.cpp:40:23:40:23 | definition of TestExplicitBool2 | TestExplicitBool2 | explicit | | FunctionDeclarationEntry | cpp20.cpp:51:5:51:5 | definition of TestExplicitBool3 | TestExplicitBool3 | explicit | | FunctionDeclarationEntry | cpp20.cpp:51:5:51:21 | declaration of TestExplicitBool3 | TestExplicitBool3 | explicit | From 2193bece907d31ec6c052b2ffd52efa064ada77c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:30:48 +0200 Subject: [PATCH 188/409] C#: Update test expected output. --- .../Control-Flow/ConstantCondition/ConstantCondition.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected index 9e0e69edb904..e154d10b9d3a 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected @@ -11,6 +11,7 @@ | ConstantCondition.cs:114:13:114:14 | access to parameter b1 | Condition always evaluates to 'true'. | | ConstantCondition.cs:114:19:114:20 | access to parameter b2 | Condition always evaluates to 'true'. | | ConstantCondition.cs:141:22:141:22 | _ | Pattern always matches. | +| ConstantConditionBad.cs:5:16:5:20 | ... > ... | Condition always evaluates to 'false'. | | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | Condition always evaluates to 'true'. | | ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | Condition always evaluates to 'false'. | | ConstantConditionalExpressionCondition.cs:13:21:13:30 | ... == ... | Condition always evaluates to 'true'. | @@ -19,7 +20,6 @@ | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. | | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. | | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. | -| ConstantIfCondition.cs:30:20:30:24 | ... > ... | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | | ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | From 001735bfb8bc2d28541ce9286e4d6083b9fda219 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 2 Apr 2025 15:01:05 +0200 Subject: [PATCH 189/409] Rust: Take internal IDs of a smaller class --- rust/ql/lib/codeql/rust/internal/TypeInference.qll | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index bef741d24706..ed6370f16381 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -69,9 +69,12 @@ private module Input1 implements InputSig1 { apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - private predicate id(Raw::AstNode x, Raw::AstNode y) { x = y } + /** A raw AST node that might correspond to a type parameter. */ + private class RawTypeParameter = @type_param or @trait; - private predicate idOfRaw(Raw::AstNode x, int y) = equivalenceRelation(id/2)(x, y) + private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } + + private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } From 16142a287a8cf9a49a10ac9aae5058871e4a234f Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:43:34 +0200 Subject: [PATCH 190/409] C#: Add NoDisposeCallOnLocalIDisposableBad file and update test expected output. --- .../NoDisposeCallOnLocalIDisposable.cs | 9 --------- .../NoDisposeCallOnLocalIDisposable.expected | 2 +- .../NoDisposeCallOnLocalIDisposableBad.cs | 11 +++++++++++ 3 files changed, 12 insertions(+), 10 deletions(-) create mode 100644 csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs index aa11be14f67b..a2fd6cd50f15 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs @@ -114,15 +114,6 @@ void TimerProc(object obj) public void Dispose() { } } -class Bad -{ - long GetLength(string file) - { - var stream = new FileStream(file, FileMode.Open); // $ Alert - return stream.Length; - } -} - static class Extensions { public static FileStream Fluent(this FileStream fs) => fs; diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected index f08cf6837c5f..5d82fb99a8de 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected @@ -4,4 +4,4 @@ | NoDisposeCallOnLocalIDisposable.cs:76:25:76:71 | call to method Create | Disposable 'XmlReader' is created but not disposed. | | NoDisposeCallOnLocalIDisposable.cs:76:42:76:64 | object creation of type StringReader | Disposable 'StringReader' is created but not disposed. | | NoDisposeCallOnLocalIDisposable.cs:104:23:104:38 | object creation of type HttpClient | Disposable 'HttpClient' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:121:22:121:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposableBad.cs:8:22:8:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs new file mode 100644 index 000000000000..e8f005358906 --- /dev/null +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs @@ -0,0 +1,11 @@ +using System; +using System.IO; + +class Bad +{ + long GetLength(string file) + { + var stream = new FileStream(file, FileMode.Open); // $ Alert + return stream.Length; + } +} From d8ef4fc25d067d7ec159b1ebf3adc6048db78fb8 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 2 Apr 2025 10:22:27 -0500 Subject: [PATCH 191/409] Update javascript/ql/src/Expressions/ExprHasNoEffect.ql Co-authored-by: Napalys Klicius --- javascript/ql/src/Expressions/ExprHasNoEffect.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.ql b/javascript/ql/src/Expressions/ExprHasNoEffect.ql index 197564244afa..9cdb22b8ecf0 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.ql +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.ql @@ -6,7 +6,7 @@ * @problem.severity warning * @id js/useless-expression * @tags quality -* maintainability + * maintainability * correctness * external/cwe/cwe-480 * external/cwe/cwe-561 From 4207322719f3ba31948636b257a31aade1c1fa50 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 11:39:01 -0700 Subject: [PATCH 192/409] Docs: Make Actions underlines the right length Fixes warnings in Sphinx build. --- .../codeql-language-guides/codeql-library-for-actions.rst | 2 +- .../customizing-library-models-for-actions.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 52baa1ed51e9..2923b3f74153 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -1,7 +1,7 @@ .. _codeql-library-for-actions: CodeQL library for GitHub Actions -======================= +================================= When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst index 40bee7079b5e..3d1a0b218272 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst @@ -1,7 +1,7 @@ .. _customizing-library-models-for-actions: Customizing Library Models for GitHub Actions -========================================= +============================================= .. include:: ../reusables/beta-note-customizing-library-models.rst From 118abd40c958f98e5632299f36eb4eecbb1c2757 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Wed, 2 Apr 2025 14:19:45 -0700 Subject: [PATCH 193/409] Java: add exclude-from-incremental tag to telemetry queries In the future, this tag should signal to the action that the queries should be excluded from incremental scans because they are too slow and/or produce too many results. The three queries tagged here rely on global data-flow analysis to find all XSS sinks. All other metric and diagnostic queries are fast enough for incrementality. --- java/ql/src/Telemetry/SupportedExternalApis.ql | 2 +- java/ql/src/Telemetry/SupportedExternalSinks.ql | 2 +- java/ql/src/Telemetry/UnsupportedExternalAPIs.ql | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/SupportedExternalApis.ql b/java/ql/src/Telemetry/SupportedExternalApis.ql index a28b408cbb50..a49eb9456fc1 100644 --- a/java/ql/src/Telemetry/SupportedExternalApis.ql +++ b/java/ql/src/Telemetry/SupportedExternalApis.ql @@ -2,7 +2,7 @@ * @name Usage of supported APIs coming from external libraries * @description A list of supported 3rd party APIs used in the codebase. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/supported-external-api */ diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql index 6456b7e296c9..23b7cfeeb510 100644 --- a/java/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql @@ -2,7 +2,7 @@ * @name Supported sinks in external libraries * @description A list of 3rd party APIs detected as sinks. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/supported-external-api-sinks */ diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql index c4ff31847e3a..ee3f6bcdefac 100644 --- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -2,7 +2,7 @@ * @name Usage of unsupported APIs coming from external libraries * @description A list of 3rd party APIs used in the codebase. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/unsupported-external-api */ From 67dd301a37f3509a09fa804880b953dfc00dbfe3 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 15:25:27 -0700 Subject: [PATCH 194/409] Docs: Add language guide structure for Actions --- .../codeql-for-actions.rst | 17 +++++++++++++++++ docs/codeql/codeql-language-guides/index.rst | 1 + 2 files changed, 18 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/codeql-for-actions.rst diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst new file mode 100644 index 000000000000..a05ad84ccb11 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -0,0 +1,17 @@ + +.. _codeql-for-actions: + +CodeQL for GitHub Actions +=============== + +Experiment and learn how to write effective and efficient queries for CodeQL databases generated from GitHub Actions code. + +.. toctree:: + :hidden: + + codeql-library-for-actions + customizing-library-models-for-actions + +- :doc:`CodeQL library for GitHub Actions `: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. + +- :doc:`Customizing library models for GitHub Actions `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index 2b4fabc01a72..f59d8163db21 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -7,6 +7,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: + codeql-for-actions codeql-for-cpp codeql-for-csharp codeql-for-go From 8f6dc1cdfc0624ee2fbff10b72a106c03eac287a Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 15:56:42 -0700 Subject: [PATCH 195/409] Docs: Fix more short underlines --- docs/codeql/codeql-language-guides/codeql-for-actions.rst | 2 +- .../codeql-language-guides/codeql-library-for-actions.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst index a05ad84ccb11..d4597811a470 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -2,7 +2,7 @@ .. _codeql-for-actions: CodeQL for GitHub Actions -=============== +========================= Experiment and learn how to write effective and efficient queries for CodeQL databases generated from GitHub Actions code. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 2923b3f74153..5f4b03fa5e33 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -101,7 +101,7 @@ to all AST classes: Workflows -~~~~~~~ +~~~~~~~~~ A workflow is a configurable automated process made up of one or more jobs, defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. From 4d6afe7d29618013925d43f60f3484f1531e1b3c Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 16:00:55 -0700 Subject: [PATCH 196/409] Docs: Address comments on Actions docs --- .../codeql-language-guides/codeql-library-for-actions.rst | 4 ++-- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 5f4b03fa5e33..507438583c62 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -3,7 +3,7 @@ CodeQL library for GitHub Actions ================================= -When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. +When you're analyzing GitHub Actions workflows and Action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. Overview -------- @@ -116,7 +116,7 @@ See the GitHub Actions documentation on `workflows Date: Wed, 2 Apr 2025 19:54:28 +0200 Subject: [PATCH 197/409] Ruby: Add argument-less `super` call tests --- ruby/ql/test/library-tests/ast/Ast.expected | 40 + .../library-tests/ast/TreeSitter.expected | 90 ++ .../test/library-tests/ast/ValueText.expected | 10 + .../library-tests/ast/params/params.expected | 30 + .../test/library-tests/ast/params/params.rb | 15 + .../dataflow/params/TypeTracker.expected | 866 +++++++++++++----- .../dataflow/params/params_flow.rb | 22 + 7 files changed, 844 insertions(+), 229 deletions(-) diff --git a/ruby/ql/test/library-tests/ast/Ast.expected b/ruby/ql/test/library-tests/ast/Ast.expected index 0748c0cfde61..5c29d3f536d7 100644 --- a/ruby/ql/test/library-tests/ast/Ast.expected +++ b/ruby/ql/test/library-tests/ast/Ast.expected @@ -3153,6 +3153,46 @@ params/params.rb: # 95| getReceiver: [LocalVariableAccess] hash # 95| getArgument: [HashSplatExpr] ** ... # 95| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] __synth__0 +# 98| getStmt: [ClassDeclaration] Sup +# 99| getStmt: [Method] m +# 99| getParameter: [SimpleParameter] x +# 99| getDefiningAccess: [LocalVariableAccess] x +# 99| getParameter: [SplatParameter] *rest +# 99| getDefiningAccess: [LocalVariableAccess] rest +# 99| getParameter: [KeywordParameter] k +# 99| getDefiningAccess: [LocalVariableAccess] k +# 99| getParameter: [HashSplatParameter] **kwargs +# 99| getDefiningAccess: [LocalVariableAccess] kwargs +# 100| getStmt: [MethodCall] call to print +# 100| getReceiver: [SelfVariableAccess] self +# 100| getArgument: [AddExpr] ... + ... +# 100| getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] x +# 100| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 1 +# 101| getStmt: [MethodCall] call to print +# 101| getReceiver: [SelfVariableAccess] self +# 101| getArgument: [AddExpr] ... + ... +# 101| getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] k +# 101| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 1 +# 105| getStmt: [ClassDeclaration] Sub +# 105| getSuperclassExpr: [ConstantReadAccess] Sup +# 106| getStmt: [Method] m +# 106| getParameter: [SimpleParameter] y +# 106| getDefiningAccess: [LocalVariableAccess] y +# 106| getParameter: [SplatParameter] *rest +# 106| getDefiningAccess: [LocalVariableAccess] rest +# 106| getParameter: [KeywordParameter] k +# 106| getDefiningAccess: [LocalVariableAccess] k +# 106| getParameter: [HashSplatParameter] **kwargs +# 106| getDefiningAccess: [LocalVariableAccess] kwargs +# 107| getStmt: [SuperCall] super call to m +# 111| getStmt: [MethodCall] call to m +# 111| getReceiver: [MethodCall] call to new +# 111| getReceiver: [ConstantReadAccess] Sub +# 111| getArgument: [IntegerLiteral] 42 +# 111| getArgument: [Pair] Pair +# 111| getKey: [SymbolLiteral] :k +# 111| getComponent: [StringTextComponent] k +# 111| getValue: [IntegerLiteral] 22 erb/template.html.erb: # 19| [Toplevel] template.html.erb # 19| getStmt: [StringLiteral] "hello world" diff --git a/ruby/ql/test/library-tests/ast/TreeSitter.expected b/ruby/ql/test/library-tests/ast/TreeSitter.expected index 8b72224d0026..04a66cce8472 100644 --- a/ruby/ql/test/library-tests/ast/TreeSitter.expected +++ b/ruby/ql/test/library-tests/ast/TreeSitter.expected @@ -6192,6 +6192,96 @@ params/params.rb: # 95| 0: [ReservedWord] ** # 95| 2: [ReservedWord] ) # 96| 4: [ReservedWord] end +# 98| 25: [Class] Class +# 98| 0: [ReservedWord] class +# 98| 1: [Constant] Sup +# 99| 2: [BodyStatement] BodyStatement +# 99| 0: [Method] Method +# 99| 0: [ReservedWord] def +# 99| 1: [Identifier] m +# 99| 2: [MethodParameters] MethodParameters +# 99| 0: [ReservedWord] ( +# 99| 1: [Identifier] x +# 99| 2: [ReservedWord] , +# 99| 3: [SplatParameter] SplatParameter +# 99| 0: [ReservedWord] * +# 99| 1: [Identifier] rest +# 99| 4: [ReservedWord] , +# 99| 5: [KeywordParameter] KeywordParameter +# 99| 0: [Identifier] k +# 99| 1: [ReservedWord] : +# 99| 6: [ReservedWord] , +# 99| 7: [HashSplatParameter] HashSplatParameter +# 99| 0: [ReservedWord] ** +# 99| 1: [Identifier] kwargs +# 99| 8: [ReservedWord] ) +# 100| 3: [BodyStatement] BodyStatement +# 100| 0: [Call] Call +# 100| 0: [Identifier] print +# 100| 1: [ArgumentList] ArgumentList +# 100| 0: [ReservedWord] ( +# 100| 1: [Binary] Binary +# 100| 0: [Identifier] x +# 100| 1: [ReservedWord] + +# 100| 2: [Integer] 1 +# 100| 2: [ReservedWord] ) +# 101| 1: [Call] Call +# 101| 0: [Identifier] print +# 101| 1: [ArgumentList] ArgumentList +# 101| 0: [ReservedWord] ( +# 101| 1: [Binary] Binary +# 101| 0: [Identifier] k +# 101| 1: [ReservedWord] + +# 101| 2: [Integer] 1 +# 101| 2: [ReservedWord] ) +# 102| 4: [ReservedWord] end +# 103| 3: [ReservedWord] end +# 105| 26: [Class] Class +# 105| 0: [ReservedWord] class +# 105| 1: [Constant] Sub +# 105| 2: [Superclass] Superclass +# 105| 0: [ReservedWord] < +# 105| 1: [Constant] Sup +# 106| 3: [BodyStatement] BodyStatement +# 106| 0: [Method] Method +# 106| 0: [ReservedWord] def +# 106| 1: [Identifier] m +# 106| 2: [MethodParameters] MethodParameters +# 106| 0: [ReservedWord] ( +# 106| 1: [Identifier] y +# 106| 2: [ReservedWord] , +# 106| 3: [SplatParameter] SplatParameter +# 106| 0: [ReservedWord] * +# 106| 1: [Identifier] rest +# 106| 4: [ReservedWord] , +# 106| 5: [KeywordParameter] KeywordParameter +# 106| 0: [Identifier] k +# 106| 1: [ReservedWord] : +# 106| 6: [ReservedWord] , +# 106| 7: [HashSplatParameter] HashSplatParameter +# 106| 0: [ReservedWord] ** +# 106| 1: [Identifier] kwargs +# 106| 8: [ReservedWord] ) +# 107| 3: [BodyStatement] BodyStatement +# 107| 0: [Super] super +# 108| 4: [ReservedWord] end +# 109| 4: [ReservedWord] end +# 111| 27: [Call] Call +# 111| 0: [Call] Call +# 111| 0: [Constant] Sub +# 111| 1: [ReservedWord] . +# 111| 2: [Identifier] new +# 111| 1: [ReservedWord] . +# 111| 2: [Identifier] m +# 111| 3: [ArgumentList] ArgumentList +# 111| 0: [ReservedWord] ( +# 111| 1: [Integer] 42 +# 111| 2: [ReservedWord] , +# 111| 3: [Pair] Pair +# 111| 0: [HashKeySymbol] k +# 111| 1: [ReservedWord] : +# 111| 2: [Integer] 22 +# 111| 4: [ReservedWord] ) # 1| [Comment] # Tests for the different kinds and contexts of parameters. # 3| [Comment] # Method containing identifier parameters # 7| [Comment] # Block containing identifier parameters diff --git a/ruby/ql/test/library-tests/ast/ValueText.expected b/ruby/ql/test/library-tests/ast/ValueText.expected index 90e594c0b1cd..195beb5f2e38 100644 --- a/ruby/ql/test/library-tests/ast/ValueText.expected +++ b/ruby/ql/test/library-tests/ast/ValueText.expected @@ -941,6 +941,11 @@ exprValue | params/params.rb:65:41:65:42 | 99 | 99 | int | | params/params.rb:70:42:70:45 | 1000 | 1000 | int | | params/params.rb:70:52:70:53 | 20 | 20 | int | +| params/params.rb:100:15:100:15 | 1 | 1 | int | +| params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:111:11:111:12 | 42 | 42 | int | +| params/params.rb:111:15:111:15 | :k | :k | symbol | +| params/params.rb:111:18:111:19 | 22 | 22 | int | exprCfgNodeValue | calls/calls.rb:8:1:8:3 | 123 | 123 | int | | calls/calls.rb:11:5:11:5 | 0 | 0 | int | @@ -1855,3 +1860,8 @@ exprCfgNodeValue | params/params.rb:65:41:65:42 | 99 | 99 | int | | params/params.rb:70:42:70:45 | 1000 | 1000 | int | | params/params.rb:70:52:70:53 | 20 | 20 | int | +| params/params.rb:100:15:100:15 | 1 | 1 | int | +| params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:111:11:111:12 | 42 | 42 | int | +| params/params.rb:111:15:111:15 | :k | :k | symbol | +| params/params.rb:111:18:111:19 | 22 | 22 | int | diff --git a/ruby/ql/test/library-tests/ast/params/params.expected b/ruby/ql/test/library-tests/ast/params/params.expected index f90d5d5577b0..8bec3e37fa62 100644 --- a/ruby/ql/test/library-tests/ast/params/params.expected +++ b/ruby/ql/test/library-tests/ast/params/params.expected @@ -39,6 +39,14 @@ idParams | params.rb:86:14:86:14 | x | x | | params.rb:89:31:89:35 | array | array | | params.rb:94:36:94:39 | hash | hash | +| params.rb:99:9:99:9 | x | x | +| params.rb:99:12:99:16 | *rest | rest | +| params.rb:99:19:99:19 | k | k | +| params.rb:99:23:99:30 | **kwargs | kwargs | +| params.rb:106:9:106:9 | y | y | +| params.rb:106:12:106:16 | *rest | rest | +| params.rb:106:19:106:19 | k | k | +| params.rb:106:23:106:30 | **kwargs | kwargs | blockParams | params.rb:46:28:46:33 | &block | block | | params.rb:62:29:62:34 | &block | block | @@ -56,10 +64,14 @@ splatParams | params.rb:30:31:30:36 | *splat | splat | | params.rb:34:21:34:26 | *splat | splat | | params.rb:38:29:38:33 | *blah | blah | +| params.rb:99:12:99:16 | *rest | rest | +| params.rb:106:12:106:16 | *rest | rest | hashSplatParams | params.rb:30:39:30:52 | **double_splat | double_splat | | params.rb:34:29:34:42 | **double_splat | double_splat | | params.rb:38:36:38:43 | **wibble | wibble | +| params.rb:99:23:99:30 | **kwargs | kwargs | +| params.rb:106:23:106:30 | **kwargs | kwargs | keywordParams | params.rb:41:35:41:37 | foo | foo | (none) | | params.rb:41:41:41:43 | bar | bar | 7 | @@ -67,6 +79,8 @@ keywordParams | params.rb:49:33:49:34 | yy | yy | 100 | | params.rb:53:37:53:37 | y | y | (none) | | params.rb:53:41:53:41 | z | z | 3 | +| params.rb:99:19:99:19 | k | k | (none) | +| params.rb:106:19:106:19 | k | k | (none) | optionalParams | params.rb:58:39:58:42 | val2 | val2 | params.rb:58:46:58:46 | 0 | | params.rb:58:49:58:52 | val3 | val3 | params.rb:58:56:58:58 | 100 | @@ -97,6 +111,14 @@ paramsInMethods | params.rb:89:1:91:3 | anonymous_splat_parameter | 1 | params.rb:89:38:89:38 | * | SplatParameter | | params.rb:94:1:96:3 | anonymous_hash_splat_parameter | 0 | params.rb:94:36:94:39 | hash | SimpleParameter | | params.rb:94:1:96:3 | anonymous_hash_splat_parameter | 1 | params.rb:94:42:94:43 | ** | HashSplatParameter | +| params.rb:99:3:102:5 | m | 0 | params.rb:99:9:99:9 | x | SimpleParameter | +| params.rb:99:3:102:5 | m | 1 | params.rb:99:12:99:16 | *rest | SplatParameter | +| params.rb:99:3:102:5 | m | 2 | params.rb:99:19:99:19 | k | KeywordParameter | +| params.rb:99:3:102:5 | m | 3 | params.rb:99:23:99:30 | **kwargs | HashSplatParameter | +| params.rb:106:3:108:5 | m | 0 | params.rb:106:9:106:9 | y | SimpleParameter | +| params.rb:106:3:108:5 | m | 1 | params.rb:106:12:106:16 | *rest | SplatParameter | +| params.rb:106:3:108:5 | m | 2 | params.rb:106:19:106:19 | k | KeywordParameter | +| params.rb:106:3:108:5 | m | 3 | params.rb:106:23:106:30 | **kwargs | HashSplatParameter | paramsInBlocks | params.rb:9:11:11:3 | do ... end | 0 | params.rb:9:15:9:17 | key | SimpleParameter | | params.rb:9:11:11:3 | do ... end | 1 | params.rb:9:20:9:24 | value | SimpleParameter | @@ -175,3 +197,11 @@ params | params.rb:89:38:89:38 | * | 1 | SplatParameter | | params.rb:94:36:94:39 | hash | 0 | SimpleParameter | | params.rb:94:42:94:43 | ** | 1 | HashSplatParameter | +| params.rb:99:9:99:9 | x | 0 | SimpleParameter | +| params.rb:99:12:99:16 | *rest | 1 | SplatParameter | +| params.rb:99:19:99:19 | k | 2 | KeywordParameter | +| params.rb:99:23:99:30 | **kwargs | 3 | HashSplatParameter | +| params.rb:106:9:106:9 | y | 0 | SimpleParameter | +| params.rb:106:12:106:16 | *rest | 1 | SplatParameter | +| params.rb:106:19:106:19 | k | 2 | KeywordParameter | +| params.rb:106:23:106:30 | **kwargs | 3 | HashSplatParameter | diff --git a/ruby/ql/test/library-tests/ast/params/params.rb b/ruby/ql/test/library-tests/ast/params/params.rb index c29d3739e2ec..6a8f8718356e 100644 --- a/ruby/ql/test/library-tests/ast/params/params.rb +++ b/ruby/ql/test/library-tests/ast/params/params.rb @@ -94,3 +94,18 @@ def anonymous_splat_parameter(array, *) def anonymous_hash_splat_parameter(hash, **) hash.merge(**) end + +class Sup + def m(x, *rest, k:, **kwargs) + print(x + 1) + print(k + 1) + end +end + +class Sub < Sup + def m(y, *rest, k:, **kwargs) + super + end +end + +Sub.new.m(42, k: 22) \ No newline at end of file diff --git a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected index 23d66c80ad2e..99c21ba6f759 100644 --- a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected @@ -3,25 +3,25 @@ track | params_flow.rb:1:1:3:3 | self in taint | type tracker without call steps | params_flow.rb:1:1:3:3 | self in taint | | params_flow.rb:1:1:3:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:1:1:3:3 | synthetic splat parameter | | params_flow.rb:1:1:3:3 | taint | type tracker without call steps | params_flow.rb:1:1:3:3 | taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:9:1:12:3 | self in positional | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:16:1:19:3 | self in keyword | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:25:1:31:3 | self in kwargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:49:1:53:3 | self in posargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:64:1:66:3 | self in splatstuff | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:69:1:76:3 | self in splatmid | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:83:1:91:3 | self in pos_many | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:98:1:103:3 | self in splatmidsmall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:120:1:126:3 | self in destruct | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:133:1:135:3 | self in splatall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:153:1:155:3 | self in keywordSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:167:1:169:3 | self in splatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:181:1:183:3 | self in positionSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:200:1:205:3 | self in foo | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker without call steps | params_flow.rb:1:1:207:15 | self in params_flow.rb | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:9:1:12:3 | self in positional | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:16:1:19:3 | self in keyword | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:25:1:31:3 | self in kwargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:49:1:53:3 | self in posargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:64:1:66:3 | self in splatstuff | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:69:1:76:3 | self in splatmid | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:83:1:91:3 | self in pos_many | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:98:1:103:3 | self in splatmidsmall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:120:1:126:3 | self in destruct | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:133:1:135:3 | self in splatall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:153:1:155:3 | self in keywordSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:167:1:169:3 | self in splatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:181:1:183:3 | self in positionSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:200:1:205:3 | self in foo | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker without call steps | params_flow.rb:1:1:229:4 | self in params_flow.rb | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:9:16:9:17 | p1 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:9:20:9:21 | p2 | @@ -52,6 +52,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:168:26:168:35 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:181:28:181:29 | p2 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:200:9:200:9 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element | params_flow.rb:9:1:12:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:9:1:12:3 | synthetic splat parameter | @@ -88,6 +90,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:133:14:133:18 | *args | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:134:5:134:16 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:200:1:205:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:64:16:64:17 | *x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:15 | [post] ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:38 | call to insert | @@ -110,15 +114,20 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:168:5:168:36 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:181:1:183:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:182:5:182:20 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:98:1:103:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:133:14:133:18 | *args | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 5 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:16:1:19:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:1:31:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:17:25:24 | **kwargs | @@ -212,6 +221,12 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:185:14:185:22 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:192:24:192:32 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:196:10:196:18 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content attribute [] | params_flow.rb:117:1:117:1 | [post] x | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element | params_flow.rb:117:1:117:1 | [post] x | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element | params_flow.rb:118:12:118:13 | * ... | @@ -263,6 +278,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:195:12:198:1 | call to [] | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:195:12:198:1 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 or unknown | params_flow.rb:67:12:67:16 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:14:1:14:30 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:44:1:44:28 | synthetic splat argument | @@ -312,6 +329,7 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:185:8:185:24 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:187:20:187:24 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:192:1:192:33 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:78:1:78:63 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:80:8:80:51 | call to [] | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:80:8:80:51 | synthetic splat argument | @@ -340,12 +358,15 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:94:32:94:36 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:96:1:96:88 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:78:1:78:63 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:81:1:81:37 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:96:1:96:88 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 5 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :c | params_flow.rb:114:1:114:67 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:21:1:21:35 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:22:1:22:35 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:23:1:23:41 | synthetic hash-splat argument | @@ -470,6 +491,13 @@ track | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:203:5:203:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:204:5:204:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:207:1:207:14 | call to foo | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | type tracker without call steps | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | type tracker without call steps | params_flow.rb:9:1:12:3 | &block | | params_flow.rb:9:1:12:3 | positional | type tracker without call steps | params_flow.rb:9:1:12:3 | positional | @@ -3089,221 +3117,407 @@ track | params_flow.rb:207:1:207:14 | call to foo | type tracker without call steps | params_flow.rb:207:1:207:14 | call to foo | | params_flow.rb:207:5:207:13 | * ... | type tracker with call steps | params_flow.rb:200:1:205:3 | synthetic splat parameter | | params_flow.rb:207:5:207:13 | * ... | type tracker without call steps | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:209:1:219:3 | self (Sup) | type tracker without call steps | params_flow.rb:209:1:219:3 | self (Sup) | +| params_flow.rb:210:5:218:7 | &block | type tracker without call steps | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:210:5:218:7 | m | type tracker without call steps | params_flow.rb:210:5:218:7 | m | +| params_flow.rb:210:5:218:7 | self in m | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:210:5:218:7 | self in m | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:210:5:218:7 | self in m | type tracker without call steps | params_flow.rb:210:5:218:7 | self in m | +| params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:210:5:218:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:210:5:218:7 | synthetic splat parameter | +| params_flow.rb:210:11:210:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:210:14:210:18 | *rest | type tracker without call steps | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:210:15:210:18 | rest | type tracker without call steps | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:21:210:22 | k1 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:210:26:210:33 | **kwargs | type tracker without call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:210:28:210:33 | kwargs | type tracker without call steps | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:211:9:211:15 | call to sink | type tracker without call steps | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:211:9:211:15 | synthetic splat argument | type tracker without call steps | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:212:9:212:21 | call to sink | type tracker without call steps | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:212:9:212:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker without call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:212:19:212:19 | 0 | type tracker without call steps | params_flow.rb:212:19:212:19 | 0 | +| params_flow.rb:212:19:212:19 | 0 | type tracker without call steps with content element 0 | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:213:9:213:21 | call to sink | type tracker without call steps | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:213:9:213:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker without call steps | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:213:19:213:19 | 1 | type tracker without call steps | params_flow.rb:213:19:213:19 | 1 | +| params_flow.rb:213:19:213:19 | 1 | type tracker without call steps with content element 0 | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:214:9:214:21 | call to sink | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:214:9:214:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker without call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:214:19:214:19 | 2 | type tracker without call steps | params_flow.rb:214:19:214:19 | 2 | +| params_flow.rb:214:19:214:19 | 2 | type tracker without call steps with content element 0 | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:215:9:215:16 | call to sink | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:215:9:215:16 | synthetic splat argument | type tracker without call steps | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:216:9:216:25 | call to sink | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:216:9:216:25 | synthetic splat argument | type tracker without call steps | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker without call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | synthetic splat argument | type tracker without call steps | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:216:21:216:23 | :k2 | type tracker without call steps | params_flow.rb:216:21:216:23 | :k2 | +| params_flow.rb:216:21:216:23 | :k2 | type tracker without call steps with content element 0 | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:217:9:217:23 | yield block argument | type tracker without call steps | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:15:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:221:1:225:3 | self (Sub) | type tracker without call steps | params_flow.rb:221:1:225:3 | self (Sub) | +| params_flow.rb:221:13:221:15 | Sup | type tracker without call steps | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | type tracker without call steps | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | m | type tracker without call steps | params_flow.rb:222:5:224:7 | m | +| params_flow.rb:222:5:224:7 | self in m | type tracker without call steps | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | +| params_flow.rb:222:5:224:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:15:222:18 | rest | type tracker without call steps | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:26:222:33 | **kwargs | type tracker without call steps | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:28:222:33 | kwargs | type tracker without call steps | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:227:3 | Sub | type tracker without call steps | params_flow.rb:227:1:227:3 | Sub | +| params_flow.rb:227:1:227:7 | call to new | type tracker with call steps | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:227:1:227:7 | call to new | type tracker without call steps | params_flow.rb:227:1:227:7 | call to new | +| params_flow.rb:227:1:229:3 | call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker with call steps | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker with call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 0 | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:33:227:33 | 0 | type tracker without call steps | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:33:227:33 | 0 | type tracker without call steps with content element 2 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:42:227:43 | 83 | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 0 | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:47:227:48 | :k1 | type tracker without call steps | params_flow.rb:227:47:227:48 | :k1 | +| params_flow.rb:227:47:227:59 | Pair | type tracker without call steps | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:51:227:59 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:57:227:58 | 84 | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element 0 | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:62:227:63 | :k2 | type tracker without call steps | params_flow.rb:227:62:227:63 | :k2 | +| params_flow.rb:227:62:227:74 | Pair | type tracker without call steps | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:66:227:74 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:72:227:73 | 85 | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element 0 | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:77:229:3 | self | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:227:77:229:3 | self | type tracker without call steps | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | type tracker without call steps | params_flow.rb:227:77:229:3 | do ... end | +| params_flow.rb:227:77:229:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:227:77:229:3 | synthetic splat parameter | +| params_flow.rb:227:81:227:81 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | +| params_flow.rb:228:5:228:11 | synthetic splat argument | type tracker without call steps | params_flow.rb:228:5:228:11 | synthetic splat argument | trackEnd | params_flow.rb:1:1:3:3 | &block | params_flow.rb:1:1:3:3 | &block | | params_flow.rb:1:1:3:3 | self in taint | params_flow.rb:1:1:3:3 | self in taint | | params_flow.rb:1:1:3:3 | synthetic splat parameter | params_flow.rb:1:1:3:3 | synthetic splat parameter | | params_flow.rb:1:1:3:3 | taint | params_flow.rb:1:1:3:3 | taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:3:3 | self in taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:207:15 | self (params_flow.rb) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:207:15 | self in params_flow.rb | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self (sink) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self in sink | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:6:5:6:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self (positional) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self in positional | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:10:5:10:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:11:5:11:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:1:14:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:12:14:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:22:14:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self (keyword) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self in keyword | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:17:5:17:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:18:5:18:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:1:21:35 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:13:21:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:27:21:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:1:22:35 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:13:22:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:27:22:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:1:23:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:16:23:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:33:23:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self (kwargs) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self in kwargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:26:5:26:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:27:5:27:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:28:5:28:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:29:5:29:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:30:5:30:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:1:33:58 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:12:33:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:26:33:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:41:33:49 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:34:14:34:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:35:1:35:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:35:12:35:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:37:16:37:24 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:37:34:37:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:38:1:38:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:40:16:40:24 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:41:1:41:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:41:13:41:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:43:9:43:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:44:1:44:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:44:12:44:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:46:9:46:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:46:20:46:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:47:1:47:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self (posargs) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self in posargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:50:5:50:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:51:5:51:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:52:5:52:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:1:55:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:9:55:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:20:55:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:57:9:57:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:58:1:58:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:58:9:58:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:60:9:60:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:60:20:60:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:61:1:61:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:63:8:63:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self (splatstuff) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self in splatstuff | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:65:5:65:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:67:1:67:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self (splatmid) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self in splatmid | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:70:5:70:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:71:5:71:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:72:5:72:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:73:5:73:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:74:5:74:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:75:5:75:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:1:78:63 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:10:78:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:21:78:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:32:78:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:43:78:51 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:54:78:62 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:9:80:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:20:80:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:31:80:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:42:80:50 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:1:81:37 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:10:81:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:28:81:36 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self (pos_many) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self in pos_many | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:84:5:84:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:85:5:85:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:86:5:86:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:87:5:87:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:88:5:88:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:89:5:89:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:90:5:90:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:9:93:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:20:93:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:31:93:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:42:93:50 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:1:94:48 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:10:94:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:21:94:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:39:94:47 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:1:96:88 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:10:96:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:21:96:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:34:96:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:45:96:53 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:56:96:64 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:68:96:76 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:79:96:87 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self (splatmidsmall) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self in splatmidsmall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:99:5:99:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:100:5:100:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:101:5:101:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:102:5:102:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:1:105:49 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:15:105:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:28:105:36 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:39:105:47 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:1:106:46 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:15:106:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:26:106:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:37:106:45 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self (splat_followed_by_keyword_param) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:109:5:109:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:110:5:110:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:111:5:111:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:1:114:67 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:33:114:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:44:114:52 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:58:114:66 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:117:3:117:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:117:19:117:27 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:118:1:118:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self (destruct) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self in destruct | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:121:5:121:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:122:5:122:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:123:5:123:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:124:5:124:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:125:5:125:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:1:128:61 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:11:128:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:22:128:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:35:128:43 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:50:128:58 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:130:9:130:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:130:20:130:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:131:1:131:46 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:131:17:131:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self (splatall) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self in splatall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:134:5:134:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:1:137:44 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:12:137:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:23:137:31 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:34:137:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:143:24:143:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:144:1:144:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:145:1:145:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:146:1:146:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:149:1:149:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:150:1:150:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:150:33:150:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:151:1:151:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:153:1:155:3 | self in keywordSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:157:24:157:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:158:1:158:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:159:1:159:27 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:160:1:160:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:163:1:163:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:164:1:164:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:164:31:164:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:165:1:165:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:167:1:169:3 | self in splatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:171:17:171:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:172:1:172:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:173:1:173:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:174:1:174:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:177:1:177:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:178:1:178:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:178:21:178:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:179:1:179:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:181:1:183:3 | self in positionSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:185:14:185:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:186:1:186:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:187:1:187:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:188:1:188:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:191:1:191:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:192:1:192:33 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:192:24:192:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:193:1:193:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:196:10:196:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self (foo) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self in foo | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:201:5:201:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:202:5:202:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:203:5:203:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:204:5:204:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:207:1:207:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | captured self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | self (params_flow.rb) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | self in params_flow.rb | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self (positional) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self in positional | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:10:5:10:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:11:5:11:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:1:14:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:12:14:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:22:14:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self (keyword) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self in keyword | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:17:5:17:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:18:5:18:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:1:21:35 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:13:21:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:27:21:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:1:22:35 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:13:22:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:27:22:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:1:23:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:16:23:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:33:23:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self (kwargs) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self in kwargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:26:5:26:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:27:5:27:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:28:5:28:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:29:5:29:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:30:5:30:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:1:33:58 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:12:33:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:26:33:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:41:33:49 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:34:14:34:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:35:1:35:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:35:12:35:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:37:16:37:24 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:37:34:37:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:38:1:38:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:40:16:40:24 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:41:1:41:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:41:13:41:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:43:9:43:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:44:1:44:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:44:12:44:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:46:9:46:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:46:20:46:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:47:1:47:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self (posargs) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self in posargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:50:5:50:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:51:5:51:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:52:5:52:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:1:55:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:9:55:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:20:55:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:57:9:57:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:58:1:58:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:58:9:58:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:60:9:60:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:60:20:60:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:61:1:61:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:63:8:63:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self (splatstuff) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self in splatstuff | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:65:5:65:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:67:1:67:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self (splatmid) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self in splatmid | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:70:5:70:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:71:5:71:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:72:5:72:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:73:5:73:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:74:5:74:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:75:5:75:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:1:78:63 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:10:78:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:21:78:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:32:78:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:43:78:51 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:54:78:62 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:9:80:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:20:80:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:31:80:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:42:80:50 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:1:81:37 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:10:81:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:28:81:36 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self (pos_many) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self in pos_many | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:84:5:84:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:85:5:85:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:86:5:86:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:87:5:87:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:88:5:88:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:89:5:89:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:90:5:90:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:9:93:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:20:93:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:31:93:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:42:93:50 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:1:94:48 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:10:94:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:21:94:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:39:94:47 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:1:96:88 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:10:96:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:21:96:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:34:96:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:45:96:53 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:56:96:64 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:68:96:76 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:79:96:87 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self (splatmidsmall) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self in splatmidsmall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:99:5:99:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:100:5:100:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:101:5:101:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:102:5:102:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:1:105:49 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:15:105:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:28:105:36 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:39:105:47 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:1:106:46 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:15:106:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:26:106:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:37:106:45 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self (splat_followed_by_keyword_param) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:109:5:109:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:110:5:110:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:111:5:111:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:1:114:67 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:33:114:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:44:114:52 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:58:114:66 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:117:3:117:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:117:19:117:27 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:118:1:118:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self (destruct) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self in destruct | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:121:5:121:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:122:5:122:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:123:5:123:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:124:5:124:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:125:5:125:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:1:128:61 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:11:128:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:22:128:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:35:128:43 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:50:128:58 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:130:9:130:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:130:20:130:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:131:1:131:46 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:131:17:131:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self (splatall) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self in splatall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:134:5:134:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:1:137:44 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:12:137:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:23:137:31 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:34:137:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:143:24:143:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:144:1:144:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:145:1:145:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:146:1:146:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:149:1:149:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:150:1:150:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:150:33:150:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:151:1:151:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:153:1:155:3 | self in keywordSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:157:24:157:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:158:1:158:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:159:1:159:27 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:160:1:160:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:163:1:163:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:164:1:164:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:164:31:164:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:165:1:165:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:167:1:169:3 | self in splatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:171:17:171:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:172:1:172:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:173:1:173:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:174:1:174:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:177:1:177:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:178:1:178:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:178:21:178:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:179:1:179:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:181:1:183:3 | self in positionSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:185:14:185:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:186:1:186:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:187:1:187:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:188:1:188:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:191:1:191:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:192:1:192:33 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:192:24:192:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:193:1:193:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:196:10:196:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self (foo) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self in foo | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:201:5:201:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:202:5:202:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:203:5:203:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:204:5:204:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:207:1:207:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:11:227:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:22:227:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:36:227:44 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:51:227:59 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:66:227:74 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:228:5:228:11 | self | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | @@ -3474,6 +3688,14 @@ trackEnd | params_flow.rb:1:11:1:11 | x | params_flow.rb:200:9:200:9 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:201:11:201:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:202:11:202:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:5:1:7:3 | &block | params_flow.rb:5:1:7:3 | &block | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self (sink) | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self in sink | @@ -3570,6 +3792,13 @@ trackEnd | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:203:5:203:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:204:5:204:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:207:1:207:14 | call to foo | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | params_flow.rb:9:1:12:3 | &block | | params_flow.rb:9:1:12:3 | positional | params_flow.rb:9:1:12:3 | positional | @@ -6205,5 +6434,184 @@ trackEnd | params_flow.rb:207:1:207:14 | call to foo | params_flow.rb:207:1:207:14 | call to foo | | params_flow.rb:207:5:207:13 | * ... | params_flow.rb:200:1:205:3 | synthetic splat parameter | | params_flow.rb:207:5:207:13 | * ... | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:209:1:219:3 | self (Sup) | params_flow.rb:209:1:219:3 | self (Sup) | +| params_flow.rb:210:5:218:7 | &block | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:210:5:218:7 | &block | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:210:5:218:7 | m | params_flow.rb:209:1:219:3 | Sup | +| params_flow.rb:210:5:218:7 | m | params_flow.rb:210:5:218:7 | m | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:210:5:218:7 | self (m) | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:210:5:218:7 | self in m | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:211:9:211:15 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:212:9:212:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:213:9:213:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:214:9:214:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:215:9:215:16 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:216:9:216:25 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:217:15:217:23 | self | +| params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:210:5:218:7 | synthetic splat parameter | params_flow.rb:210:5:218:7 | synthetic splat parameter | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:211:14:211:14 | x | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:212:14:212:17 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:213:14:213:17 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:214:14:214:17 | rest | +| params_flow.rb:210:15:210:18 | rest | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:210:28:210:33 | kwargs | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:211:9:211:15 | call to sink | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:211:9:211:15 | synthetic splat argument | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:212:9:212:21 | call to sink | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:212:9:212:21 | synthetic splat argument | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:212:14:212:20 | synthetic splat argument | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:212:19:212:19 | 0 | params_flow.rb:212:19:212:19 | 0 | +| params_flow.rb:213:9:213:21 | call to sink | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:213:9:213:21 | synthetic splat argument | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:213:14:213:20 | synthetic splat argument | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:213:19:213:19 | 1 | params_flow.rb:213:19:213:19 | 1 | +| params_flow.rb:214:9:214:21 | call to sink | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:214:9:214:21 | synthetic splat argument | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:214:14:214:20 | synthetic splat argument | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:214:19:214:19 | 2 | params_flow.rb:214:19:214:19 | 2 | +| params_flow.rb:215:9:215:16 | call to sink | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:215:9:215:16 | synthetic splat argument | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:216:9:216:25 | call to sink | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:216:9:216:25 | synthetic splat argument | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:216:14:216:24 | synthetic splat argument | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:216:21:216:23 | :k2 | params_flow.rb:216:21:216:23 | :k2 | +| params_flow.rb:217:9:217:23 | synthetic splat argument | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:217:9:217:23 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | synthetic splat argument | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:221:1:225:3 | self (Sub) | params_flow.rb:221:1:225:3 | self (Sub) | +| params_flow.rb:221:13:221:15 | Sup | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | m | params_flow.rb:221:1:225:3 | Sub | +| params_flow.rb:222:5:224:7 | m | params_flow.rb:222:5:224:7 | m | +| params_flow.rb:222:5:224:7 | self in m | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | +| params_flow.rb:222:5:224:7 | synthetic splat parameter | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:15:222:18 | rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:28:222:33 | kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:227:3 | Sub | params_flow.rb:227:1:227:3 | Sub | +| params_flow.rb:227:1:227:7 | call to new | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:227:1:227:7 | call to new | params_flow.rb:227:1:227:7 | call to new | +| params_flow.rb:227:1:229:3 | call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:11:227:19 | synthetic splat argument | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:22:227:30 | synthetic splat argument | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:36:227:44 | synthetic splat argument | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:42:227:43 | 83 | +| params_flow.rb:227:47:227:48 | :k1 | params_flow.rb:227:47:227:48 | :k1 | +| params_flow.rb:227:47:227:59 | Pair | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:51:227:59 | synthetic splat argument | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:57:227:58 | 84 | +| params_flow.rb:227:62:227:63 | :k2 | params_flow.rb:227:62:227:63 | :k2 | +| params_flow.rb:227:62:227:74 | Pair | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:66:227:74 | synthetic splat argument | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:72:227:73 | 85 | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:228:5:228:11 | self | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:227:77:229:3 | do ... end | +| params_flow.rb:227:77:229:3 | synthetic splat parameter | params_flow.rb:227:77:229:3 | synthetic splat parameter | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:228:5:228:11 | call to sink | +| params_flow.rb:228:5:228:11 | synthetic splat argument | params_flow.rb:228:5:228:11 | synthetic splat argument | forwardButNoBackwardFlow backwardButNoForwardFlow diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb index 65b663a7c4e0..c4ced767fdf4 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb +++ b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb @@ -205,3 +205,25 @@ def foo(x, y) end foo(*int_hash) + +class Sup + def m(x, *rest, k1:, **kwargs) + sink(x) # $ MISSING: hasValueFlow=81 + sink(rest[0]) # $ MISSING: hasValueFlow=82 + sink(rest[1]) + sink(rest[2]) # $ MISSING: hasValueFlow=83 + sink(k1) # $ MISSING: hasValueFlow=84 + sink(kwargs[:k2]) # $ MISSING: hasValueFlow=85 + yield taint(86) + end +end + +class Sub < Sup + def m(x, *rest, k1:, **kwargs) + super + end +end + +Sub.new.m(taint(81), taint(82), 0, taint(83), k1: taint(84), k2: taint(85)) do |x| + sink(x) # $ MISSING: hasValueFlow=86 +end From 65a11984bdeaf6ebb5856ce155a8d28ae479afe1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 2 Apr 2025 19:55:07 +0200 Subject: [PATCH 198/409] Ruby: Synthesize implicit super arguments --- ruby/ql/lib/codeql/ruby/ast/Expr.qll | 25 +- ruby/ql/lib/codeql/ruby/ast/Literal.qll | 4 +- ruby/ql/lib/codeql/ruby/ast/Operation.qll | 4 - ruby/ql/lib/codeql/ruby/ast/internal/AST.qll | 41 ++- ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 48 ++- ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll | 35 +++ .../lib/codeql/ruby/ast/internal/Literal.qll | 20 +- .../codeql/ruby/ast/internal/Operation.qll | 24 +- .../codeql/ruby/ast/internal/Synthesis.qll | 151 ++++++++- .../lib/codeql/ruby/ast/internal/Variable.qll | 41 +-- .../internal/ControlFlowGraphImpl.qll | 5 +- .../dataflow/internal/DataFlowPrivate.qll | 59 +++- ruby/ql/test/library-tests/ast/Ast.expected | 8 + .../test/library-tests/ast/ValueText.expected | 2 + .../dataflow/params/TypeTracker.expected | 294 ++++++++++++++++++ .../dataflow/params/params-flow.expected | 68 ++++ .../dataflow/params/params_flow.rb | 12 +- 17 files changed, 756 insertions(+), 85 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ast/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/Expr.qll index 3e17c573b50f..5f916fbec5cf 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Expr.qll @@ -248,13 +248,7 @@ class ParenthesizedExpr extends StmtSequence, TParenthesizedExpr { * baz(qux: 1) * ``` */ -class Pair extends Expr, TPair { - private Ruby::Pair g; - - Pair() { this = TPair(g) } - - final override string getAPrimaryQlClass() { result = "Pair" } - +class Pair extends Expr instanceof PairImpl { /** * Gets the key expression of this pair. For example, the `SymbolLiteral` * representing the keyword `foo` in the following example: @@ -266,7 +260,7 @@ class Pair extends Expr, TPair { * { 'foo' => 123 } * ``` */ - final Expr getKey() { toGenerated(result) = g.getKey() } + final Expr getKey() { result = PairImpl.super.getKey() } /** * Gets the value expression of this pair. For example, the `IntegerLiteral` @@ -275,20 +269,9 @@ class Pair extends Expr, TPair { * { 'foo' => 123 } * ``` */ - final Expr getValue() { - toGenerated(result) = g.getValue() or - synthChild(this, 0, result) - } - - final override string toString() { result = "Pair" } + final Expr getValue() { result = PairImpl.super.getValue() } - final override AstNode getAChild(string pred) { - result = super.getAChild(pred) - or - pred = "getKey" and result = this.getKey() - or - pred = "getValue" and result = this.getValue() - } + final override string getAPrimaryQlClass() { result = "Pair" } } /** diff --git a/ruby/ql/lib/codeql/ruby/ast/Literal.qll b/ruby/ql/lib/codeql/ruby/ast/Literal.qll index 059db251fc44..cdeae9e64a6e 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Literal.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Literal.qll @@ -305,7 +305,9 @@ class StringlikeLiteral extends Literal instanceof StringlikeLiteralImpl { final override AstNode getAChild(string pred) { result = Literal.super.getAChild(pred) or - pred = "getComponent" and result = this.getComponent(_) + pred = "getComponent" and + result = this.getComponent(_) and + not this instanceof SimpleSymbolLiteralSynth } } diff --git a/ruby/ql/lib/codeql/ruby/ast/Operation.qll b/ruby/ql/lib/codeql/ruby/ast/Operation.qll index e5c68b72c8fd..2e005a207e3f 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Operation.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Operation.qll @@ -92,10 +92,6 @@ class SplatExpr extends UnaryOperation, TSplatExpr { * ``` */ class HashSplatExpr extends UnaryOperation, THashSplatExpr { - private Ruby::HashSplatArgument g; - - HashSplatExpr() { this = THashSplatExpr(g) } - final override string getAPrimaryQlClass() { result = "HashSplatExpr" } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll index 91f20773917f..badcf1d6c6ff 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll @@ -164,7 +164,8 @@ private module Cached { THashKeySymbolLiteral(Ruby::HashKeySymbol g) or THashLiteral(Ruby::Hash g) or THashPattern(Ruby::HashPattern g) or - THashSplatExpr(Ruby::HashSplatArgument g) or + THashSplatExprReal(Ruby::HashSplatArgument g) or + THashSplatExprSynth(Ast::AstNode parent, int i) { mkSynthChild(HashSplatExprKind(), parent, i) } or THashSplatNilParameter(Ruby::HashSplatNil g) { not g.getParent() instanceof Ruby::HashPattern } or THashSplatParameter(Ruby::HashSplatParameter g) { not g.getParent() instanceof Ruby::HashPattern @@ -232,7 +233,8 @@ private module Cached { TNotExprReal(Ruby::Unary g) { g instanceof @ruby_unary_bang or g instanceof @ruby_unary_not } or TNotExprSynth(Ast::AstNode parent, int i) { mkSynthChild(NotExprKind(), parent, i) } or TOptionalParameter(Ruby::OptionalParameter g) or - TPair(Ruby::Pair g) or + TPairReal(Ruby::Pair g) or + TPairSynth(Ast::AstNode parent, int i) { mkSynthChild(PairExprKind(), parent, i) } or TParenthesizedExpr(Ruby::ParenthesizedStatements g) or TParenthesizedPattern(Ruby::ParenthesizedPattern g) or TRShiftExprReal(Ruby::Binary g) { g instanceof @ruby_binary_ranglerangle } or @@ -274,7 +276,10 @@ private module Cached { TSimpleParameterSynth(Ast::AstNode parent, int i) { mkSynthChild(SimpleParameterKind(), parent, i) } or - TSimpleSymbolLiteral(Ruby::SimpleSymbol g) or + TSimpleSymbolLiteralReal(Ruby::SimpleSymbol g) or + TSimpleSymbolLiteralSynth(Ast::AstNode parent, int i, string value) { + mkSynthChild(SymbolLiteralExprKind(value), parent, i) + } or TSingletonClass(Ruby::SingletonClass g) or TSingletonMethod(Ruby::SingletonMethod g) or TSpaceshipExpr(Ruby::Binary g) { g instanceof @ruby_binary_langleequalrangle } or @@ -362,19 +367,19 @@ private module Cached { TEnsure or TEqExpr or TExponentExprReal or TFalseLiteral or TFile or TFindPattern or TFloatLiteral or TForExpr or TForwardParameter or TForwardArgument or TGEExpr or TGTExpr or TGlobalVariableAccessReal or THashKeySymbolLiteral or THashLiteral or THashPattern or - THashSplatExpr or THashSplatNilParameter or THashSplatParameter or THereDoc or + THashSplatExprReal or THashSplatNilParameter or THashSplatParameter or THereDoc or TIdentifierMethodCall or TIfReal or TIfModifierExpr or TInClauseReal or TInstanceVariableAccessReal or TIntegerLiteralReal or TKeywordParameter or TLEExpr or TLShiftExprReal or TLTExpr or TLambda or TLeftAssignmentList or TLine or TLocalVariableAccessReal or TLogicalAndExprReal or TLogicalOrExprReal or TMethod or TMatchPattern or TModuleDeclaration or TModuloExprReal or TMulExprReal or TNEExpr or TNextStmt or TNilLiteralReal or TNoRegExpMatchExpr or TNotExprReal or TOptionalParameter or - TPair or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or + TPairReal or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or TRangeLiteralReal or TRationalLiteral or TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or TRegularArrayLiteral or TRegularMethodCall or TRegularStringLiteral or TRegularSuperCall or TRescueClause or TRescueModifierExpr or TRetryStmt or TReturnStmt or TScopeResolutionConstantAccess or TSelfReal or TSimpleParameterReal or - TSimpleSymbolLiteral or TSingletonClass or TSingletonMethod or TSpaceshipExpr or + TSimpleSymbolLiteralReal or TSingletonClass or TSingletonMethod or TSpaceshipExpr or TSplatExprReal or TSplatParameter or TStringArrayLiteral or TStringConcatenation or TStringEscapeSequenceComponent or TStringInterpolationComponent or TStringTextComponent or TSubExprReal or TSubshellLiteral or TSymbolArrayLiteral or TTernaryIfExpr or TTestPattern or @@ -392,7 +397,8 @@ private module Cached { TLShiftExprSynth or TLocalVariableAccessSynth or TLogicalAndExprSynth or TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or TMulExprSynth or TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or - TSimpleParameterSynth or TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth; + TSimpleParameterSynth or TSplatExprSynth or THashSplatExprSynth or TStmtSequenceSynth or + TSubExprSynth or TPairSynth or TSimpleSymbolLiteralSynth; /** * Gets the underlying TreeSitter entity for a given AST node. This does not @@ -468,7 +474,7 @@ private module Cached { n = THashKeySymbolLiteral(result) or n = THashLiteral(result) or n = THashPattern(result) or - n = THashSplatExpr(result) or + n = THashSplatExprReal(result) or n = THashSplatNilParameter(result) or n = THashSplatParameter(result) or n = THereDoc(result) or @@ -499,7 +505,7 @@ private module Cached { n = TNoRegExpMatchExpr(result) or n = TNotExprReal(result) or n = TOptionalParameter(result) or - n = TPair(result) or + n = TPairReal(result) or n = TParenthesizedExpr(result) or n = TParenthesizedPattern(result) or n = TRangeLiteralReal(result) or @@ -519,7 +525,7 @@ private module Cached { n = TScopeResolutionConstantAccess(result, _) or n = TSelfReal(result) or n = TSimpleParameterReal(result) or - n = TSimpleSymbolLiteral(result) or + n = TSimpleSymbolLiteralReal(result) or n = TSingletonClass(result) or n = TSingletonMethod(result) or n = TSpaceshipExpr(result) or @@ -633,9 +639,15 @@ private module Cached { or result = TSplatExprSynth(parent, i) or + result = THashSplatExprSynth(parent, i) + or result = TStmtSequenceSynth(parent, i) or result = TSubExprSynth(parent, i) + or + result = TPairSynth(parent, i) + or + result = TSimpleSymbolLiteralSynth(parent, i, _) } /** @@ -726,6 +738,8 @@ class TSelf = TSelfReal or TSelfSynth; class TDestructuredLhsExpr = TDestructuredLeftAssignment or TLeftAssignmentList; +class TPair = TPairReal or TPairSynth; + class TExpr = TSelf or TArgumentList or TRescueClause or TRescueModifierExpr or TPair or TStringConcatenation or TCall or TBlockArgument or TConstantAccess or TControlExpr or TLiteral or TCallable or @@ -734,6 +748,8 @@ class TExpr = class TSplatExpr = TSplatExprReal or TSplatExprSynth; +class THashSplatExpr = THashSplatExprReal or THashSplatExprSynth; + class TElse = TElseReal or TElseSynth; class TStmtSequence = @@ -768,13 +784,16 @@ class TStringInterpolationComponent = TStringInterpolationComponentNonRegexp or TStringInterpolationComponentRegexp; class TStringComponent = - TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent; + TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent or + TSimpleSymbolLiteralSynth; class TStringlikeLiteral = TStringLiteral or TRegExpLiteral or TSymbolLiteral or TSubshellLiteral or THereDoc; class TStringLiteral = TRegularStringLiteral or TBareStringLiteral; +class TSimpleSymbolLiteral = TSimpleSymbolLiteralReal or TSimpleSymbolLiteralSynth; + class TSymbolLiteral = TSimpleSymbolLiteral or TComplexSymbolLiteral or THashKeySymbolLiteral; class TComplexSymbolLiteral = TDelimitedSymbolLiteral or TBareSymbolLiteral; diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll index db97b932a832..5bb34989a904 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll @@ -2,6 +2,7 @@ private import TreeSitter private import Variable private import codeql.ruby.AST private import codeql.ruby.ast.internal.AST +private import codeql.ruby.ast.internal.Scope predicate isIdentifierMethodCall(Ruby::Identifier g) { vcall(g) and not access(g, _) } @@ -133,18 +134,61 @@ private string getSuperMethodName(Ruby::Super sup) { ) } +private Ruby::Identifier getParameter(Ruby::Method m, int pos, Ruby::AstNode param) { + scopeDefinesParameterVariable(m, _, result, pos) and + param = m.getParameters().getChild(pos) +} + class TokenSuperCall extends SuperCallImpl, TTokenSuperCall { private Ruby::Super g; TokenSuperCall() { this = TTokenSuperCall(g) } + Ruby::Method getEnclosingMethod() { result = scopeOf(toGenerated(this)).getEnclosingMethod() } + + int getNumberOfImplicitArguments() { + exists(Ruby::Method encl | + encl = this.getEnclosingMethod() and + result = count(getParameter(encl, _, _)) + ) + } + + /** + * Gets the local variable defined by parameter `param` which is used as an + * implicit argument at position `pos`. + * + * For example, in + * + * ```ruby + * class Sup + * def m(x) + * end + * end + * + * class Sub < Sup + * def m(x) + * super + * end + * end + * ``` + * + * `x` is an implicit argument at position 0 of the `super` call in `Sub#m`. + */ + pragma[nomagic] + LocalVariableReal getImplicitArgument(int pos, Ruby::AstNode param) { + exists(Ruby::Method encl | + encl = this.getEnclosingMethod() and + toGenerated(result.getDefiningAccessImpl()) = getParameter(encl, pos, param) + ) + } + final override string getMethodNameImpl() { result = getSuperMethodName(g) } final override Expr getReceiverImpl() { none() } - final override Expr getArgumentImpl(int n) { none() } + final override Expr getArgumentImpl(int n) { synthChild(this, n, result) } - final override int getNumberOfArgumentsImpl() { result = 0 } + final override int getNumberOfArgumentsImpl() { result = this.getNumberOfImplicitArguments() } final override Block getBlockImpl() { none() } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll index 9e8ca5e8fba6..ba4f9e51f4e9 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll @@ -120,3 +120,38 @@ class LeftAssignmentListImpl extends DestructuredLhsExprImpl, Ruby::LeftAssignme ) } } + +abstract class PairImpl extends Expr, TPair { + abstract Expr getKey(); + + abstract Expr getValue(); + + final override string toString() { result = "Pair" } + + final override AstNode getAChild(string pred) { + result = super.getAChild(pred) + or + pred = "getKey" and result = this.getKey() + or + pred = "getValue" and result = this.getValue() + } +} + +class PairReal extends PairImpl, TPairReal { + private Ruby::Pair g; + + PairReal() { this = TPairReal(g) } + + final override Expr getKey() { toGenerated(result) = g.getKey() } + + final override Expr getValue() { + toGenerated(result) = g.getValue() or + synthChild(this, 0, result) + } +} + +class PairSynth extends PairImpl, TPairSynth { + final override Expr getKey() { synthChild(this, 0, result) } + + final override Expr getValue() { synthChild(this, 1, result) } +} diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll index debcaf10c51e..a82256a0162a 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll @@ -608,16 +608,32 @@ class BareStringLiteral extends StringLiteralImpl, TBareStringLiteral { abstract class SymbolLiteralImpl extends StringlikeLiteralImpl, TSymbolLiteral { } -class SimpleSymbolLiteral extends SymbolLiteralImpl, TSimpleSymbolLiteral { +abstract class SimpleSymbolLiteralImpl extends SymbolLiteralImpl, TSimpleSymbolLiteral { } + +class SimpleSymbolLiteralReal extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteral { private Ruby::SimpleSymbol g; - SimpleSymbolLiteral() { this = TSimpleSymbolLiteral(g) } + SimpleSymbolLiteralReal() { this = TSimpleSymbolLiteralReal(g) } final override StringComponent getComponentImpl(int n) { n = 0 and toGenerated(result) = g } final override string toString() { result = g.getValue() } } +class SimpleSymbolLiteralSynth extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteralSynth, + StringComponentImpl +{ + private string value; + + SimpleSymbolLiteralSynth() { this = TSimpleSymbolLiteralSynth(_, _, value) } + + final override string getValue() { result = value } + + final override StringComponent getComponentImpl(int n) { n = 0 and result = this } + + final override string toString() { result = value } +} + abstract class ComplexSymbolLiteral extends SymbolLiteralImpl, TComplexSymbolLiteral { } class DelimitedSymbolLiteral extends ComplexSymbolLiteral, TDelimitedSymbolLiteral { diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll index 6fcf0bfc737f..54c763e24d39 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll @@ -45,36 +45,42 @@ class NotExprSynth extends NotExprImpl, TNotExprSynth { final override Expr getOperandImpl() { synthChild(this, 0, result) } } -class SplatExprReal extends UnaryOperationImpl, TSplatExprReal { +abstract class SplatExprImpl extends UnaryOperationImpl, TSplatExpr { + final override string getOperatorImpl() { result = "*" } +} + +class SplatExprReal extends SplatExprImpl, TSplatExprReal { private Ruby::SplatArgument g; SplatExprReal() { this = TSplatExprReal(g) } - final override string getOperatorImpl() { result = "*" } - final override Expr getOperandImpl() { toGenerated(result) = g.getChild() or synthChild(this, 0, result) } } -class SplatExprSynth extends UnaryOperationImpl, TSplatExprSynth { - final override string getOperatorImpl() { result = "*" } - +class SplatExprSynth extends SplatExprImpl, TSplatExprSynth { final override Expr getOperandImpl() { synthChild(this, 0, result) } } -class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr { +abstract class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr { + final override string getOperatorImpl() { result = "**" } +} + +class HashSplatExprReal extends HashSplatExprImpl, THashSplatExprReal { private Ruby::HashSplatArgument g; - HashSplatExprImpl() { this = THashSplatExpr(g) } + HashSplatExprReal() { this = THashSplatExprReal(g) } final override Expr getOperandImpl() { toGenerated(result) = g.getChild() or synthChild(this, 0, result) } +} - final override string getOperatorImpl() { result = "**" } +class HashSplatExprSynth extends HashSplatExprImpl, THashSplatExprSynth { + final override Expr getOperandImpl() { synthChild(this, 0, result) } } abstract class DefinedExprImpl extends UnaryOperationImpl, TDefinedExpr { } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll index f33fb647bf3e..5d1ee81c0139 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll @@ -11,7 +11,7 @@ private import codeql.ruby.ast.internal.Scope private import codeql.ruby.AST /** A synthesized AST node kind. */ -newtype SynthKind = +newtype TSynthKind = AddExprKind() or AssignExprKind() or BitwiseAndExprKind() or @@ -42,16 +42,107 @@ newtype SynthKind = MulExprKind() or NilLiteralKind() or NotExprKind() or + PairExprKind() or RangeLiteralKind(boolean inclusive) { inclusive in [false, true] } or RShiftExprKind() or SimpleParameterKind() or SplatExprKind() or + HashSplatExprKind() or + SymbolLiteralExprKind(string value) { + value = any(Ruby::SimpleSymbol s).getValue() + or + value = any(Ruby::KeywordParameter p).getName().getValue() + } or StmtSequenceKind() or SelfKind(SelfVariable v) or SubExprKind() or ConstantReadAccessKind(string value) { any(Synthesis s).constantReadAccess(value) } or ConstantWriteAccessKind(string value) { any(Synthesis s).constantWriteAccess(value) } +class SynthKind extends TSynthKind { + string toString() { + this = AddExprKind() and result = "AddExprKind" + or + this = AssignExprKind() and result = "AssignExprKind" + or + this = BitwiseAndExprKind() and result = "BitwiseAndExprKind" + or + this = BitwiseOrExprKind() and result = "BitwiseOrExprKind" + or + this = BitwiseXorExprKind() and result = "BitwiseXorExprKind" + or + this = BooleanLiteralKind(_) and result = "BooleanLiteralKind" + or + this = BraceBlockKind() and result = "BraceBlockKind" + or + this = CaseMatchKind() and result = "CaseMatchKind" + or + this = ClassVariableAccessKind(_) and result = "ClassVariableAccessKind" + or + this = DefinedExprKind() and result = "DefinedExprKind" + or + this = DivExprKind() and result = "DivExprKind" + or + this = ElseKind() and result = "ElseKind" + or + this = ExponentExprKind() and result = "ExponentExprKind" + or + this = GlobalVariableAccessKind(_) and result = "GlobalVariableAccessKind" + or + this = IfKind() and result = "IfKind" + or + this = InClauseKind() and result = "InClauseKind" + or + this = InstanceVariableAccessKind(_) and result = "InstanceVariableAccessKind" + or + this = IntegerLiteralKind(_) and result = "IntegerLiteralKind" + or + this = LShiftExprKind() and result = "LShiftExprKind" + or + this = LocalVariableAccessRealKind(_) and result = "LocalVariableAccessRealKind" + or + this = LocalVariableAccessSynthKind(_) and result = "LocalVariableAccessSynthKind" + or + this = LogicalAndExprKind() and result = "LogicalAndExprKind" + or + this = LogicalOrExprKind() and result = "LogicalOrExprKind" + or + this = MethodCallKind(_, _, _) and result = "MethodCallKind" + or + this = ModuloExprKind() and result = "ModuloExprKind" + or + this = MulExprKind() and result = "MulExprKind" + or + this = NilLiteralKind() and result = "NilLiteralKind" + or + this = NotExprKind() and result = "NotExprKind" + or + this = PairExprKind() and result = "PairExprKind" + or + this = RangeLiteralKind(_) and result = "RangeLiteralKind" + or + this = RShiftExprKind() and result = "RShiftExprKind" + or + this = SimpleParameterKind() and result = "SimpleParameterKind" + or + this = SplatExprKind() and result = "SplatExprKind" + or + this = HashSplatExprKind() and result = "HashSplatExprKind" + or + this = SymbolLiteralExprKind(_) and result = "SymbolLiteralExprKind" + or + this = StmtSequenceKind() and result = "StmtSequenceKind" + or + this = SubExprKind() and result = "SubExprKind" + or + this = SelfKind(_) and result = "SelfKind" + or + this = ConstantReadAccessKind(_) and result = "ConstantReadAccessKind" + or + this = ConstantWriteAccessKind(_) and result = "ConstantWriteAccessKind" + } +} + /** * An AST child. * @@ -441,7 +532,7 @@ private module AssignOperationDesugar { pragma[nomagic] SynthKind getVariableAccessKind() { result in [ - LocalVariableAccessRealKind(v).(SynthKind), InstanceVariableAccessKind(v), + LocalVariableAccessRealKind(v).(TSynthKind), InstanceVariableAccessKind(v), ClassVariableAccessKind(v), GlobalVariableAccessKind(v) ] } @@ -1802,3 +1893,59 @@ private module MatchPatternDesugar { } } } + +private module ImplicitSuperArgsSynthesis { + pragma[nomagic] + private predicate superCallSynthesis(AstNode parent, int i, Child child) { + exists(TokenSuperCall call, SynthChild access, int pos, Ruby::AstNode param | + access = SynthChild(LocalVariableAccessRealKind(call.getImplicitArgument(pos, param))) + | + parent = call and + param instanceof Ruby::Identifier and + i = pos and + child = access + or + param instanceof Ruby::SplatParameter and + ( + parent = call and + i = pos and + child = SynthChild(SplatExprKind()) + or + parent = TSplatExprSynth(call, pos) and + i = 0 and + child = access + ) + or + param instanceof Ruby::HashSplatParameter and + ( + parent = call and + i = pos and + child = SynthChild(HashSplatExprKind()) + or + parent = THashSplatExprSynth(call, pos) and + i = 0 and + child = access + ) + or + exists(string name | name = param.(Ruby::KeywordParameter).getName().getValue() | + parent = call and + i = pos and + child = SynthChild(PairExprKind()) + or + parent = TPairSynth(call, pos) and + i = 0 and + child = SynthChild(SymbolLiteralExprKind(name)) + or + parent = TPairSynth(call, pos) and + i = 1 and + child = access + ) + ) + } + + private class SuperCallSynthesis extends Synthesis { + final override predicate child(AstNode parent, int i, Child child) { + superCallSynthesis(parent, i, child) + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll index 51e5d4b56300..bea1ddadbfb3 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll @@ -49,11 +49,11 @@ predicate implicitAssignmentNode(Ruby::AstNode n) { } /** Holds if `n` is inside a parameter. */ -predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c) { - n = c.getParameter(_) or - n = c.(Ruby::Block).getParameters().getLocals(_) or - n = c.(Ruby::DoBlock).getParameters().getLocals(_) or - implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c) +predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c, int pos) { + n = c.getParameter(pos) or + n = c.(Ruby::Block).getParameters().getLocals(pos) or + n = c.(Ruby::DoBlock).getParameters().getLocals(pos) or + implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c, pos) } private predicate instanceVariableAccess( @@ -77,26 +77,29 @@ private ModuleBase::Range enclosingModuleOrClass(Ruby::AstNode node) { exists(Scope::Range s | scopeOf(node) = s and result = s.getEnclosingModule()) } -private predicate parameterAssignment(Callable::Range scope, string name, Ruby::Identifier i) { - implicitParameterAssignmentNode(i, scope) and +private predicate parameterAssignment( + Callable::Range scope, string name, Ruby::Identifier i, int pos +) { + implicitParameterAssignmentNode(i, scope, pos) and name = i.getValue() } /** Holds if `scope` defines `name` in its parameter declaration at `i`. */ -private predicate scopeDefinesParameterVariable( - Callable::Range scope, string name, Ruby::Identifier i +predicate scopeDefinesParameterVariable( + Callable::Range scope, string name, Ruby::Identifier i, int pos ) { // In case of overlapping parameter names (e.g. `_`), only the first // parameter will give rise to a variable i = min(Ruby::Identifier other | - parameterAssignment(scope, name, other) + parameterAssignment(scope, name, other, _) | other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn() - ) + ) and + parameterAssignment(scope, name, _, pos) or exists(Parameter::Range p | - p = scope.getParameter(_) and + p = scope.getParameter(pos) and name = i.getValue() | i = p.(Ruby::BlockParameter).getName() or @@ -153,7 +156,7 @@ private module Cached { ) } or TLocalVariableReal(Scope::Range scope, string name, Ruby::AstNode i) { - scopeDefinesParameterVariable(scope, name, i) + scopeDefinesParameterVariable(scope, name, i, _) or i = min(Ruby::AstNode other | @@ -161,7 +164,7 @@ private module Cached { | other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn() ) and - not scopeDefinesParameterVariable(scope, name, _) and + not scopeDefinesParameterVariable(scope, name, _, _) and not inherits(scope, name, _) } or TSelfVariable(SelfBase::Range scope) or @@ -330,8 +333,8 @@ private module Cached { not access.getLocation().strictlyBefore(variable.getLocationImpl()) and // In case of overlapping parameter names, later parameters should not // be considered accesses to the first parameter - if parameterAssignment(_, _, access) - then scopeDefinesParameterVariable(_, _, access) + if parameterAssignment(_, _, access, _) + then scopeDefinesParameterVariable(_, _, access, _) else any() or exists(Scope::Range declScope | @@ -360,7 +363,7 @@ private module Cached { predicate implicitWriteAccess(Access access) { implicitAssignmentNode(access) or - scopeDefinesParameterVariable(_, _, access) + scopeDefinesParameterVariable(_, _, access, _) } cached @@ -399,11 +402,11 @@ private predicate inherits(Scope::Range scope, string name, Scope::Range outer) scope instanceof Ruby::DoBlock or scope instanceof Ruby::Lambda ) and - not scopeDefinesParameterVariable(scope, name, _) and + not scopeDefinesParameterVariable(scope, name, _, _) and ( outer = scope.getOuterScope() and ( - scopeDefinesParameterVariable(outer, name, _) + scopeDefinesParameterVariable(outer, name, _, _) or exists(Ruby::AstNode i | scopeAssigns(outer, name, i) and diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll index 584e5d1c1acc..dd672ba982d7 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll @@ -1430,7 +1430,10 @@ module Trees { } private class StringlikeLiteralTree extends StandardPostOrderTree instanceof StringlikeLiteral { - StringlikeLiteralTree() { not this instanceof HereDoc } + StringlikeLiteralTree() { + not this instanceof HereDoc and + not this instanceof AstInternal::TSimpleSymbolLiteralSynth + } final override ControlFlowTree getChildNode(int i) { result = super.getComponent(i) } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index da0c03797172..4045c11ef76e 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -1,6 +1,7 @@ private import codeql.util.Boolean private import codeql.util.Unit private import codeql.ruby.AST +private import codeql.ruby.ast.internal.Call private import codeql.ruby.ast.internal.Synthesis private import codeql.ruby.CFG private import codeql.ruby.dataflow.SSA @@ -468,9 +469,12 @@ private module Cached { TSelfToplevelParameterNode(Toplevel t) or TLambdaSelfReferenceNode(Callable c) { lambdaCreationExpr(_, _, c) } or TImplicitBlockParameterNode(MethodBase m) { not m.getAParameter() instanceof BlockParameter } or - TImplicitBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode yield) { + TImplicitYieldBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode yield) { yield = any(BlockParameterNode b).getAYieldCall() } or + TImplicitSuperBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode sup) { + sup = any(BlockParameterNode b).getASuperCall() + } or TSynthHashSplatParameterNode(DataFlowCallable c) { isParameterNode(_, c, any(ParameterPosition p | p.isKeyword(_))) } or @@ -1032,6 +1036,11 @@ private module ParameterNodes { CfgNodes::ExprNodes::CallCfgNode getAYieldCall() { this.getMethod() = result.getExpr().(YieldCall).getEnclosingMethod() } + + CfgNodes::ExprNodes::CallCfgNode getASuperCall() { + this.getMethod() = result.getExpr().getEnclosingMethod() and + result.getExpr() instanceof TokenSuperCall + } } private class ExplicitBlockParameterNode extends BlockParameterNode, NormalParameterNode { @@ -1298,15 +1307,23 @@ module ArgumentNodes { } } - class ImplicitBlockArgumentNode extends NodeImpl, ArgumentNode, TImplicitBlockArgumentNode { + abstract class ImplicitBlockArgumentNode extends NodeImpl, ArgumentNode { + pragma[nomagic] + abstract BlockParameterNode getParameterNode(boolean inSameScope); + + override string toStringImpl() { result = "yield block argument" } + } + + class ImplicitYieldBlockArgumentNode extends ImplicitBlockArgumentNode, + TImplicitYieldBlockArgumentNode + { CfgNodes::ExprNodes::CallCfgNode yield; - ImplicitBlockArgumentNode() { this = TImplicitBlockArgumentNode(yield) } + ImplicitYieldBlockArgumentNode() { this = TImplicitYieldBlockArgumentNode(yield) } CfgNodes::ExprNodes::CallCfgNode getYieldCall() { result = yield } - pragma[nomagic] - BlockParameterNode getParameterNode(boolean inSameScope) { + override BlockParameterNode getParameterNode(boolean inSameScope) { result.getAYieldCall() = yield and if nodeGetEnclosingCallable(this) = nodeGetEnclosingCallable(result) then inSameScope = true @@ -1326,8 +1343,36 @@ module ArgumentNodes { override CfgScope getCfgScope() { result = yield.getScope() } override Location getLocationImpl() { result = yield.getLocation() } + } - override string toStringImpl() { result = "yield block argument" } + class ImplicitSuperBlockArgumentNode extends ImplicitBlockArgumentNode, + TImplicitSuperBlockArgumentNode + { + CfgNodes::ExprNodes::CallCfgNode sup; + + ImplicitSuperBlockArgumentNode() { this = TImplicitSuperBlockArgumentNode(sup) } + + CfgNodes::ExprNodes::CallCfgNode getSuperCall() { result = sup } + + override BlockParameterNode getParameterNode(boolean inSameScope) { + result.getASuperCall() = sup and + if nodeGetEnclosingCallable(this) = nodeGetEnclosingCallable(result) + then inSameScope = true + else inSameScope = false + } + + override predicate sourceArgumentOf(CfgNodes::ExprNodes::CallCfgNode call, ArgumentPosition pos) { + call = sup and + pos.isBlock() + } + + override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { + this.sourceArgumentOf(call.asCall(), pos) + } + + override CfgScope getCfgScope() { result = sup.getScope() } + + override Location getLocationImpl() { result = sup.getLocation() } } private class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode { @@ -2152,7 +2197,7 @@ private predicate lambdaCallExpr( */ predicate lambdaSourceCall(CfgNodes::ExprNodes::CallCfgNode call, LambdaCallKind kind, Node receiver) { kind = TYieldCallKind() and - call = receiver.(ImplicitBlockArgumentNode).getYieldCall() + call = receiver.(ImplicitYieldBlockArgumentNode).getYieldCall() or kind = TLambdaCallKind() and lambdaCallExpr(call, receiver.asExpr()) diff --git a/ruby/ql/test/library-tests/ast/Ast.expected b/ruby/ql/test/library-tests/ast/Ast.expected index 5c29d3f536d7..294edfdab1e6 100644 --- a/ruby/ql/test/library-tests/ast/Ast.expected +++ b/ruby/ql/test/library-tests/ast/Ast.expected @@ -3185,6 +3185,14 @@ params/params.rb: # 106| getParameter: [HashSplatParameter] **kwargs # 106| getDefiningAccess: [LocalVariableAccess] kwargs # 107| getStmt: [SuperCall] super call to m +# 107| getArgument: [HashSplatExpr] ** ... +# 107| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] kwargs +# 107| getArgument: [Pair] Pair +# 107| getKey: [SymbolLiteral] k +# 107| getValue: [LocalVariableAccess] k +# 107| getArgument: [SplatExpr] * ... +# 107| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] rest +# 107| getArgument: [LocalVariableAccess] y # 111| getStmt: [MethodCall] call to m # 111| getReceiver: [MethodCall] call to new # 111| getReceiver: [ConstantReadAccess] Sub diff --git a/ruby/ql/test/library-tests/ast/ValueText.expected b/ruby/ql/test/library-tests/ast/ValueText.expected index 195beb5f2e38..283eef73d25b 100644 --- a/ruby/ql/test/library-tests/ast/ValueText.expected +++ b/ruby/ql/test/library-tests/ast/ValueText.expected @@ -943,6 +943,7 @@ exprValue | params/params.rb:70:52:70:53 | 20 | 20 | int | | params/params.rb:100:15:100:15 | 1 | 1 | int | | params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:107:5:107:9 | k | :k | symbol | | params/params.rb:111:11:111:12 | 42 | 42 | int | | params/params.rb:111:15:111:15 | :k | :k | symbol | | params/params.rb:111:18:111:19 | 22 | 22 | int | @@ -1862,6 +1863,7 @@ exprCfgNodeValue | params/params.rb:70:52:70:53 | 20 | 20 | int | | params/params.rb:100:15:100:15 | 1 | 1 | int | | params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:107:5:107:9 | k | :k | symbol | | params/params.rb:111:11:111:12 | 42 | 42 | int | | params/params.rb:111:15:111:15 | :k | :k | symbol | | params/params.rb:111:18:111:19 | 22 | 22 | int | diff --git a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected index 99c21ba6f759..80e9e84a83a1 100644 --- a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected @@ -52,8 +52,14 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:168:26:168:35 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:181:28:181:29 | p2 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:200:9:200:9 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:11:222:11 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element | params_flow.rb:9:1:12:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:9:1:12:3 | synthetic splat parameter | @@ -90,8 +96,17 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:133:14:133:18 | *args | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:134:5:134:16 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:200:1:205:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:64:16:64:17 | *x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:15 | [post] ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:38 | call to insert | @@ -115,19 +130,30 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:181:1:183:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:182:5:182:20 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:98:1:103:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:133:14:133:18 | *args | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 5 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:16:1:19:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:1:31:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:17:25:24 | **kwargs | @@ -497,6 +523,9 @@ track | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | type tracker without call steps | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | type tracker without call steps | params_flow.rb:9:1:12:3 | &block | @@ -3184,31 +3213,70 @@ track | params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:217:9:217:23 | yield block argument | type tracker without call steps | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | | params_flow.rb:217:15:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:21:217:22 | 86 | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:221:1:225:3 | self (Sub) | type tracker without call steps | params_flow.rb:221:1:225:3 | self (Sub) | | params_flow.rb:221:13:221:15 | Sup | type tracker without call steps | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | | params_flow.rb:222:5:224:7 | &block | type tracker without call steps | params_flow.rb:222:5:224:7 | &block | | params_flow.rb:222:5:224:7 | m | type tracker without call steps | params_flow.rb:222:5:224:7 | m | | params_flow.rb:222:5:224:7 | self in m | type tracker without call steps | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | | params_flow.rb:222:5:224:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | | params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 or unknown | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:222:14:222:18 | *rest | type tracker without call steps | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps with content element 0 or unknown | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:222:15:222:18 | rest | type tracker without call steps | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:222:26:222:33 | **kwargs | type tracker without call steps | params_flow.rb:222:26:222:33 | **kwargs | | params_flow.rb:222:28:222:33 | kwargs | type tracker without call steps | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | * ... | type tracker with call steps | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:223:9:223:13 | * ... | type tracker without call steps | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:223:9:223:13 | ** ... | type tracker with call steps | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:223:9:223:13 | ** ... | type tracker with call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | ** ... | type tracker without call steps | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:223:9:223:13 | Pair | type tracker without call steps | params_flow.rb:223:9:223:13 | Pair | +| params_flow.rb:223:9:223:13 | k1 | type tracker without call steps | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | type tracker with call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:223:9:223:13 | synthetic splat argument | type tracker without call steps | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:223:9:223:13 | yield block argument | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:223:9:223:13 | yield block argument | type tracker without call steps | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:1:227:3 | Sub | type tracker without call steps | params_flow.rb:227:1:227:3 | Sub | | params_flow.rb:227:1:227:7 | call to new | type tracker with call steps | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:227:1:227:7 | call to new | type tracker without call steps | params_flow.rb:227:1:227:7 | call to new | @@ -3217,74 +3285,150 @@ track | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker with call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:210:11:210:11 | x | | params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:11:227:19 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:11:227:19 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:210:11:210:11 | x | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:17:227:18 | 81 | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | | params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:22:227:30 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:28:227:29 | 82 | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 0 | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 0 | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:33:227:33 | 0 | type tracker without call steps | params_flow.rb:227:33:227:33 | 0 | | params_flow.rb:227:33:227:33 | 0 | type tracker without call steps with content element 2 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:36:227:44 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:42:227:43 | 83 | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 0 | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:47:227:48 | :k1 | type tracker without call steps | params_flow.rb:227:47:227:48 | :k1 | | params_flow.rb:227:47:227:59 | Pair | type tracker without call steps | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | | params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:51:227:59 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:57:227:58 | 84 | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element 0 | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:62:227:63 | :k2 | type tracker without call steps | params_flow.rb:227:62:227:63 | :k2 | | params_flow.rb:227:62:227:74 | Pair | type tracker without call steps | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:66:227:74 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:72:227:73 | 85 | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element 0 | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:77:229:3 | self | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | | params_flow.rb:227:77:229:3 | self | type tracker without call steps | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | | params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:222:5:224:7 | &block | | params_flow.rb:227:77:229:3 | do ... end | type tracker without call steps | params_flow.rb:227:77:229:3 | do ... end | | params_flow.rb:227:77:229:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:227:77:229:3 | synthetic splat parameter | @@ -3293,6 +3437,9 @@ track | params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | type tracker without call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:228:5:228:11 | synthetic splat argument | type tracker without call steps | params_flow.rb:228:5:228:11 | synthetic splat argument | trackEnd @@ -3688,14 +3835,30 @@ trackEnd | params_flow.rb:1:11:1:11 | x | params_flow.rb:200:9:200:9 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:201:11:201:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:202:11:202:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:211:14:211:14 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:1:11:1:11 | x | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:223:9:223:13 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:223:9:223:13 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:228:10:228:10 | x | | params_flow.rb:5:1:7:3 | &block | params_flow.rb:5:1:7:3 | &block | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self (sink) | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self in sink | @@ -3798,6 +3961,9 @@ trackEnd | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:214:9:214:21 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:215:9:215:16 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | params_flow.rb:9:1:12:3 | &block | @@ -6519,81 +6685,203 @@ trackEnd | params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:217:9:217:23 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:6:10:6:10 | x | | params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:228:10:228:10 | x | | params_flow.rb:217:15:217:23 | synthetic splat argument | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:6:10:6:10 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:228:10:228:10 | x | | params_flow.rb:221:1:225:3 | self (Sub) | params_flow.rb:221:1:225:3 | self (Sub) | | params_flow.rb:221:13:221:15 | Sup | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:217:9:217:23 | yield block argument | | params_flow.rb:222:5:224:7 | &block | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:222:5:224:7 | m | params_flow.rb:221:1:225:3 | Sub | | params_flow.rb:222:5:224:7 | m | params_flow.rb:222:5:224:7 | m | | params_flow.rb:222:5:224:7 | self in m | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | | params_flow.rb:222:5:224:7 | synthetic splat parameter | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:211:14:211:14 | x | | params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | | params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:223:9:223:13 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:223:9:223:13 | rest | | params_flow.rb:222:15:222:18 | rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:223:9:223:13 | kwargs | | params_flow.rb:222:28:222:33 | kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:212:14:212:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:213:14:213:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:214:14:214:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:223:9:223:13 | Pair | params_flow.rb:223:9:223:13 | Pair | +| params_flow.rb:223:9:223:13 | k1 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:223:9:223:13 | synthetic splat argument | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:1:227:3 | Sub | params_flow.rb:227:1:227:3 | Sub | | params_flow.rb:227:1:227:7 | call to new | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:227:1:227:7 | call to new | params_flow.rb:227:1:227:7 | call to new | | params_flow.rb:227:1:229:3 | call to m | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:223:9:223:13 | kwargs | | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:211:14:211:14 | x | | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:223:9:223:13 | x | | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:11:227:19 | synthetic splat argument | params_flow.rb:227:11:227:19 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:211:14:211:14 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:223:9:223:13 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:22:227:30 | synthetic splat argument | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:213:14:213:20 | ...[...] | | params_flow.rb:227:33:227:33 | 0 | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:214:14:214:20 | ...[...] | | params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:36:227:44 | synthetic splat argument | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:214:14:214:20 | ...[...] | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:42:227:43 | 83 | | params_flow.rb:227:47:227:48 | :k1 | params_flow.rb:227:47:227:48 | :k1 | | params_flow.rb:227:47:227:59 | Pair | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:215:14:215:15 | k1 | | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:51:227:59 | synthetic splat argument | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:57:227:58 | 84 | | params_flow.rb:227:62:227:63 | :k2 | params_flow.rb:227:62:227:63 | :k2 | | params_flow.rb:227:62:227:74 | Pair | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:66:227:74 | synthetic splat argument | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:72:227:73 | 85 | | params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self (sink) | @@ -6601,7 +6889,10 @@ trackEnd | params_flow.rb:227:77:229:3 | self | params_flow.rb:6:5:6:10 | self | | params_flow.rb:227:77:229:3 | self | params_flow.rb:227:77:229:3 | self | | params_flow.rb:227:77:229:3 | self | params_flow.rb:228:5:228:11 | self | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:217:9:217:23 | yield block argument | | params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:227:77:229:3 | do ... end | | params_flow.rb:227:77:229:3 | synthetic splat parameter | params_flow.rb:227:77:229:3 | synthetic splat parameter | | params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | @@ -6611,6 +6902,9 @@ trackEnd | params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:228:5:228:11 | synthetic splat argument | params_flow.rb:228:5:228:11 | synthetic splat argument | forwardButNoBackwardFlow diff --git a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected index 93946da9c117..6d00378560b6 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected +++ b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected @@ -174,6 +174,34 @@ edges | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | provenance | | | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] | provenance | | | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | params_flow.rb:193:6:193:10 | ...[...] | provenance | | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:211:14:211:14 | x | provenance | | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | provenance | | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | provenance | | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:215:14:215:15 | k1 | provenance | | +| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | params_flow.rb:212:14:212:20 | ...[...] | provenance | | +| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | params_flow.rb:214:14:214:20 | ...[...] | provenance | | +| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | params_flow.rb:216:14:216:24 | ...[...] | provenance | | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | provenance | | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:223:9:223:13 | x | provenance | | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | provenance | | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | provenance | | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:223:9:223:13 | k1 | provenance | | +| params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | provenance | | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | provenance | | +| params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | k1 | params_flow.rb:210:21:210:22 | k1 | provenance | | +| params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | provenance | | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | provenance | | +| params_flow.rb:223:9:223:13 | x | params_flow.rb:210:11:210:11 | x | provenance | | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | provenance | | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | provenance | | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | provenance | | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | provenance | | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | provenance | | nodes | params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 | | params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 | @@ -373,6 +401,40 @@ nodes | params_flow.rb:192:24:192:32 | call to taint | semmle.label | call to taint | | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | semmle.label | p1 : [collection] [element 0] | | params_flow.rb:193:6:193:10 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:210:11:210:11 | x | semmle.label | x | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] | +| params_flow.rb:210:21:210:22 | k1 | semmle.label | k1 | +| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] | +| params_flow.rb:211:14:211:14 | x | semmle.label | x | +| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] | +| params_flow.rb:212:14:212:20 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] | +| params_flow.rb:214:14:214:20 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:215:14:215:15 | k1 | semmle.label | k1 | +| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] | +| params_flow.rb:216:14:216:24 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:217:15:217:23 | call to taint | semmle.label | call to taint | +| params_flow.rb:222:11:222:11 | x | semmle.label | x | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] | +| params_flow.rb:222:21:222:22 | k1 | semmle.label | k1 | +| params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | semmle.label | * ... : [collection] [element 0] | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | semmle.label | * ... : [collection] [element 2] | +| params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | semmle.label | ** ... : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | k1 | semmle.label | k1 | +| params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] | +| params_flow.rb:223:9:223:13 | x | semmle.label | x | +| params_flow.rb:227:11:227:19 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:22:227:30 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:36:227:44 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:51:227:59 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:66:227:74 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:81:227:81 | x | semmle.label | x | +| params_flow.rb:228:10:228:10 | x | semmle.label | x | subpaths | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:153:28:153:29 | p2 | params_flow.rb:153:23:153:24 | p1 [Return] : [collection] [element 0] | params_flow.rb:164:23:164:24 | [post] p1 : [collection] [element 0] | | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | params_flow.rb:181:24:181:25 | p1 [Return] : [collection] [element 0] | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] | @@ -430,3 +492,9 @@ testFailures | params_flow.rb:134:10:134:16 | ...[...] | params_flow.rb:137:23:137:31 | call to taint | params_flow.rb:134:10:134:16 | ...[...] | $@ | params_flow.rb:137:23:137:31 | call to taint | call to taint | | params_flow.rb:165:6:165:10 | ...[...] | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:165:6:165:10 | ...[...] | $@ | params_flow.rb:164:31:164:39 | call to taint | call to taint | | params_flow.rb:193:6:193:10 | ...[...] | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:193:6:193:10 | ...[...] | $@ | params_flow.rb:192:24:192:32 | call to taint | call to taint | +| params_flow.rb:211:14:211:14 | x | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:211:14:211:14 | x | $@ | params_flow.rb:227:11:227:19 | call to taint | call to taint | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:212:14:212:20 | ...[...] | $@ | params_flow.rb:227:22:227:30 | call to taint | call to taint | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:214:14:214:20 | ...[...] | $@ | params_flow.rb:227:36:227:44 | call to taint | call to taint | +| params_flow.rb:215:14:215:15 | k1 | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:215:14:215:15 | k1 | $@ | params_flow.rb:227:51:227:59 | call to taint | call to taint | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:216:14:216:24 | ...[...] | $@ | params_flow.rb:227:66:227:74 | call to taint | call to taint | +| params_flow.rb:228:10:228:10 | x | params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:228:10:228:10 | x | $@ | params_flow.rb:217:15:217:23 | call to taint | call to taint | diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb index c4ced767fdf4..6c00a879821d 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb +++ b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb @@ -208,12 +208,12 @@ def foo(x, y) class Sup def m(x, *rest, k1:, **kwargs) - sink(x) # $ MISSING: hasValueFlow=81 - sink(rest[0]) # $ MISSING: hasValueFlow=82 + sink(x) # $ hasValueFlow=81 + sink(rest[0]) # $ hasValueFlow=82 sink(rest[1]) - sink(rest[2]) # $ MISSING: hasValueFlow=83 - sink(k1) # $ MISSING: hasValueFlow=84 - sink(kwargs[:k2]) # $ MISSING: hasValueFlow=85 + sink(rest[2]) # $ hasValueFlow=83 + sink(k1) # $ hasValueFlow=84 + sink(kwargs[:k2]) # $ hasValueFlow=85 yield taint(86) end end @@ -225,5 +225,5 @@ def m(x, *rest, k1:, **kwargs) end Sub.new.m(taint(81), taint(82), 0, taint(83), k1: taint(84), k2: taint(85)) do |x| - sink(x) # $ MISSING: hasValueFlow=86 + sink(x) # $ hasValueFlow=86 end From 34554fd000176461e7c995896eb5ed10a933ff1f Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 13:25:42 +0200 Subject: [PATCH 199/409] SSA: Deprecate the public DefinitionExt. --- shared/ssa/codeql/ssa/Ssa.qll | 185 ++++++++++++++++++++-------------- 1 file changed, 107 insertions(+), 78 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 36895a28a8b6..dab99df65b4d 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -608,21 +608,21 @@ module Make Input> { } private module SsaDefReaches { - newtype TSsaRefKind = + deprecated newtype TSsaRefKind = SsaActualRead() or SsaPhiRead() or SsaDef() - class SsaRead = SsaActualRead or SsaPhiRead; + deprecated class SsaRead = SsaActualRead or SsaPhiRead; - class SsaDefExt = SsaDef or SsaPhiRead; + deprecated class SsaDefExt = SsaDef or SsaPhiRead; - SsaDefExt ssaDefExt() { any() } + deprecated SsaDefExt ssaDefExt() { any() } /** * A classification of SSA variable references into reads and definitions. */ - class SsaRefKind extends TSsaRefKind { + deprecated class SsaRefKind extends TSsaRefKind { string toString() { this = SsaActualRead() and result = "SsaActualRead" @@ -651,7 +651,7 @@ module Make Input> { * Unlike `Liveness::varRef`, this includes `phi` (read) nodes. */ pragma[nomagic] - predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + deprecated predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { variableRead(bb, i, v, _) and k = SsaActualRead() or @@ -665,14 +665,14 @@ module Make Input> { * Holds if the `i`th node of basic block `bb` is a reference to `v`, and * this reference is not a phi-read. */ - predicate ssaRefNonPhiRead(BasicBlock bb, int i, SourceVariable v) { + deprecated predicate ssaRefNonPhiRead(BasicBlock bb, int i, SourceVariable v) { ssaRef(bb, i, v, [SsaActualRead().(TSsaRefKind), SsaDef()]) } - private newtype OrderedSsaRefIndex = - MkOrderedSsaRefIndex(int i, SsaRefKind k) { ssaRef(_, i, _, k) } + deprecated private newtype OrderedSsaRefIndex = + deprecated MkOrderedSsaRefIndex(int i, SsaRefKind k) { ssaRef(_, i, _, k) } - private OrderedSsaRefIndex ssaRefOrd( + deprecated private OrderedSsaRefIndex ssaRefOrd( BasicBlock bb, int i, SourceVariable v, SsaRefKind k, int ord ) { ssaRef(bb, i, v, k) and @@ -695,7 +695,7 @@ module Make Input> { * * Reads are considered before writes when they happen at the same index. */ - int ssaRefRank(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + deprecated int ssaRefRank(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { ssaRefOrd(bb, i, v, k, _) = rank[result](int j, int ord, OrderedSsaRefIndex res | res = ssaRefOrd(bb, j, v, _, ord) @@ -704,7 +704,7 @@ module Make Input> { ) } - int maxSsaRefRank(BasicBlock bb, SourceVariable v) { + deprecated int maxSsaRefRank(BasicBlock bb, SourceVariable v) { result = ssaRefRank(bb, _, v, _) and not result + 1 = ssaRefRank(bb, _, v, _) } @@ -713,7 +713,9 @@ module Make Input> { * Holds if the SSA definition `def` reaches rank index `rnk` in its own * basic block `bb`. */ - predicate ssaDefReachesRank(BasicBlock bb, DefinitionExt def, int rnk, SourceVariable v) { + deprecated predicate ssaDefReachesRank( + BasicBlock bb, DefinitionExt def, int rnk, SourceVariable v + ) { exists(int i | rnk = ssaRefRank(bb, i, v, ssaDefExt()) and def.definesAt(v, bb, i, _) @@ -727,7 +729,9 @@ module Make Input> { * Holds if the SSA definition of `v` at `def` reaches index `i` in the same * basic block `bb`, without crossing another SSA definition of `v`. */ - predicate ssaDefReachesReadWithinBlock(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) { + deprecated predicate ssaDefReachesReadWithinBlock( + SourceVariable v, DefinitionExt def, BasicBlock bb, int i + ) { exists(int rnk | ssaDefReachesRank(bb, def, rnk, v) and rnk = ssaRefRank(bb, i, v, SsaActualRead()) @@ -737,7 +741,9 @@ module Make Input> { /** * Same as `ssaRefRank()`, but restricted to a particular SSA definition `def`. */ - int ssaDefRank(DefinitionExt def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k) { + deprecated int ssaDefRank( + DefinitionExt def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k + ) { result = ssaRefRank(bb, i, v, k) and ( ssaDefReachesReadExt(v, def, bb, i) @@ -751,34 +757,38 @@ module Make Input> { * last reference to `v` inside `bb`. */ pragma[noinline] - predicate lastSsaRefExt(DefinitionExt def, SourceVariable v, BasicBlock bb, int i) { + deprecated predicate lastSsaRefExt(DefinitionExt def, SourceVariable v, BasicBlock bb, int i) { ssaDefRank(def, v, bb, i, _) = maxSsaRefRank(bb, v) } /** Gets a phi-read node into which `inp` is an input, if any. */ pragma[nomagic] - private DefinitionExt getAPhiReadOutput(DefinitionExt inp) { + deprecated private DefinitionExt getAPhiReadOutput(DefinitionExt inp) { phiHasInputFromBlockExt(result.(PhiReadNode), inp, _) } pragma[nomagic] - DefinitionExt getAnUltimateOutput(Definition def) { result = getAPhiReadOutput*(def) } + deprecated DefinitionExt getAnUltimateOutput(Definition def) { + result = getAPhiReadOutput*(def) + } /** * Same as `lastSsaRefExt`, but ignores phi-reads. */ pragma[noinline] - predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) { + deprecated predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) { lastSsaRefExt(getAnUltimateOutput(def), v, bb, i) and ssaRefNonPhiRead(bb, i, v) } - predicate defOccursInBlock(DefinitionExt def, BasicBlock bb, SourceVariable v, SsaRefKind k) { + deprecated predicate defOccursInBlock( + DefinitionExt def, BasicBlock bb, SourceVariable v, SsaRefKind k + ) { exists(ssaDefRank(def, v, bb, _, k)) } pragma[noinline] - predicate ssaDefReachesThroughBlock(DefinitionExt def, BasicBlock bb) { + deprecated predicate ssaDefReachesThroughBlock(DefinitionExt def, BasicBlock bb) { exists(SourceVariable v | ssaDefReachesEndOfBlockExt0(bb, def, v) and not defOccursInBlock(_, bb, v, _) @@ -792,7 +802,9 @@ module Make Input> { * nor written in any block on the path between `bb1` and `bb2`. */ pragma[nomagic] - predicate varBlockReachesExt(DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) { + deprecated predicate varBlockReachesExt( + DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 + ) { defOccursInBlock(def, bb1, v, _) and bb2 = getABasicBlockSuccessor(bb1) or @@ -804,7 +816,9 @@ module Make Input> { } pragma[nomagic] - private predicate phiReadStep(DefinitionExt def, PhiReadNode phi, BasicBlock bb1, BasicBlock bb2) { + deprecated private predicate phiReadStep( + DefinitionExt def, PhiReadNode phi, BasicBlock bb1, BasicBlock bb2 + ) { exists(SourceVariable v | varBlockReachesExt(pragma[only_bind_into](def), v, bb1, pragma[only_bind_into](bb2)) and phi.definesAt(v, bb2, _, _) and @@ -813,7 +827,7 @@ module Make Input> { } pragma[nomagic] - private predicate varBlockReachesExclPhiRead( + deprecated private predicate varBlockReachesExclPhiRead( DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 ) { varBlockReachesExt(def, v, bb1, bb2) and @@ -831,13 +845,17 @@ module Make Input> { * `def` is referenced (either a read or a write). */ pragma[nomagic] - predicate varBlockReachesRef(Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) { + deprecated predicate varBlockReachesRef( + Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 + ) { varBlockReachesExclPhiRead(getAnUltimateOutput(def), v, bb1, bb2) and ssaRefNonPhiRead(bb1, _, v) } pragma[nomagic] - predicate defAdjacentReadExt(DefinitionExt def, BasicBlock bb1, BasicBlock bb2, int i2) { + deprecated predicate defAdjacentReadExt( + DefinitionExt def, BasicBlock bb1, BasicBlock bb2, int i2 + ) { exists(SourceVariable v | varBlockReachesExt(def, v, bb1, bb2) and ssaRefRank(bb2, i2, v, SsaActualRead()) = 1 @@ -845,7 +863,7 @@ module Make Input> { } pragma[nomagic] - predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) { + deprecated predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) { exists(SourceVariable v | varBlockReachesRef(def, v, bb1, bb2) | ssaRefRank(bb2, i2, v, SsaActualRead()) = 1 or @@ -861,7 +879,7 @@ module Make Input> { * and `bb2`. */ pragma[nomagic] - predicate varBlockReachesExitExt(DefinitionExt def, BasicBlock bb) { + deprecated predicate varBlockReachesExitExt(DefinitionExt def, BasicBlock bb) { exists(BasicBlock bb2 | varBlockReachesExt(def, _, bb, bb2) | not defOccursInBlock(def, bb2, _, _) and not ssaDefReachesEndOfBlockExt0(bb2, def, _) @@ -869,7 +887,7 @@ module Make Input> { } pragma[nomagic] - private predicate varBlockReachesExitExclPhiRead(DefinitionExt def, BasicBlock bb) { + deprecated private predicate varBlockReachesExitExclPhiRead(DefinitionExt def, BasicBlock bb) { exists(BasicBlock bb2, SourceVariable v | varBlockReachesExt(def, v, bb, bb2) and not defOccursInBlock(def, bb2, _, _) and @@ -887,7 +905,7 @@ module Make Input> { * Same as `varBlockReachesExitExt`, but ignores phi-reads. */ pragma[nomagic] - predicate varBlockReachesExit(Definition def, BasicBlock bb) { + deprecated predicate varBlockReachesExit(Definition def, BasicBlock bb) { varBlockReachesExitExclPhiRead(getAnUltimateOutput(def), bb) } } @@ -895,7 +913,7 @@ module Make Input> { private import SsaDefReaches pragma[nomagic] - private predicate liveThroughExt(BasicBlock bb, SourceVariable v) { + deprecated private predicate liveThroughExt(BasicBlock bb, SourceVariable v) { liveAtExit(bb, v) and not ssaRef(bb, _, v, ssaDefExt()) } @@ -908,7 +926,9 @@ module Make Input> { * SSA definition of `v`. */ pragma[nomagic] - private predicate ssaDefReachesEndOfBlockExt0(BasicBlock bb, DefinitionExt def, SourceVariable v) { + deprecated private predicate ssaDefReachesEndOfBlockExt0( + BasicBlock bb, DefinitionExt def, SourceVariable v + ) { exists(int last | last = maxSsaRefRank(pragma[only_bind_into](bb), pragma[only_bind_into](v)) and ssaDefReachesRank(bb, def, last, v) and @@ -954,7 +974,7 @@ module Make Input> { * Holds if `inp` is an input to the phi (read) node `phi` along the edge originating in `bb`. */ pragma[nomagic] - predicate phiHasInputFromBlockExt(DefinitionExt phi, DefinitionExt inp, BasicBlock bb) { + deprecated predicate phiHasInputFromBlockExt(DefinitionExt phi, DefinitionExt inp, BasicBlock bb) { exists(SourceVariable v, BasicBlock bbDef | phi.definesAt(v, bbDef, _, _) and getABasicBlockPredecessor(bbDef) = bb and @@ -972,7 +992,9 @@ module Make Input> { * basic block `bb`, without crossing another SSA definition of `v`. */ pragma[nomagic] - predicate ssaDefReachesReadExt(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) { + deprecated predicate ssaDefReachesReadExt( + SourceVariable v, DefinitionExt def, BasicBlock bb, int i + ) { ssaDefReachesReadWithinBlock(v, def, bb, i) or ssaRef(bb, i, v, SsaActualRead()) and @@ -998,7 +1020,7 @@ module Make Input> { * path between them without any read of `def`. */ pragma[nomagic] - predicate adjacentDefReadExt( + deprecated predicate adjacentDefReadExt( DefinitionExt def, SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2 ) { exists(int rnk | @@ -1018,7 +1040,9 @@ module Make Input> { * Same as `adjacentDefReadExt`, but ignores phi-reads. */ pragma[nomagic] - predicate adjacentDefRead(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { + deprecated predicate adjacentDefRead( + Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2 + ) { exists(SourceVariable v | adjacentDefReadExt(getAnUltimateOutput(def), v, bb1, i1, bb2, i2) and ssaRefNonPhiRead(bb1, i1, v) @@ -1028,7 +1052,7 @@ module Make Input> { defAdjacentRead(def, bb1, bb2, i2) } - private predicate lastRefRedefExtSameBlock( + deprecated private predicate lastRefRedefExtSameBlock( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, DefinitionExt next ) { exists(int rnk, int j | @@ -1046,7 +1070,7 @@ module Make Input> { * without passing through another read or write. */ pragma[nomagic] - predicate lastRefRedefExt( + deprecated predicate lastRefRedefExt( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, DefinitionExt next ) { // Next reference to `v` inside `bb` is a write @@ -1072,7 +1096,7 @@ module Make Input> { * occurs in basic block `bb`. */ pragma[nomagic] - predicate lastRefRedefExt( + deprecated predicate lastRefRedefExt( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, BasicBlock input, DefinitionExt next ) { // Next reference to `v` inside `bb` is a write @@ -1098,7 +1122,7 @@ module Make Input> { * Same as `lastRefRedefExt`, but ignores phi-reads. */ pragma[nomagic] - predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) { + deprecated predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) { exists(SourceVariable v | lastRefRedefExt(getAnUltimateOutput(def), v, bb, i, next) and ssaRefNonPhiRead(bb, i, v) @@ -1228,30 +1252,43 @@ module Make Input> { } } + deprecated class DefinitionExt = DefinitionExt_; + /** * An extended static single assignment (SSA) definition. * * This is either a normal SSA definition (`Definition`) or a * phi-read node (`PhiReadNode`). */ - class DefinitionExt extends TDefinitionExt { + private class DefinitionExt_ extends TDefinitionExt { /** Gets the source variable underlying this SSA definition. */ - SourceVariable getSourceVariable() { this.definesAt(result, _, _, _) } + SourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** * Holds if this SSA definition defines `v` at index `i` in basic block `bb`. * Phi nodes are considered to be at index `-1`, while normal variable writes * are at the index of the control flow node they wrap. */ - final predicate definesAt(SourceVariable v, BasicBlock bb, int i, SsaRefKind kind) { + deprecated final predicate definesAt(SourceVariable v, BasicBlock bb, int i, SsaRefKind kind) { this.(Definition).definesAt(v, bb, i) and kind = SsaDef() or this = TPhiReadNode(v, bb) and i = -1 and kind = SsaPhiRead() } + /** + * Holds if this SSA definition defines `v` at index `i` in basic block `bb`. + * Phi nodes are considered to be at index `-1`, while normal variable writes + * are at the index of the control flow node they wrap. + */ + final predicate definesAt(SourceVariable v, BasicBlock bb, int i) { + this.(Definition).definesAt(v, bb, i) + or + this = TPhiReadNode(v, bb) and i = -1 + } + /** Gets the basic block to which this SSA definition belongs. */ - final BasicBlock getBasicBlock() { this.definesAt(_, result, _, _) } + final BasicBlock getBasicBlock() { this.definesAt(_, result, _) } /** Gets a textual representation of this SSA definition. */ string toString() { result = this.(Definition).toString() } @@ -1260,6 +1297,8 @@ module Make Input> { Location getLocation() { result = this.(Definition).getLocation() } } + deprecated class PhiReadNode = PhiReadNode_; + /** * A phi-read node. * @@ -1341,7 +1380,7 @@ module Make Input> { * to `phi-read` goes through a dominance-frontier block, and hence a phi node, * which contradicts reachability. */ - class PhiReadNode extends DefinitionExt, TPhiReadNode { + private class PhiReadNode_ extends DefinitionExt_, TPhiReadNode { override string toString() { result = "SSA phi read(" + this.getSourceVariable() + ")" } override Location getLocation() { result = this.getBasicBlock().getLocation() } @@ -1369,18 +1408,6 @@ module Make Input> { not uncertainWriteDefinitionInput(_, def) } - /** Holds if a read is not dominated by a definition. */ - query predicate notDominatedByDef(Definition def, SourceVariable v, BasicBlock bb, int i) { - exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef) | - ssaDefReachesReadWithinBlock(v, def, bb, i) and - (bb != bbDef or i < iDef) - or - ssaDefReachesRead(v, def, bb, i) and - not ssaDefReachesReadWithinBlock(v, def, bb, i) and - not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _) - ) - } - /** Holds if the end of a basic block can be reached by multiple definitions. */ query predicate nonUniqueDefReachesEndOfBlock(Definition def, SourceVariable v, BasicBlock bb) { ssaDefReachesEndOfBlock(bb, def, v) and @@ -1525,21 +1552,21 @@ module Make Input> { module DataFlowIntegration { private import codeql.util.Boolean - final private class DefinitionExtFinal = DefinitionExt; + final private class DefinitionExtFinal = DefinitionExt_; /** An SSA definition which is either a phi node or a phi read node. */ private class SsaPhiExt extends DefinitionExtFinal { SsaPhiExt() { this instanceof PhiNode or - this instanceof PhiReadNode + this instanceof PhiReadNode_ } } cached private Definition getAPhiInputDef(SsaPhiExt phi, BasicBlock bb) { exists(SourceVariable v, BasicBlock bbDef | - phi.definesAt(v, bbDef, _, _) and + phi.definesAt(v, bbDef, _) and getABasicBlockPredecessor(bbDef) = bb and ssaDefReachesEndOfBlock(bb, result, v) ) @@ -1612,9 +1639,9 @@ module Make Input> { SsaPhiExt phi, SsaPhiExt phi2, BasicBlock input, boolean relevant ) { exists(BasicBlock bb1, int i, SourceVariable v, BasicBlock bb2 | - phi.definesAt(pragma[only_bind_into](v), bb1, i, _) and + phi.definesAt(pragma[only_bind_into](v), bb1, i) and AdjacentSsaRefs::adjacentRefPhi(bb1, i, input, bb2, v) and - phi2.definesAt(pragma[only_bind_into](v), bb2, _, _) and + phi2.definesAt(pragma[only_bind_into](v), bb2, _) and if relevantPhiInputNode(phi2, input) then relevant = true else relevant = false ) } @@ -1626,7 +1653,7 @@ module Make Input> { */ private predicate phiStepsToRef(SsaPhiExt phi, BasicBlock bb, int i, boolean isUse) { exists(SourceVariable v, BasicBlock bb1, int i1 | - phi.definesAt(v, bb1, i1, _) and + phi.definesAt(v, bb1, i1) and AdjacentSsaRefs::adjacentRefRead(bb1, i1, bb, i, v) | isUse = true and @@ -1660,13 +1687,13 @@ module Make Input> { private newtype TNode = TWriteDefSource(WriteDefinition def) { DfInput::ssaDefHasSource(def) } or TExprNode(DfInput::Expr e, Boolean isPost) { e = DfInput::getARead(_) } or - TSsaDefinitionNode(DefinitionExt def) { + TSsaDefinitionNode(DefinitionExt_ def) { not phiHasUniqNextNode(def) and if DfInput::includeWriteDefsInFlowStep() then any() else ( def instanceof PhiNode or - def instanceof PhiReadNode or + def instanceof PhiReadNode_ or DfInput::allowFlowIntoUncertainDef(def) ) } or @@ -1792,18 +1819,18 @@ module Make Input> { /** An SSA definition, viewed as a node in a data flow graph. */ private class SsaDefinitionExtNodeImpl extends SsaNodeImpl, TSsaDefinitionNode { - private DefinitionExt def; + private DefinitionExt_ def; SsaDefinitionExtNodeImpl() { this = TSsaDefinitionNode(def) } /** Gets the corresponding `DefinitionExt`. */ - DefinitionExt getDefExt() { result = def } + DefinitionExt_ getDefExt() { result = def } deprecated override DefinitionExt getDefinitionExt() { result = def } override BasicBlock getBasicBlock() { result = def.getBasicBlock() } - override int getIndex() { def.definesAt(_, _, result, _) } + override int getIndex() { def.definesAt(_, _, result) } override SourceVariable getSourceVariable() { result = def.getSourceVariable() } @@ -1829,7 +1856,7 @@ module Make Input> { /** A node that represents a synthetic read of a source variable. */ final class SsaSynthReadNode extends SsaNode { SsaSynthReadNode() { - this.(SsaDefinitionExtNodeImpl).getDefExt() instanceof PhiReadNode or + this.(SsaDefinitionExtNodeImpl).getDefExt() instanceof PhiReadNode_ or this instanceof SsaInputNodeImpl } } @@ -1876,7 +1903,7 @@ module Make Input> { SsaInputNodeImpl() { this = TSsaInputNode(def_, input_) } /** Holds if this node represents input into SSA definition `def` via basic block `input`. */ - predicate isInputInto(DefinitionExt def, BasicBlock input) { + predicate isInputInto(DefinitionExt_ def, BasicBlock input) { def = def_ and input = input_ } @@ -1907,9 +1934,9 @@ module Make Input> { private predicate flowOutOf( Node nodeFrom, SourceVariable v, BasicBlock bb, int i, boolean isUseStep ) { - exists(DefinitionExt def | + exists(DefinitionExt_ def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and - def.definesAt(v, bb, i, _) and + def.definesAt(v, bb, i) and isUseStep = false ) or @@ -1935,9 +1962,9 @@ module Make Input> { ) or // Flow from definition/read to phi input - exists(BasicBlock input, BasicBlock bbPhi, DefinitionExt phi | + exists(BasicBlock input, BasicBlock bbPhi, DefinitionExt_ phi | AdjacentSsaRefs::adjacentRefPhi(bb1, i1, input, bbPhi, v) and - phi.definesAt(v, bbPhi, -1, _) + phi.definesAt(v, bbPhi, -1) | if relevantPhiInputNode(phi, input) then nodeTo = TSsaInputNode(phi, input) @@ -1945,8 +1972,10 @@ module Make Input> { ) } - private predicate flowIntoPhi(DefinitionExt phi, SourceVariable v, BasicBlock bbPhi, Node nodeTo) { - phi.definesAt(v, bbPhi, -1, _) and + private predicate flowIntoPhi( + DefinitionExt_ phi, SourceVariable v, BasicBlock bbPhi, Node nodeTo + ) { + phi.definesAt(v, bbPhi, -1) and if phiHasUniqNextNode(phi) then flowFromRefToNode(v, bbPhi, -1, nodeTo) else nodeTo.(SsaDefinitionExtNodeImpl).getDefExt() = phi @@ -1981,7 +2010,7 @@ module Make Input> { ) or // Flow from input node to def - exists(DefinitionExt phi | + exists(DefinitionExt_ phi | phi = nodeFrom.(SsaInputNodeImpl).getPhi() and isUseStep = false and nodeFrom != nodeTo and @@ -2001,7 +2030,7 @@ module Make Input> { ) or // Flow from SSA definition to read - exists(DefinitionExt def | + exists(DefinitionExt_ def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and nodeTo.(ExprNode).getExpr() = DfInput::getARead(def) and v = def.getSourceVariable() From 6ac4cb71cba9fc2da0063f49f07d790de9e932f4 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 3 Apr 2025 09:57:48 +0200 Subject: [PATCH 200/409] SSA: Add change note. --- .../ssa/change-notes/2025-04-03-definitionext-deprecation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md diff --git a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md b/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md new file mode 100644 index 000000000000..0f0db7c81a17 --- /dev/null +++ b/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. From 533f1a93e2d500bd63dd5915c0408526c0ebb97f Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 14:50:44 +0200 Subject: [PATCH 201/409] JS: Added test cases for `mkdirp`. --- .../CWE-022/TaintedPath/TaintedPath.expected | 13 +++++++++++ .../Security/CWE-022/TaintedPath/mkdirp.js | 22 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 99be2545b8e3..28cbc6908d60 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,6 +52,8 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | +| mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | @@ -390,6 +392,11 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | +| mkdirp.js:9:21:9:76 | path.jo ... ltDir') | mkdirp.js:9:11:9:76 | dirPath | provenance | | +| mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:9:42:9:75 | req.que ... ultDir' | provenance | | +| mkdirp.js:9:42:9:75 | req.que ... ultDir' | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | provenance | Config | | more-fs-extra.js:8:11:8:22 | { filename } | more-fs-extra.js:8:13:8:20 | filename | provenance | Config | | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:10:15:10:22 | filename | provenance | | | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:11:11:11:18 | filename | provenance | | @@ -919,6 +926,12 @@ nodes | hapi.js:14:19:14:51 | filepath | semmle.label | filepath | | hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath | | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | +| mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | +| mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | +| mkdirp.js:9:42:9:59 | req.query.filename | semmle.label | req.query.filename | +| mkdirp.js:9:42:9:75 | req.que ... ultDir' | semmle.label | req.que ... ultDir' | +| mkdirp.js:11:12:11:18 | dirPath | semmle.label | dirPath | +| mkdirp.js:12:17:12:23 | dirPath | semmle.label | dirPath | | more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } | | more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename | | more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js new file mode 100644 index 000000000000..06518acbc0c2 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js @@ -0,0 +1,22 @@ +const express = require('express'); +const mkdirp = require('mkdirp'); +const path = require('path'); + +const app = express(); +app.use(express.json()); + +app.post('/foo', async (req, res) => { + const dirPath = path.join(__dirname, req.query.filename || 'defaultDir'); // $ Source + + mkdirp(dirPath); // $ Alert + mkdirp.sync(dirPath); // $ Alert + mkdirp.nativeSync(dirPath); // $ MISSING: Alert + mkdirp.native(dirPath); // $ MISSING: Alert + mkdirp.manual(dirPath); // $ MISSING: Alert + mkdirp.manualSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpNative(dirPath); // $ MISSING: Alert + mkdirp.mkdirpManual(dirPath); // $ MISSING: Alert + mkdirp.mkdirpManualSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpNativeSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpSync(dirPath); // $ MISSING: Alert +}); From 3fa24d60261f4ee0945d66ac889ba19f182aac10 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:29:18 +0200 Subject: [PATCH 202/409] Add sink model for `mkdirp` and update tests for path injection alerts. --- javascript/ql/lib/ext/mkdirp.model.yml | 6 +++++ .../CWE-022/TaintedPath/TaintedPath.expected | 27 +++++++++++++++++++ .../Security/CWE-022/TaintedPath/mkdirp.js | 18 ++++++------- 3 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 javascript/ql/lib/ext/mkdirp.model.yml diff --git a/javascript/ql/lib/ext/mkdirp.model.yml b/javascript/ql/lib/ext/mkdirp.model.yml new file mode 100644 index 000000000000..488b46e2ee2e --- /dev/null +++ b/javascript/ql/lib/ext/mkdirp.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 28cbc6908d60..b486ca5e6638 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -54,6 +54,15 @@ | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:13:23:13:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:13:23:13:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:14:19:14:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:14:19:14:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:15:19:15:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:15:19:15:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:16:23:16:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:16:23:16:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:17:25:17:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:17:25:17:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:18:25:18:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:18:25:18:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:19:29:19:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:19:29:19:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:20:29:20:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:20:29:20:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:21:23:21:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:21:23:21:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | @@ -394,6 +403,15 @@ edges | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:13:23:13:29 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:14:19:14:25 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:15:19:15:25 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:16:23:16:29 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:17:25:17:31 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:18:25:18:31 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:19:29:19:35 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:20:29:20:35 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:21:23:21:29 | dirPath | provenance | | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | mkdirp.js:9:11:9:76 | dirPath | provenance | | | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:9:42:9:75 | req.que ... ultDir' | provenance | | | mkdirp.js:9:42:9:75 | req.que ... ultDir' | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | provenance | Config | @@ -932,6 +950,15 @@ nodes | mkdirp.js:9:42:9:75 | req.que ... ultDir' | semmle.label | req.que ... ultDir' | | mkdirp.js:11:12:11:18 | dirPath | semmle.label | dirPath | | mkdirp.js:12:17:12:23 | dirPath | semmle.label | dirPath | +| mkdirp.js:13:23:13:29 | dirPath | semmle.label | dirPath | +| mkdirp.js:14:19:14:25 | dirPath | semmle.label | dirPath | +| mkdirp.js:15:19:15:25 | dirPath | semmle.label | dirPath | +| mkdirp.js:16:23:16:29 | dirPath | semmle.label | dirPath | +| mkdirp.js:17:25:17:31 | dirPath | semmle.label | dirPath | +| mkdirp.js:18:25:18:31 | dirPath | semmle.label | dirPath | +| mkdirp.js:19:29:19:35 | dirPath | semmle.label | dirPath | +| mkdirp.js:20:29:20:35 | dirPath | semmle.label | dirPath | +| mkdirp.js:21:23:21:29 | dirPath | semmle.label | dirPath | | more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } | | more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename | | more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js index 06518acbc0c2..975c46df2cce 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js @@ -10,13 +10,13 @@ app.post('/foo', async (req, res) => { mkdirp(dirPath); // $ Alert mkdirp.sync(dirPath); // $ Alert - mkdirp.nativeSync(dirPath); // $ MISSING: Alert - mkdirp.native(dirPath); // $ MISSING: Alert - mkdirp.manual(dirPath); // $ MISSING: Alert - mkdirp.manualSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpNative(dirPath); // $ MISSING: Alert - mkdirp.mkdirpManual(dirPath); // $ MISSING: Alert - mkdirp.mkdirpManualSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpNativeSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpSync(dirPath); // $ MISSING: Alert + mkdirp.nativeSync(dirPath); // $ Alert + mkdirp.native(dirPath); // $ Alert + mkdirp.manual(dirPath); // $ Alert + mkdirp.manualSync(dirPath); // $ Alert + mkdirp.mkdirpNative(dirPath); // $ Alert + mkdirp.mkdirpManual(dirPath); // $ Alert + mkdirp.mkdirpManualSync(dirPath); // $ Alert + mkdirp.mkdirpNativeSync(dirPath); // $ Alert + mkdirp.mkdirpSync(dirPath); // $ Alert }); From 04a39eb735f7e97288f647453a29890e56bd149e Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:33:02 +0200 Subject: [PATCH 203/409] Removed old `mkdirp` modeling and replaced it with `MaD`. --- javascript/ql/lib/ext/mkdirp.model.yml | 3 ++- .../ql/lib/semmle/javascript/frameworks/Files.qll | 13 ------------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/javascript/ql/lib/ext/mkdirp.model.yml b/javascript/ql/lib/ext/mkdirp.model.yml index 488b46e2ee2e..1a3bcce767c5 100644 --- a/javascript/ql/lib/ext/mkdirp.model.yml +++ b/javascript/ql/lib/ext/mkdirp.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/javascript-all extensible: sinkModel data: - - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync].Argument[0]", "path-injection"] + - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync,sync].Argument[0]", "path-injection"] + - ["mkdirp", "Argument[0]", "path-injection"] diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll index 853d122b3019..30f07396dccd 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll @@ -427,16 +427,3 @@ class Chokidar extends FileNameProducer, FileSystemAccess, API::CallNode { ) } } - -/** - * A call to the [`mkdirp`](https://www.npmjs.com/package/mkdirp) library. - */ -private class Mkdirp extends FileSystemAccess, API::CallNode { - Mkdirp() { - this = API::moduleImport("mkdirp").getACall() - or - this = API::moduleImport("mkdirp").getMember("sync").getACall() - } - - override DataFlow::Node getAPathArgument() { result = this.getArgument(0) } -} From 0e7bff0f81bfc2321023d6f09b62582aeae2319f Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:34:06 +0200 Subject: [PATCH 204/409] Added change note. --- javascript/ql/lib/change-notes/2025-04-02-mkdirp.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-02-mkdirp.md diff --git a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md new file mode 100644 index 000000000000..132bbf0cbe4f --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for additional `mkdirp` methods as sinks in path-injection queries. From db2720ea5bad641b76c416e5a11c53193a3e1099 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:50:41 +0200 Subject: [PATCH 205/409] JS: Initial model of Response --- javascript/ql/lib/javascript.qll | 1 + .../javascript/frameworks/WebResponse.qll | 96 +++++++++++++++++++ .../ReflectedXss/ReflectedXss.expected | 42 ++++++++ .../ReflectedXssWithCustomSanitizer.expected | 13 +++ .../CWE-079/ReflectedXss/response-object.js | 28 +++--- 5 files changed, 166 insertions(+), 14 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index cc4d15158b90..d75eed29b8e0 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -136,6 +136,7 @@ import semmle.javascript.frameworks.UriLibraries import semmle.javascript.frameworks.Vue import semmle.javascript.frameworks.Vuex import semmle.javascript.frameworks.Webix +import semmle.javascript.frameworks.WebResponse import semmle.javascript.frameworks.WebSocket import semmle.javascript.frameworks.XmlParsers import semmle.javascript.frameworks.xUnit diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll new file mode 100644 index 000000000000..613e189fcfe0 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -0,0 +1,96 @@ +/** + * Models the `Request` and `Response` objects from the Web standards. + */ + +private import javascript + +/** Treats `Response` as an entry point for API graphs. */ +private class ResponseEntryPoint extends API::EntryPoint { + ResponseEntryPoint() { this = "global.Response" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Response") } +} + +/** Treats `Headers` as an entry point for API graphs. */ +private class HeadersEntryPoint extends API::EntryPoint { + HeadersEntryPoint() { this = "global.Headers" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Headers") } +} + +/** + * A call to the `Response` constructor. + */ +private class ResponseCall extends API::InvokeNode { + ResponseCall() { this = any(ResponseEntryPoint e).getANode().getAnInstantiation() } +} + +/** + * A call to the `Headers` constructor. + */ +private class HeadersCall extends API::InvokeNode { + HeadersCall() { this = any(HeadersEntryPoint e).getANode().getAnInstantiation() } +} + +/** + * The `headers` in `new Response(body, { headers })` + */ +private class ResponseArgumentHeaders extends Http::HeaderDefinition { + private ResponseCall response; + private API::Node headerNode; + + ResponseArgumentHeaders() { + headerNode = response.getParameter(1).getMember("headers") and + this = headerNode.asSink() + } + + ResponseCall getResponse() { result = response } + + /** + * Gets a call to `new Headers()` that is passed as the headers to this call. + */ + private HeadersCall getHeadersCall() { headerNode.refersTo(result.getReturn()) } + + /** + * Gets an object whose properties are interpreted as headers, such as `{'content-type': 'foo'}`. + */ + private API::Node getAPlainHeaderObject() { + // new Response(body, {...}) + result = headerNode + or + // new Response(body, new Headers({...})) + result = this.getHeadersCall().getParameter(0) + } + + private API::Node getHeaderNode(string headerName) { + exists(string prop | + result = this.getAPlainHeaderObject().getMember(prop) and + headerName = prop.toLowerCase() + ) + or + exists(API::CallNode append | + append = this.getHeadersCall().getReturn().getMember(["append", "set"]).getACall() and + headerName = append.getArgument(0).getStringValue().toLowerCase() and + result = append.getParameter(1) + ) + } + + override predicate defines(string headerName, string headerValue) { + this.getHeaderNode(headerName).getAValueReachingSink().getStringValue() = headerValue + } + + override string getAHeaderName() { exists(this.getHeaderNode(result)) } + + override Http::RouteHandler getRouteHandler() { none() } +} + +/** + * Data passed as the body in `new Response(body, ...)`. + */ +private class ResponseSink extends Http::ResponseSendArgument { + private ResponseCall response; + + ResponseSink() { this = response.getArgument(0) } + + override Http::RouteHandler getRouteHandler() { none() } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index d85a90e4026a..9fc3e08fdb0e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -40,6 +40,19 @@ | partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:31:47:31:53 | req.url | user-provided value | | partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:40:43:40:49 | req.url | user-provided value | | promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to a $@. | promises.js:5:44:5:57 | req.query.data | user-provided value | +| response-object.js:9:18:9:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:10:18:10:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:11:18:11:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:13:18:13:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:14:18:14:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:16:18:16:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:17:18:17:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:20:18:20:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:23:18:23:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:26:18:26:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:30:18:30:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:34:18:34:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:38:18:38:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:6:9:6:9 | p | user-provided value | | tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to a $@. | tst2.js:6:12:6:15 | q: r | user-provided value | | tst2.js:18:12:18:12 | p | tst2.js:14:9:14:9 | p | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:14:9:14:9 | p | user-provided value | @@ -149,6 +162,20 @@ edges | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | | | promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | | | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:9:18:9:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:10:18:10:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:11:18:11:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:13:18:13:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:14:18:14:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:16:18:16:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:17:18:17:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:20:18:20:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:23:18:23:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:26:18:26:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:30:18:30:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:34:18:34:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:38:18:38:21 | data | provenance | | +| response-object.js:7:18:7:25 | req.body | response-object.js:7:11:7:25 | data | provenance | | | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | | | tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | | | tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | | @@ -332,6 +359,21 @@ nodes | promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | | promises.js:6:11:6:11 | x | semmle.label | x | | promises.js:6:25:6:25 | x | semmle.label | x | +| response-object.js:7:11:7:25 | data | semmle.label | data | +| response-object.js:7:18:7:25 | req.body | semmle.label | req.body | +| response-object.js:9:18:9:21 | data | semmle.label | data | +| response-object.js:10:18:10:21 | data | semmle.label | data | +| response-object.js:11:18:11:21 | data | semmle.label | data | +| response-object.js:13:18:13:21 | data | semmle.label | data | +| response-object.js:14:18:14:21 | data | semmle.label | data | +| response-object.js:16:18:16:21 | data | semmle.label | data | +| response-object.js:17:18:17:21 | data | semmle.label | data | +| response-object.js:20:18:20:21 | data | semmle.label | data | +| response-object.js:23:18:23:21 | data | semmle.label | data | +| response-object.js:26:18:26:21 | data | semmle.label | data | +| response-object.js:30:18:30:21 | data | semmle.label | data | +| response-object.js:34:18:34:21 | data | semmle.label | data | +| response-object.js:38:18:38:21 | data | semmle.label | data | | tst2.js:6:7:6:30 | p | semmle.label | p | | tst2.js:6:7:6:30 | r | semmle.label | r | | tst2.js:6:9:6:9 | p | semmle.label | p | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index fb0748b3acdd..dff0741ec880 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -38,6 +38,19 @@ | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value | | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value | | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value | +| response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value | | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value | | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:14:9:14:9 | p | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js index 7dbeb14d30d3..eaadaeaba074 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -4,36 +4,36 @@ const express = require('express'); // in isolation from the more complicated http frameworks. express().get('/foo', (req) => { - const data = req.body; // $ MISSING: Source + const data = req.body; // $ Source - new Response(data); // $ MISSING: Alert - new Response(data, {}); // $ MISSING: Alert - new Response(data, { headers: null }); // $ MISSING: Alert + new Response(data); // $ Alert + new Response(data, {}); // $ Alert + new Response(data, { headers: null }); // $ Alert - new Response(data, { headers: { 'content-type': 'text/plain'}}); - new Response(data, { headers: { 'content-type': 'text/html'}}); // $ MISSING: Alert + new Response(data, { headers: { 'content-type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'content-type': 'text/html'}}); // $ Alert - new Response(data, { headers: { 'Content-Type': 'text/plain'}}); - new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ MISSING: Alert + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ Alert const headers1 = new Headers({ 'content-type': 'text/plain'}); - new Response(data, { headers: headers1 }); + new Response(data, { headers: headers1 }); // $ SPURIOUS: Alert const headers2 = new Headers({ 'content-type': 'text/html'}); - new Response(data, { headers: headers2 }); // $ MISSING: Alert + new Response(data, { headers: headers2 }); // $ Alert const headers3 = new Headers(); - new Response(data, { headers: headers3 }); // $ MISSING: Alert + new Response(data, { headers: headers3 }); // $ Alert const headers4 = new Headers(); headers4.set('content-type', 'text/plain'); - new Response(data, { headers: headers4 }); + new Response(data, { headers: headers4 }); // $ SPURIOUS: Alert const headers5 = new Headers(); headers5.set('content-type', 'text/html'); - new Response(data, { headers: headers5 }); // $ MISSING: Alert + new Response(data, { headers: headers5 }); // $ Alert const headers6 = new Headers(); headers6.set('unrelated-header', 'text/plain'); - new Response(data, { headers: headers6 }); // $ MISSING: Alert + new Response(data, { headers: headers6 }); // $ Alert }); From 6c33013788e7a3c551c1a8a9268471fa65fe3334 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:52:55 +0200 Subject: [PATCH 206/409] JS: Enable association with headers without needing a route handler Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler. But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call. --- .../lib/semmle/javascript/frameworks/HTTP.qll | 6 +++++ .../javascript/frameworks/WebResponse.qll | 4 +++ .../dataflow/ReflectedXssCustomizations.qll | 26 ++++++++++++------- .../ReflectedXss/ReflectedXss.expected | 12 --------- .../ReflectedXssWithCustomSanitizer.expected | 4 --- .../CWE-079/ReflectedXss/response-object.js | 8 +++--- 6 files changed, 31 insertions(+), 29 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll index 61770cdb9bac..2d068d6b4bf6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll @@ -108,6 +108,12 @@ module Http { * Gets the route handler that sends this expression. */ abstract RouteHandler getRouteHandler(); + + /** + * Gets a header definition associated with this response body, if it they are provided + * by the same call. + */ + HeaderDefinition getAnAssociatedHeaderDefinition() { none() } } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll index 613e189fcfe0..0e3f93d8099b 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -93,4 +93,8 @@ private class ResponseSink extends Http::ResponseSendArgument { ResponseSink() { this = response.getArgument(0) } override Http::RouteHandler getRouteHandler() { none() } + + override ResponseArgumentHeaders getAnAssociatedHeaderDefinition() { + result.getResponse() = response + } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll index 6ddedd4f727b..70b2685d90d4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll @@ -32,11 +32,11 @@ module ReflectedXss { * Gets a HeaderDefinition that defines a XSS safe content-type for `send`. */ Http::HeaderDefinition getAXssSafeHeaderDefinition(Http::ResponseSendArgument send) { - exists(Http::RouteHandler h | - send.getRouteHandler() = h and - result = xssSafeContentTypeHeader(h) - | - // The HeaderDefinition affects a response sent at `send`. + isSafeContentTypeHeader(result) and + ( + result = send.getAnAssociatedHeaderDefinition() + or + result = send.getRouteHandler().getAResponseHeader("content-type") and headerAffects(result, send) ) } @@ -54,14 +54,20 @@ module ReflectedXss { ] } + private predicate isSafeContentTypeHeader(Http::HeaderDefinition header) { + header.getAHeaderName() = "content-type" and + not exists(string tp | header.defines("content-type", tp) | + tp.toLowerCase().matches(xssUnsafeContentType() + "%") + ) + } + /** + * DEPRECATED. Use `getAXssSafeHeaderDefinition` instead. * Holds if `h` may send a response with a content type that is safe for XSS. */ - Http::HeaderDefinition xssSafeContentTypeHeader(Http::RouteHandler h) { + deprecated Http::HeaderDefinition xssSafeContentTypeHeader(Http::RouteHandler h) { result = h.getAResponseHeader("content-type") and - not exists(string tp | result.defines("content-type", tp) | - tp.toLowerCase().matches(xssUnsafeContentType() + "%") - ) + isSafeContentTypeHeader(result) } /** @@ -80,6 +86,8 @@ module ReflectedXss { dominatingHeader.getBasicBlock().(ReachableBasicBlock).dominates(sender.getBasicBlock()) ) ) + or + header = sender.getAnAssociatedHeaderDefinition() } bindingset[headerBlock] diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index 9fc3e08fdb0e..75bef3e1b3b3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -43,14 +43,10 @@ | response-object.js:9:18:9:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:10:18:10:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:11:18:11:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:13:18:13:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:14:18:14:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:16:18:16:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:17:18:17:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:20:18:20:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:23:18:23:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:26:18:26:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:30:18:30:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:34:18:34:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:38:18:38:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:6:9:6:9 | p | user-provided value | @@ -165,14 +161,10 @@ edges | response-object.js:7:11:7:25 | data | response-object.js:9:18:9:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:10:18:10:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:11:18:11:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:13:18:13:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:14:18:14:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:16:18:16:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:17:18:17:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:20:18:20:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:23:18:23:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:26:18:26:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:30:18:30:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:34:18:34:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:38:18:38:21 | data | provenance | | | response-object.js:7:18:7:25 | req.body | response-object.js:7:11:7:25 | data | provenance | | @@ -364,14 +356,10 @@ nodes | response-object.js:9:18:9:21 | data | semmle.label | data | | response-object.js:10:18:10:21 | data | semmle.label | data | | response-object.js:11:18:11:21 | data | semmle.label | data | -| response-object.js:13:18:13:21 | data | semmle.label | data | | response-object.js:14:18:14:21 | data | semmle.label | data | -| response-object.js:16:18:16:21 | data | semmle.label | data | | response-object.js:17:18:17:21 | data | semmle.label | data | -| response-object.js:20:18:20:21 | data | semmle.label | data | | response-object.js:23:18:23:21 | data | semmle.label | data | | response-object.js:26:18:26:21 | data | semmle.label | data | -| response-object.js:30:18:30:21 | data | semmle.label | data | | response-object.js:34:18:34:21 | data | semmle.label | data | | response-object.js:38:18:38:21 | data | semmle.label | data | | tst2.js:6:7:6:30 | p | semmle.label | p | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index dff0741ec880..5532af3cf116 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -41,14 +41,10 @@ | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js index eaadaeaba074..030cff467335 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -10,14 +10,14 @@ express().get('/foo', (req) => { new Response(data, {}); // $ Alert new Response(data, { headers: null }); // $ Alert - new Response(data, { headers: { 'content-type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'content-type': 'text/plain'}}); new Response(data, { headers: { 'content-type': 'text/html'}}); // $ Alert - new Response(data, { headers: { 'Content-Type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ Alert const headers1 = new Headers({ 'content-type': 'text/plain'}); - new Response(data, { headers: headers1 }); // $ SPURIOUS: Alert + new Response(data, { headers: headers1 }); const headers2 = new Headers({ 'content-type': 'text/html'}); new Response(data, { headers: headers2 }); // $ Alert @@ -27,7 +27,7 @@ express().get('/foo', (req) => { const headers4 = new Headers(); headers4.set('content-type', 'text/plain'); - new Response(data, { headers: headers4 }); // $ SPURIOUS: Alert + new Response(data, { headers: headers4 }); const headers5 = new Headers(); headers5.set('content-type', 'text/html'); From 1ed8fbd811d700125d7e72fc4493115cdec36de7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> Date: Thu, 3 Apr 2025 11:19:14 +0100 Subject: [PATCH 207/409] Delete commented out code --- go/ql/lib/semmle/go/frameworks/Bun.qll | 28 -------------------------- 1 file changed, 28 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/Bun.qll b/go/ql/lib/semmle/go/frameworks/Bun.qll index 65c524f9fde7..5be82d2cacc5 100644 --- a/go/ql/lib/semmle/go/frameworks/Bun.qll +++ b/go/ql/lib/semmle/go/frameworks/Bun.qll @@ -59,32 +59,4 @@ private module Bun { input = inp and output = outp } } - // private class BuilderScan extends TaintTracking::FunctionModel, Method { - // FunctionInput inp; - // FunctionOutput outp; - // BuilderScan() { - // // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error - // this.hasQualifiedName(packagePath(), - // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and - // inp.isReceiver() and - // outp.isParameter(_) - // } - // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { - // input = inp and output = outp - // } - // } - // private class BuilderScanContext extends TaintTracking::FunctionModel, Method { - // FunctionInput inp; - // FunctionOutput outp; - // BuilderScanContext() { - // // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error - // this.hasQualifiedName(packagePath(), - // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and - // inp.isReceiver() and - // exists(int i | i > 0 | outp.isParameter(i)) - // } - // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { - // input = inp and output = outp - // } - // } } From b0c40111e78f341ea212c9cae6bdbb390cfad489 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 12:45:08 +0200 Subject: [PATCH 208/409] Rust: Tweaks to stringification --- .../elements/internal/MethodCallExprImpl.qll | 20 +- rust/ql/lib/codeql/rust/internal/Type.qll | 4 +- .../PathResolutionConsistency.expected | 4 +- .../canonical_path/canonical_paths.expected | 10 +- .../PathResolutionConsistency.expected | 4 +- .../canonical_paths.expected | 10 +- .../CONSISTENCY/AstConsistency.expected | 4 +- .../library-tests/controlflow/Cfg.expected | 8 +- .../dataflow/global/inline-flow.expected | 22 +- .../dataflow/global/viableCallable.expected | 8 +- .../dataflow/local/DataFlowStep.expected | 78 +- .../dataflow/local/inline-flow.expected | 30 +- .../dataflow/modeled/inline-flow.expected | 52 +- .../dataflow/pointers/inline-flow.expected | 48 +- .../strings/inline-taint-flow.expected | 12 +- .../type-inference/type-inference.expected | 1406 ++++++++--------- .../test/library-tests/variables/Cfg.expected | 16 +- .../security/CWE-022/TaintedPath.expected | 10 +- .../security/CWE-089/SqlInjection.expected | 64 +- .../CWE-311/CleartextTransmission.expected | 6 +- .../CWE-312/CleartextLogging.expected | 30 +- 21 files changed, 928 insertions(+), 918 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll index 30106d67d1ac..fb7bcfbdaa4e 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll @@ -42,12 +42,22 @@ module Impl { ) } + private string toStringPart(int index) { + index = 0 and + result = this.getReceiver().toAbbreviatedString() + or + index = 1 and + (if this.getReceiver().toAbbreviatedString() = "..." then result = " ." else result = ".") + or + index = 2 and + result = this.getIdentifier().toStringImpl() + or + index = 3 and + if this.getArgList().getNumberOfArgs() = 0 then result = "()" else result = "(...)" + } + override string toStringImpl() { - exists(string base, string separator | - base = this.getReceiver().toAbbreviatedString() and - (if base = "..." then separator = " ." else separator = ".") and - result = base + separator + this.getIdentifier().toStringImpl() + "(...)" - ) + result = strictconcat(int i | | this.toStringPart(i) order by i) } } } diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 86abcb638f8c..ef311fae6c8a 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -104,7 +104,7 @@ class StructType extends StructOrEnumType, TStruct { result = TTypeParamTypeParameter(struct.getGenericParamList().getTypeParam(i)) } - override string toString() { result = struct.toString() } + override string toString() { result = struct.getName().getText() } override Location getLocation() { result = struct.getLocation() } } @@ -125,7 +125,7 @@ class EnumType extends StructOrEnumType, TEnum { result = TTypeParamTypeParameter(enum.getGenericParamList().getTypeParam(i)) } - override string toString() { result = enum.toString() } + override string toString() { result = enum.getName().getText() } override Location getLocation() { result = enum.getLocation() } } diff --git a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected index 15c7cfcb4107..2c09f55800f6 100644 --- a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleStaticCallTargets -| regular.rs:29:5:29:9 | s.g(...) | anonymous.rs:15:9:15:22 | fn g | -| regular.rs:29:5:29:9 | s.g(...) | regular.rs:13:5:13:18 | fn g | +| regular.rs:29:5:29:9 | s.g() | anonymous.rs:15:9:15:22 | fn g | +| regular.rs:29:5:29:9 | s.g() | regular.rs:13:5:13:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected b/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected index c7f85fb86f8d..8395c20a00a5 100644 --- a/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected +++ b/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected @@ -38,17 +38,17 @@ canonicalPaths resolvedPaths | anonymous.rs:27:17:27:30 | OtherStruct {...} | None | None | | anonymous.rs:28:9:28:9 | s | None | None | -| anonymous.rs:28:9:28:13 | s.f(...) | None | None | +| anonymous.rs:28:9:28:13 | s.f() | None | None | | anonymous.rs:29:9:29:9 | s | None | None | -| anonymous.rs:29:9:29:13 | s.g(...) | None | None | +| anonymous.rs:29:9:29:13 | s.g() | None | None | | anonymous.rs:30:9:30:14 | nested | None | None | | regular.rs:27:13:27:21 | Struct {...} | repo::test | crate::regular::Struct | | regular.rs:28:5:28:5 | s | None | None | -| regular.rs:28:5:28:9 | s.f(...) | repo::test | ::f | +| regular.rs:28:5:28:9 | s.f() | repo::test | ::f | | regular.rs:29:5:29:5 | s | None | None | -| regular.rs:29:5:29:9 | s.g(...) | repo::test | ::g | +| regular.rs:29:5:29:9 | s.g() | repo::test | ::g | | regular.rs:30:5:30:5 | s | None | None | -| regular.rs:30:5:30:9 | s.h(...) | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h | +| regular.rs:30:5:30:9 | s.h() | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h | | regular.rs:31:5:31:8 | free | repo::test | crate::regular::free | | regular.rs:41:9:41:26 | ...::None::<...> | lang:core | crate::option::Option::None | | regular.rs:42:9:42:20 | ...::Some | lang:core | crate::option::Option::Some | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected index 0a1a09d5c702..e66b1b5ee2e4 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleStaticCallTargets -| regular.rs:32:5:32:9 | s.g(...) | anonymous.rs:18:9:18:22 | fn g | -| regular.rs:32:5:32:9 | s.g(...) | regular.rs:16:5:16:18 | fn g | +| regular.rs:32:5:32:9 | s.g() | anonymous.rs:18:9:18:22 | fn g | +| regular.rs:32:5:32:9 | s.g() | regular.rs:16:5:16:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected index ec6b4bad1502..878cb1fc7c9d 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected @@ -38,17 +38,17 @@ canonicalPaths resolvedPaths | anonymous.rs:30:17:30:30 | OtherStruct {...} | None | None | | anonymous.rs:31:9:31:9 | s | None | None | -| anonymous.rs:31:9:31:13 | s.f(...) | None | None | +| anonymous.rs:31:9:31:13 | s.f() | None | None | | anonymous.rs:32:9:32:9 | s | None | None | -| anonymous.rs:32:9:32:13 | s.g(...) | None | None | +| anonymous.rs:32:9:32:13 | s.g() | None | None | | anonymous.rs:33:9:33:14 | nested | None | None | | regular.rs:30:13:30:21 | Struct {...} | None | None | | regular.rs:31:5:31:5 | s | None | None | -| regular.rs:31:5:31:9 | s.f(...) | None | None | +| regular.rs:31:5:31:9 | s.f() | None | None | | regular.rs:32:5:32:5 | s | None | None | -| regular.rs:32:5:32:9 | s.g(...) | None | None | +| regular.rs:32:5:32:9 | s.g() | None | None | | regular.rs:33:5:33:5 | s | None | None | -| regular.rs:33:5:33:9 | s.h(...) | None | None | +| regular.rs:33:5:33:9 | s.h() | None | None | | regular.rs:34:5:34:8 | free | None | None | | regular.rs:44:9:44:26 | ...::None::<...> | None | None | | regular.rs:45:9:45:20 | ...::Some | None | None | diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected index 1e47287a2931..807f782967d6 100644 --- a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected +++ b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected @@ -1,5 +1,5 @@ noLocation -| file://:0:0:0:0 | ... .unwrap(...) | +| file://:0:0:0:0 | ... .unwrap() | | file://:0:0:0:0 | ...: ... | | file://:0:0:0:0 | ...::Path | | file://:0:0:0:0 | ...::Path | @@ -32,7 +32,7 @@ noLocation | file://:0:0:0:0 | path | | file://:0:0:0:0 | path | | file://:0:0:0:0 | path | -| file://:0:0:0:0 | path.parent(...) | +| file://:0:0:0:0 | path.parent() | | file://:0:0:0:0 | std | | file://:0:0:0:0 | std | | file://:0:0:0:0 | std | diff --git a/rust/ql/test/library-tests/controlflow/Cfg.expected b/rust/ql/test/library-tests/controlflow/Cfg.expected index dbb77ca94168..40348a474e5f 100644 --- a/rust/ql/test/library-tests/controlflow/Cfg.expected +++ b/rust/ql/test/library-tests/controlflow/Cfg.expected @@ -205,8 +205,8 @@ edges | test.rs:99:19:99:25 | Some(...) | test.rs:99:24:99:24 | x | match | | test.rs:99:24:99:24 | x | test.rs:99:24:99:24 | x | | | test.rs:99:24:99:24 | x | test.rs:100:17:100:17 | x | match | -| test.rs:99:29:99:32 | iter | test.rs:99:29:99:39 | iter.next(...) | | -| test.rs:99:29:99:39 | iter.next(...) | test.rs:99:19:99:25 | Some(...) | | +| test.rs:99:29:99:32 | iter | test.rs:99:29:99:39 | iter.next() | | +| test.rs:99:29:99:39 | iter.next() | test.rs:99:19:99:25 | Some(...) | | | test.rs:99:41:103:9 | { ... } | test.rs:99:15:99:39 | let ... = ... | | | test.rs:100:13:102:13 | if ... {...} | test.rs:99:41:103:9 | { ... } | | | test.rs:100:17:100:17 | x | test.rs:100:22:100:22 | 5 | | @@ -760,8 +760,8 @@ edges | test.rs:311:87:313:5 | { ... } | test.rs:311:5:313:5 | exit fn test_question_mark_operator_1 (normal) | | | test.rs:312:9:312:10 | Ok | test.rs:312:12:312:12 | s | | | test.rs:312:9:312:33 | Ok(...) | test.rs:311:87:313:5 | { ... } | | -| test.rs:312:12:312:12 | s | test.rs:312:12:312:27 | s.parse(...) | | -| test.rs:312:12:312:27 | s.parse(...) | test.rs:312:12:312:28 | TryExpr | | +| test.rs:312:12:312:12 | s | test.rs:312:12:312:27 | s.parse() | | +| test.rs:312:12:312:27 | s.parse() | test.rs:312:12:312:28 | TryExpr | | | test.rs:312:12:312:28 | TryExpr | test.rs:311:5:313:5 | exit fn test_question_mark_operator_1 (normal) | return | | test.rs:312:12:312:28 | TryExpr | test.rs:312:32:312:32 | 4 | match | | test.rs:312:12:312:32 | ... + ... | test.rs:312:9:312:33 | Ok(...) | | diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected index 291d43d1a62c..068da53e28e5 100644 --- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected @@ -17,13 +17,13 @@ edges | main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance | | | main.rs:38:23:38:31 | source(...) | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | provenance | | | main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance | | -| main.rs:39:10:39:10 | a [MyStruct] | main.rs:39:10:39:21 | a.get_data(...) | provenance | | +| main.rs:39:10:39:10 | a [MyStruct] | main.rs:39:10:39:21 | a.get_data() | provenance | | | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | main.rs:44:17:44:17 | [post] a [MyStruct] | provenance | | | main.rs:44:17:44:17 | [post] a [MyStruct] | main.rs:45:10:45:10 | a [MyStruct] | provenance | | | main.rs:44:30:44:38 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance | | | main.rs:44:30:44:38 | source(...) | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | provenance | | | main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance | | -| main.rs:45:10:45:10 | a [MyStruct] | main.rs:45:10:45:21 | a.get_data(...) | provenance | | +| main.rs:45:10:45:10 | a [MyStruct] | main.rs:45:10:45:21 | a.get_data() | provenance | | | main.rs:48:12:48:17 | ...: i64 | main.rs:49:10:49:10 | n | provenance | | | main.rs:53:9:53:9 | a | main.rs:54:13:54:13 | a | provenance | | | main.rs:53:13:53:21 | source(...) | main.rs:53:9:53:9 | a | provenance | | @@ -48,11 +48,11 @@ edges | main.rs:82:26:82:26 | a | main.rs:78:21:78:26 | ...: i64 | provenance | | | main.rs:82:26:82:26 | a | main.rs:82:13:82:27 | pass_through(...) | provenance | | | main.rs:94:22:94:27 | ...: i64 | main.rs:95:14:95:14 | n | provenance | | -| main.rs:98:30:104:5 | { ... } | main.rs:117:13:117:25 | mn.get_data(...) | provenance | | +| main.rs:98:30:104:5 | { ... } | main.rs:117:13:117:25 | mn.get_data() | provenance | | | main.rs:102:13:102:21 | source(...) | main.rs:98:30:104:5 | { ... } | provenance | | | main.rs:106:27:106:32 | ...: i64 | main.rs:106:42:112:5 | { ... } | provenance | | | main.rs:117:9:117:9 | a | main.rs:118:10:118:10 | a | provenance | | -| main.rs:117:13:117:25 | mn.get_data(...) | main.rs:117:9:117:9 | a | provenance | | +| main.rs:117:13:117:25 | mn.get_data() | main.rs:117:9:117:9 | a | provenance | | | main.rs:123:9:123:9 | a | main.rs:124:16:124:16 | a | provenance | | | main.rs:123:13:123:21 | source(...) | main.rs:123:9:123:9 | a | provenance | | | main.rs:124:16:124:16 | a | main.rs:94:22:94:27 | ...: i64 | provenance | | @@ -115,12 +115,12 @@ nodes | main.rs:38:11:38:11 | [post] a [MyStruct] | semmle.label | [post] a [MyStruct] | | main.rs:38:23:38:31 | source(...) | semmle.label | source(...) | | main.rs:39:10:39:10 | a [MyStruct] | semmle.label | a [MyStruct] | -| main.rs:39:10:39:21 | a.get_data(...) | semmle.label | a.get_data(...) | +| main.rs:39:10:39:21 | a.get_data() | semmle.label | a.get_data() | | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | semmle.label | [post] &mut a [&ref, MyStruct] | | main.rs:44:17:44:17 | [post] a [MyStruct] | semmle.label | [post] a [MyStruct] | | main.rs:44:30:44:38 | source(...) | semmle.label | source(...) | | main.rs:45:10:45:10 | a [MyStruct] | semmle.label | a [MyStruct] | -| main.rs:45:10:45:21 | a.get_data(...) | semmle.label | a.get_data(...) | +| main.rs:45:10:45:21 | a.get_data() | semmle.label | a.get_data() | | main.rs:48:12:48:17 | ...: i64 | semmle.label | ...: i64 | | main.rs:49:10:49:10 | n | semmle.label | n | | main.rs:53:9:53:9 | a | semmle.label | a | @@ -154,7 +154,7 @@ nodes | main.rs:106:27:106:32 | ...: i64 | semmle.label | ...: i64 | | main.rs:106:42:112:5 | { ... } | semmle.label | { ... } | | main.rs:117:9:117:9 | a | semmle.label | a | -| main.rs:117:13:117:25 | mn.get_data(...) | semmle.label | mn.get_data(...) | +| main.rs:117:13:117:25 | mn.get_data() | semmle.label | mn.get_data() | | main.rs:118:10:118:10 | a | semmle.label | a | | main.rs:123:9:123:9 | a | semmle.label | a | | main.rs:123:13:123:21 | source(...) | semmle.label | source(...) | @@ -204,9 +204,9 @@ nodes | main.rs:239:14:239:14 | c | semmle.label | c | subpaths | main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | -| main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:39:10:39:21 | a.get_data(...) | +| main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:39:10:39:21 | a.get_data() | | main.rs:44:30:44:38 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | -| main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:45:10:45:21 | a.get_data(...) | +| main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:45:10:45:21 | a.get_data() | | main.rs:63:26:63:26 | a | main.rs:57:17:57:22 | ...: i64 | main.rs:57:32:59:1 | { ... } | main.rs:63:13:63:27 | pass_through(...) | | main.rs:68:26:71:5 | { ... } | main.rs:57:17:57:22 | ...: i64 | main.rs:57:32:59:1 | { ... } | main.rs:68:13:71:6 | pass_through(...) | | main.rs:82:26:82:26 | a | main.rs:78:21:78:26 | ...: i64 | main.rs:78:36:80:5 | { ... } | main.rs:82:13:82:27 | pass_through(...) | @@ -217,8 +217,8 @@ subpaths testFailures #select | main.rs:18:10:18:10 | a | main.rs:13:5:13:13 | source(...) | main.rs:18:10:18:10 | a | $@ | main.rs:13:5:13:13 | source(...) | source(...) | -| main.rs:39:10:39:21 | a.get_data(...) | main.rs:38:23:38:31 | source(...) | main.rs:39:10:39:21 | a.get_data(...) | $@ | main.rs:38:23:38:31 | source(...) | source(...) | -| main.rs:45:10:45:21 | a.get_data(...) | main.rs:44:30:44:38 | source(...) | main.rs:45:10:45:21 | a.get_data(...) | $@ | main.rs:44:30:44:38 | source(...) | source(...) | +| main.rs:39:10:39:21 | a.get_data() | main.rs:38:23:38:31 | source(...) | main.rs:39:10:39:21 | a.get_data() | $@ | main.rs:38:23:38:31 | source(...) | source(...) | +| main.rs:45:10:45:21 | a.get_data() | main.rs:44:30:44:38 | source(...) | main.rs:45:10:45:21 | a.get_data() | $@ | main.rs:44:30:44:38 | source(...) | source(...) | | main.rs:49:10:49:10 | n | main.rs:53:13:53:21 | source(...) | main.rs:49:10:49:10 | n | $@ | main.rs:53:13:53:21 | source(...) | source(...) | | main.rs:64:10:64:10 | b | main.rs:62:13:62:21 | source(...) | main.rs:64:10:64:10 | b | $@ | main.rs:62:13:62:21 | source(...) | source(...) | | main.rs:72:10:72:10 | a | main.rs:70:9:70:18 | source(...) | main.rs:72:10:72:10 | a | $@ | main.rs:70:9:70:18 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected index c861feaa0177..cd1accbe489b 100644 --- a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected +++ b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected @@ -2,15 +2,15 @@ | main.rs:17:13:17:23 | get_data(...) | main.rs:12:1:14:1 | fn get_data | | main.rs:18:5:18:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:37:5:37:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:37:10:37:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:37:10:37:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:38:5:38:32 | ... .set_data(...) | main.rs:26:5:28:5 | fn set_data | | main.rs:38:23:38:31 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:39:5:39:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:39:10:39:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:39:10:39:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:44:5:44:39 | ... .set_data(...) | main.rs:26:5:28:5 | fn set_data | | main.rs:44:30:44:38 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:45:5:45:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:45:10:45:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:45:10:45:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:49:5:49:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:53:13:53:21 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:54:5:54:14 | data_in(...) | main.rs:48:1:50:1 | fn data_in | @@ -25,7 +25,7 @@ | main.rs:83:5:83:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:95:9:95:15 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:102:13:102:21 | source(...) | main.rs:1:1:3:1 | fn source | -| main.rs:117:13:117:25 | mn.get_data(...) | main.rs:98:5:104:5 | fn get_data | +| main.rs:117:13:117:25 | mn.get_data() | main.rs:98:5:104:5 | fn get_data | | main.rs:118:5:118:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:123:13:123:21 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:124:5:124:17 | mn.data_in(...) | main.rs:94:5:96:5 | fn data_in | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 7fd8c3fe8a8e..9676fd3f2afe 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -330,13 +330,13 @@ localStep | main.rs:271:29:271:30 | [post] receiver for r1 | main.rs:271:29:271:30 | [post] r1 | | main.rs:271:29:271:30 | r1 | main.rs:271:29:271:30 | receiver for r1 | | main.rs:271:29:271:30 | r1 | main.rs:272:29:272:30 | r1 | -| main.rs:271:29:271:35 | r1.ok(...) | main.rs:271:9:271:11 | o1a | +| main.rs:271:29:271:35 | r1.ok() | main.rs:271:9:271:11 | o1a | | main.rs:272:9:272:11 | [SSA] o1b | main.rs:274:10:274:12 | o1b | | main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | [SSA] o1b | | main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | o1b | | main.rs:272:29:272:30 | [post] receiver for r1 | main.rs:272:29:272:30 | [post] r1 | | main.rs:272:29:272:30 | r1 | main.rs:272:29:272:30 | receiver for r1 | -| main.rs:272:29:272:36 | r1.err(...) | main.rs:272:9:272:11 | o1b | +| main.rs:272:29:272:36 | r1.err() | main.rs:272:9:272:11 | o1b | | main.rs:273:10:273:12 | [post] receiver for o1a | main.rs:273:10:273:12 | [post] o1a | | main.rs:273:10:273:12 | o1a | main.rs:273:10:273:12 | receiver for o1a | | main.rs:274:10:274:12 | [post] receiver for o1b | main.rs:274:10:274:12 | [post] o1b | @@ -352,13 +352,13 @@ localStep | main.rs:277:29:277:30 | [post] receiver for r2 | main.rs:277:29:277:30 | [post] r2 | | main.rs:277:29:277:30 | r2 | main.rs:277:29:277:30 | receiver for r2 | | main.rs:277:29:277:30 | r2 | main.rs:278:29:278:30 | r2 | -| main.rs:277:29:277:35 | r2.ok(...) | main.rs:277:9:277:11 | o2a | +| main.rs:277:29:277:35 | r2.ok() | main.rs:277:9:277:11 | o2a | | main.rs:278:9:278:11 | [SSA] o2b | main.rs:280:10:280:12 | o2b | | main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | [SSA] o2b | | main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | o2b | | main.rs:278:29:278:30 | [post] receiver for r2 | main.rs:278:29:278:30 | [post] r2 | | main.rs:278:29:278:30 | r2 | main.rs:278:29:278:30 | receiver for r2 | -| main.rs:278:29:278:36 | r2.err(...) | main.rs:278:9:278:11 | o2b | +| main.rs:278:29:278:36 | r2.err() | main.rs:278:9:278:11 | o2b | | main.rs:279:10:279:12 | [post] receiver for o2a | main.rs:279:10:279:12 | [post] o2a | | main.rs:279:10:279:12 | o2a | main.rs:279:10:279:12 | receiver for o2a | | main.rs:280:10:280:12 | [post] receiver for o2b | main.rs:280:10:280:12 | [post] o2b | @@ -646,8 +646,8 @@ localStep | main.rs:441:9:441:20 | default_name | main.rs:441:9:441:20 | default_name | | main.rs:441:24:441:33 | [post] receiver for source(...) | main.rs:441:24:441:33 | [post] source(...) | | main.rs:441:24:441:33 | source(...) | main.rs:441:24:441:33 | receiver for source(...) | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:441:9:441:20 | default_name | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | SSA phi read(default_name) | +| main.rs:441:24:441:45 | ... .to_string() | main.rs:441:9:441:20 | default_name | +| main.rs:441:24:441:45 | ... .to_string() | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:442:5:448:5 | for ... in ... { ... } | main.rs:440:75:449:1 | { ... } | | main.rs:442:9:442:20 | SSA phi read(default_name) | main.rs:444:41:444:67 | default_name | | main.rs:442:10:442:13 | [SSA] cond | main.rs:443:12:443:15 | cond | @@ -692,7 +692,7 @@ localStep | main.rs:468:13:468:13 | [post] receiver for a | main.rs:468:13:468:13 | [post] a | | main.rs:468:13:468:13 | a | main.rs:468:13:468:13 | receiver for a | | main.rs:468:13:468:13 | a | main.rs:472:10:472:10 | a | -| main.rs:468:13:468:25 | a.to_string(...) | main.rs:468:9:468:9 | b | +| main.rs:468:13:468:25 | a.to_string() | main.rs:468:9:468:9 | b | | main.rs:469:9:469:9 | [SSA] c | main.rs:474:10:474:10 | c | | main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | [SSA] c | | main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | c | @@ -700,9 +700,9 @@ localStep | main.rs:469:13:469:13 | [post] receiver for b | main.rs:469:13:469:13 | [post] b | | main.rs:469:13:469:13 | b | main.rs:469:13:469:13 | receiver for b | | main.rs:469:13:469:13 | b | main.rs:470:19:470:19 | b | -| main.rs:469:13:469:28 | [post] receiver for b.parse(...) | main.rs:469:13:469:28 | [post] b.parse(...) | -| main.rs:469:13:469:28 | b.parse(...) | main.rs:469:13:469:28 | receiver for b.parse(...) | -| main.rs:469:13:469:37 | ... .unwrap(...) | main.rs:469:9:469:9 | c | +| main.rs:469:13:469:28 | [post] receiver for b.parse() | main.rs:469:13:469:28 | [post] b.parse() | +| main.rs:469:13:469:28 | b.parse() | main.rs:469:13:469:28 | receiver for b.parse() | +| main.rs:469:13:469:37 | ... .unwrap() | main.rs:469:9:469:9 | c | | main.rs:470:9:470:9 | [SSA] d | main.rs:475:10:475:10 | d | | main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | [SSA] d | | main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | d | @@ -710,9 +710,9 @@ localStep | main.rs:470:19:470:19 | [post] receiver for b | main.rs:470:19:470:19 | [post] b | | main.rs:470:19:470:19 | b | main.rs:470:19:470:19 | receiver for b | | main.rs:470:19:470:19 | b | main.rs:473:17:473:17 | b | -| main.rs:470:19:470:27 | [post] receiver for b.parse(...) | main.rs:470:19:470:27 | [post] b.parse(...) | -| main.rs:470:19:470:27 | b.parse(...) | main.rs:470:19:470:27 | receiver for b.parse(...) | -| main.rs:470:19:470:36 | ... .unwrap(...) | main.rs:470:9:470:9 | d | +| main.rs:470:19:470:27 | [post] receiver for b.parse() | main.rs:470:19:470:27 | [post] b.parse() | +| main.rs:470:19:470:27 | b.parse() | main.rs:470:19:470:27 | receiver for b.parse() | +| main.rs:470:19:470:36 | ... .unwrap() | main.rs:470:9:470:9 | d | | main.rs:479:9:479:10 | [SSA] vs | main.rs:481:10:481:11 | vs | | main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | [SSA] vs | | main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | vs | @@ -723,16 +723,16 @@ localStep | main.rs:482:11:482:12 | [post] vs | main.rs:483:11:483:12 | vs | | main.rs:482:11:482:12 | vs | main.rs:482:11:482:12 | receiver for vs | | main.rs:482:11:482:12 | vs | main.rs:483:11:483:12 | vs | -| main.rs:482:11:482:19 | [post] receiver for vs.iter(...) | main.rs:482:11:482:19 | [post] vs.iter(...) | -| main.rs:482:11:482:19 | vs.iter(...) | main.rs:482:11:482:19 | receiver for vs.iter(...) | -| main.rs:482:11:482:26 | ... .next(...) | main.rs:482:11:482:26 | receiver for ... .next(...) | -| main.rs:482:11:482:26 | [post] receiver for ... .next(...) | main.rs:482:11:482:26 | [post] ... .next(...) | +| main.rs:482:11:482:19 | [post] receiver for vs.iter() | main.rs:482:11:482:19 | [post] vs.iter() | +| main.rs:482:11:482:19 | vs.iter() | main.rs:482:11:482:19 | receiver for vs.iter() | +| main.rs:482:11:482:26 | ... .next() | main.rs:482:11:482:26 | receiver for ... .next() | +| main.rs:482:11:482:26 | [post] receiver for ... .next() | main.rs:482:11:482:26 | [post] ... .next() | | main.rs:483:11:483:12 | [post] receiver for vs | main.rs:483:11:483:12 | [post] vs | | main.rs:483:11:483:12 | [post] vs | main.rs:485:14:485:15 | vs | | main.rs:483:11:483:12 | vs | main.rs:483:11:483:12 | receiver for vs | | main.rs:483:11:483:12 | vs | main.rs:485:14:485:15 | vs | -| main.rs:483:11:483:19 | [post] receiver for vs.iter(...) | main.rs:483:11:483:19 | [post] vs.iter(...) | -| main.rs:483:11:483:19 | vs.iter(...) | main.rs:483:11:483:19 | receiver for vs.iter(...) | +| main.rs:483:11:483:19 | [post] receiver for vs.iter() | main.rs:483:11:483:19 | [post] vs.iter() | +| main.rs:483:11:483:19 | vs.iter() | main.rs:483:11:483:19 | receiver for vs.iter() | | main.rs:483:11:483:26 | ... .nth(...) | main.rs:483:11:483:26 | receiver for ... .nth(...) | | main.rs:483:11:483:26 | [post] receiver for ... .nth(...) | main.rs:483:11:483:26 | [post] ... .nth(...) | | main.rs:485:9:485:9 | [SSA] v | main.rs:486:14:486:14 | v | @@ -753,9 +753,9 @@ localStep | main.rs:492:27:492:28 | [post] vs | main.rs:497:5:497:6 | vs | | main.rs:492:27:492:28 | vs | main.rs:492:27:492:28 | receiver for vs | | main.rs:492:27:492:28 | vs | main.rs:497:5:497:6 | vs | -| main.rs:492:27:492:35 | [post] receiver for vs.iter(...) | main.rs:492:27:492:35 | [post] vs.iter(...) | -| main.rs:492:27:492:35 | vs.iter(...) | main.rs:492:27:492:35 | receiver for vs.iter(...) | -| main.rs:492:27:492:45 | ... .collect(...) | main.rs:492:9:492:11 | vs2 | +| main.rs:492:27:492:35 | [post] receiver for vs.iter() | main.rs:492:27:492:35 | [post] vs.iter() | +| main.rs:492:27:492:35 | vs.iter() | main.rs:492:27:492:35 | receiver for vs.iter() | +| main.rs:492:27:492:45 | ... .collect() | main.rs:492:9:492:11 | vs2 | | main.rs:493:10:493:10 | [SSA] v | main.rs:494:14:494:14 | v | | main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | [SSA] v | | main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | v | @@ -763,8 +763,8 @@ localStep | main.rs:497:5:497:6 | [post] vs | main.rs:498:5:498:6 | vs | | main.rs:497:5:497:6 | vs | main.rs:497:5:497:6 | receiver for vs | | main.rs:497:5:497:6 | vs | main.rs:498:5:498:6 | vs | -| main.rs:497:5:497:13 | [post] receiver for vs.iter(...) | main.rs:497:5:497:13 | [post] vs.iter(...) | -| main.rs:497:5:497:13 | vs.iter(...) | main.rs:497:5:497:13 | receiver for vs.iter(...) | +| main.rs:497:5:497:13 | [post] receiver for vs.iter() | main.rs:497:5:497:13 | [post] vs.iter() | +| main.rs:497:5:497:13 | vs.iter() | main.rs:497:5:497:13 | receiver for vs.iter() | | main.rs:497:20:497:20 | ... | main.rs:497:20:497:20 | x | | main.rs:497:20:497:20 | [SSA] x | main.rs:497:29:497:29 | x | | main.rs:497:20:497:20 | x | main.rs:497:20:497:20 | [SSA] x | @@ -773,8 +773,8 @@ localStep | main.rs:498:5:498:6 | [post] vs | main.rs:500:14:500:15 | vs | | main.rs:498:5:498:6 | vs | main.rs:498:5:498:6 | receiver for vs | | main.rs:498:5:498:6 | vs | main.rs:500:14:500:15 | vs | -| main.rs:498:5:498:13 | [post] receiver for vs.iter(...) | main.rs:498:5:498:13 | [post] vs.iter(...) | -| main.rs:498:5:498:13 | vs.iter(...) | main.rs:498:5:498:13 | receiver for vs.iter(...) | +| main.rs:498:5:498:13 | [post] receiver for vs.iter() | main.rs:498:5:498:13 | [post] vs.iter() | +| main.rs:498:5:498:13 | vs.iter() | main.rs:498:5:498:13 | receiver for vs.iter() | | main.rs:498:25:498:25 | ... | main.rs:498:25:498:25 | x | | main.rs:498:25:498:25 | [SSA] x | main.rs:498:34:498:34 | x | | main.rs:498:25:498:25 | x | main.rs:498:25:498:25 | [SSA] x | @@ -800,17 +800,17 @@ localStep | main.rs:507:11:507:16 | vs_mut | main.rs:507:11:507:16 | receiver for vs_mut | | main.rs:507:11:507:16 | vs_mut | main.rs:508:11:508:16 | [SSA] vs_mut | | main.rs:507:11:507:16 | vs_mut | main.rs:508:11:508:16 | vs_mut | -| main.rs:507:11:507:23 | [post] receiver for vs_mut.iter(...) | main.rs:507:11:507:23 | [post] vs_mut.iter(...) | -| main.rs:507:11:507:23 | vs_mut.iter(...) | main.rs:507:11:507:23 | receiver for vs_mut.iter(...) | -| main.rs:507:11:507:30 | ... .next(...) | main.rs:507:11:507:30 | receiver for ... .next(...) | -| main.rs:507:11:507:30 | [post] receiver for ... .next(...) | main.rs:507:11:507:30 | [post] ... .next(...) | +| main.rs:507:11:507:23 | [post] receiver for vs_mut.iter() | main.rs:507:11:507:23 | [post] vs_mut.iter() | +| main.rs:507:11:507:23 | vs_mut.iter() | main.rs:507:11:507:23 | receiver for vs_mut.iter() | +| main.rs:507:11:507:30 | ... .next() | main.rs:507:11:507:30 | receiver for ... .next() | +| main.rs:507:11:507:30 | [post] receiver for ... .next() | main.rs:507:11:507:30 | [post] ... .next() | | main.rs:508:11:508:16 | [SSA] vs_mut | main.rs:510:19:510:24 | vs_mut | | main.rs:508:11:508:16 | [post] receiver for vs_mut | main.rs:508:11:508:16 | [post] vs_mut | | main.rs:508:11:508:16 | [post] vs_mut | main.rs:510:19:510:24 | vs_mut | | main.rs:508:11:508:16 | vs_mut | main.rs:508:11:508:16 | receiver for vs_mut | | main.rs:508:11:508:16 | vs_mut | main.rs:510:19:510:24 | vs_mut | -| main.rs:508:11:508:23 | [post] receiver for vs_mut.iter(...) | main.rs:508:11:508:23 | [post] vs_mut.iter(...) | -| main.rs:508:11:508:23 | vs_mut.iter(...) | main.rs:508:11:508:23 | receiver for vs_mut.iter(...) | +| main.rs:508:11:508:23 | [post] receiver for vs_mut.iter() | main.rs:508:11:508:23 | [post] vs_mut.iter() | +| main.rs:508:11:508:23 | vs_mut.iter() | main.rs:508:11:508:23 | receiver for vs_mut.iter() | | main.rs:508:11:508:30 | ... .nth(...) | main.rs:508:11:508:30 | receiver for ... .nth(...) | | main.rs:508:11:508:30 | [post] receiver for ... .nth(...) | main.rs:508:11:508:30 | [post] ... .nth(...) | | main.rs:510:5:512:5 | for ... in ... { ... } | main.rs:478:16:513:1 | { ... } | @@ -3037,13 +3037,13 @@ readStep | main.rs:470:19:470:19 | b | &ref | main.rs:470:19:470:19 | receiver for b | | main.rs:481:10:481:11 | vs | element | main.rs:481:10:481:14 | vs[0] | | main.rs:482:11:482:12 | vs | &ref | main.rs:482:11:482:12 | receiver for vs | -| main.rs:482:11:482:35 | ... .unwrap(...) | &ref | main.rs:482:10:482:35 | * ... | +| main.rs:482:11:482:35 | ... .unwrap() | &ref | main.rs:482:10:482:35 | * ... | | main.rs:483:11:483:12 | vs | &ref | main.rs:483:11:483:12 | receiver for vs | -| main.rs:483:11:483:35 | ... .unwrap(...) | &ref | main.rs:483:10:483:35 | * ... | +| main.rs:483:11:483:35 | ... .unwrap() | &ref | main.rs:483:10:483:35 | * ... | | main.rs:485:14:485:15 | vs | element | main.rs:485:9:485:9 | v | | main.rs:488:9:488:10 | &... | &ref | main.rs:488:10:488:10 | v | | main.rs:488:15:488:16 | vs | &ref | main.rs:488:15:488:16 | receiver for vs | -| main.rs:488:15:488:23 | vs.iter(...) | element | main.rs:488:9:488:10 | &... | +| main.rs:488:15:488:23 | vs.iter() | element | main.rs:488:9:488:10 | &... | | main.rs:492:27:492:28 | vs | &ref | main.rs:492:27:492:28 | receiver for vs | | main.rs:493:9:493:10 | &... | &ref | main.rs:493:10:493:10 | v | | main.rs:493:15:493:17 | vs2 | element | main.rs:493:9:493:10 | &... | @@ -3052,15 +3052,15 @@ readStep | main.rs:498:5:498:6 | vs | &ref | main.rs:498:5:498:6 | receiver for vs | | main.rs:498:34:498:34 | x | &ref | main.rs:498:33:498:34 | * ... | | main.rs:500:14:500:15 | vs | &ref | main.rs:500:14:500:15 | receiver for vs | -| main.rs:500:14:500:27 | vs.into_iter(...) | element | main.rs:500:9:500:9 | v | +| main.rs:500:14:500:27 | vs.into_iter() | element | main.rs:500:9:500:9 | v | | main.rs:506:10:506:15 | vs_mut | element | main.rs:506:10:506:18 | vs_mut[0] | | main.rs:507:11:507:16 | vs_mut | &ref | main.rs:507:11:507:16 | receiver for vs_mut | -| main.rs:507:11:507:39 | ... .unwrap(...) | &ref | main.rs:507:10:507:39 | * ... | +| main.rs:507:11:507:39 | ... .unwrap() | &ref | main.rs:507:10:507:39 | * ... | | main.rs:508:11:508:16 | vs_mut | &ref | main.rs:508:11:508:16 | receiver for vs_mut | -| main.rs:508:11:508:39 | ... .unwrap(...) | &ref | main.rs:508:10:508:39 | * ... | +| main.rs:508:11:508:39 | ... .unwrap() | &ref | main.rs:508:10:508:39 | * ... | | main.rs:510:9:510:14 | &mut ... | &ref | main.rs:510:14:510:14 | v | | main.rs:510:19:510:24 | vs_mut | &ref | main.rs:510:19:510:24 | receiver for vs_mut | -| main.rs:510:19:510:35 | vs_mut.iter_mut(...) | element | main.rs:510:9:510:14 | &mut ... | +| main.rs:510:19:510:35 | vs_mut.iter_mut() | element | main.rs:510:9:510:14 | &mut ... | | main.rs:524:11:524:15 | c_ref | &ref | main.rs:524:10:524:15 | * ... | | main.rs:531:10:531:10 | a | &ref | main.rs:531:10:531:10 | receiver for a | | main.rs:537:10:537:10 | b | &ref | main.rs:537:10:537:10 | receiver for b | diff --git a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected index b69ba66b625f..80469e0b3995 100644 --- a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected @@ -95,7 +95,7 @@ edges | main.rs:229:11:229:12 | s1 [Some] | main.rs:230:9:230:15 | Some(...) [Some] | provenance | | | main.rs:230:9:230:15 | Some(...) [Some] | main.rs:230:14:230:14 | n | provenance | | | main.rs:230:14:230:14 | n | main.rs:230:25:230:25 | n | provenance | | -| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap(...) | provenance | MaD:2 | +| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap() | provenance | MaD:2 | | main.rs:240:14:240:29 | Some(...) [Some] | main.rs:240:9:240:10 | s1 [Some] | provenance | | | main.rs:240:19:240:28 | source(...) | main.rs:240:14:240:29 | Some(...) [Some] | provenance | | | main.rs:245:9:245:10 | s1 [Some] | main.rs:246:10:246:24 | s1.unwrap_or(...) | provenance | MaD:4 | @@ -112,16 +112,16 @@ edges | main.rs:263:9:263:10 | i1 | main.rs:264:10:264:11 | i1 | provenance | | | main.rs:263:14:263:15 | s1 [Some] | main.rs:263:14:263:16 | TryExpr | provenance | | | main.rs:263:14:263:16 | TryExpr | main.rs:263:9:263:10 | i1 | provenance | | -| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok(...) [Some] | provenance | MaD:10 | +| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok() [Some] | provenance | MaD:10 | | main.rs:270:33:270:46 | Ok(...) [Ok] | main.rs:270:9:270:10 | r1 [Ok] | provenance | | | main.rs:270:36:270:45 | source(...) | main.rs:270:33:270:46 | Ok(...) [Ok] | provenance | | -| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap(...) | provenance | MaD:2 | -| main.rs:271:29:271:35 | r1.ok(...) [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | | -| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err(...) [Some] | provenance | MaD:7 | +| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap() | provenance | MaD:2 | +| main.rs:271:29:271:35 | r1.ok() [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | | +| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err() [Some] | provenance | MaD:7 | | main.rs:276:33:276:47 | Err(...) [Err] | main.rs:276:9:276:10 | r2 [Err] | provenance | | | main.rs:276:37:276:46 | source(...) | main.rs:276:33:276:47 | Err(...) [Err] | provenance | | -| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap(...) | provenance | MaD:2 | -| main.rs:278:29:278:36 | r2.err(...) [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | | +| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap() | provenance | MaD:2 | +| main.rs:278:29:278:36 | r2.err() [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | | | main.rs:284:9:284:10 | s1 [Ok] | main.rs:287:14:287:15 | s1 [Ok] | provenance | | | main.rs:284:32:284:45 | Ok(...) [Ok] | main.rs:284:9:284:10 | s1 [Ok] | provenance | | | main.rs:284:35:284:44 | source(...) | main.rs:284:32:284:45 | Ok(...) [Ok] | provenance | | @@ -342,7 +342,7 @@ nodes | main.rs:240:9:240:10 | s1 [Some] | semmle.label | s1 [Some] | | main.rs:240:14:240:29 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:240:19:240:28 | source(...) | semmle.label | source(...) | -| main.rs:241:10:241:20 | s1.unwrap(...) | semmle.label | s1.unwrap(...) | +| main.rs:241:10:241:20 | s1.unwrap() | semmle.label | s1.unwrap() | | main.rs:245:9:245:10 | s1 [Some] | semmle.label | s1 [Some] | | main.rs:245:14:245:29 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:245:19:245:28 | source(...) | semmle.label | source(...) | @@ -366,14 +366,14 @@ nodes | main.rs:270:33:270:46 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:270:36:270:45 | source(...) | semmle.label | source(...) | | main.rs:271:9:271:11 | o1a [Some] | semmle.label | o1a [Some] | -| main.rs:271:29:271:35 | r1.ok(...) [Some] | semmle.label | r1.ok(...) [Some] | -| main.rs:273:10:273:21 | o1a.unwrap(...) | semmle.label | o1a.unwrap(...) | +| main.rs:271:29:271:35 | r1.ok() [Some] | semmle.label | r1.ok() [Some] | +| main.rs:273:10:273:21 | o1a.unwrap() | semmle.label | o1a.unwrap() | | main.rs:276:9:276:10 | r2 [Err] | semmle.label | r2 [Err] | | main.rs:276:33:276:47 | Err(...) [Err] | semmle.label | Err(...) [Err] | | main.rs:276:37:276:46 | source(...) | semmle.label | source(...) | | main.rs:278:9:278:11 | o2b [Some] | semmle.label | o2b [Some] | -| main.rs:278:29:278:36 | r2.err(...) [Some] | semmle.label | r2.err(...) [Some] | -| main.rs:280:10:280:21 | o2b.unwrap(...) | semmle.label | o2b.unwrap(...) | +| main.rs:278:29:278:36 | r2.err() [Some] | semmle.label | r2.err() [Some] | +| main.rs:280:10:280:21 | o2b.unwrap() | semmle.label | o2b.unwrap() | | main.rs:284:9:284:10 | s1 [Ok] | semmle.label | s1 [Ok] | | main.rs:284:32:284:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:284:35:284:44 | source(...) | semmle.label | source(...) | @@ -528,14 +528,14 @@ testFailures | main.rs:204:18:204:18 | x | main.rs:198:27:198:36 | source(...) | main.rs:204:18:204:18 | x | $@ | main.rs:198:27:198:36 | source(...) | source(...) | | main.rs:217:33:217:33 | n | main.rs:214:27:214:36 | source(...) | main.rs:217:33:217:33 | n | $@ | main.rs:214:27:214:36 | source(...) | source(...) | | main.rs:230:25:230:25 | n | main.rs:227:19:227:28 | source(...) | main.rs:230:25:230:25 | n | $@ | main.rs:227:19:227:28 | source(...) | source(...) | -| main.rs:241:10:241:20 | s1.unwrap(...) | main.rs:240:19:240:28 | source(...) | main.rs:241:10:241:20 | s1.unwrap(...) | $@ | main.rs:240:19:240:28 | source(...) | source(...) | +| main.rs:241:10:241:20 | s1.unwrap() | main.rs:240:19:240:28 | source(...) | main.rs:241:10:241:20 | s1.unwrap() | $@ | main.rs:240:19:240:28 | source(...) | source(...) | | main.rs:246:10:246:24 | s1.unwrap_or(...) | main.rs:245:19:245:28 | source(...) | main.rs:246:10:246:24 | s1.unwrap_or(...) | $@ | main.rs:245:19:245:28 | source(...) | source(...) | | main.rs:249:10:249:33 | s2.unwrap_or(...) | main.rs:249:23:249:32 | source(...) | main.rs:249:10:249:33 | s2.unwrap_or(...) | $@ | main.rs:249:23:249:32 | source(...) | source(...) | | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | main.rs:253:19:253:28 | source(...) | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | $@ | main.rs:253:19:253:28 | source(...) | source(...) | | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | main.rs:257:31:257:40 | source(...) | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | $@ | main.rs:257:31:257:40 | source(...) | source(...) | | main.rs:264:10:264:11 | i1 | main.rs:261:19:261:28 | source(...) | main.rs:264:10:264:11 | i1 | $@ | main.rs:261:19:261:28 | source(...) | source(...) | -| main.rs:273:10:273:21 | o1a.unwrap(...) | main.rs:270:36:270:45 | source(...) | main.rs:273:10:273:21 | o1a.unwrap(...) | $@ | main.rs:270:36:270:45 | source(...) | source(...) | -| main.rs:280:10:280:21 | o2b.unwrap(...) | main.rs:276:37:276:46 | source(...) | main.rs:280:10:280:21 | o2b.unwrap(...) | $@ | main.rs:276:37:276:46 | source(...) | source(...) | +| main.rs:273:10:273:21 | o1a.unwrap() | main.rs:270:36:270:45 | source(...) | main.rs:273:10:273:21 | o1a.unwrap() | $@ | main.rs:270:36:270:45 | source(...) | source(...) | +| main.rs:280:10:280:21 | o2b.unwrap() | main.rs:276:37:276:46 | source(...) | main.rs:280:10:280:21 | o2b.unwrap() | $@ | main.rs:276:37:276:46 | source(...) | source(...) | | main.rs:289:10:289:11 | i1 | main.rs:284:35:284:44 | source(...) | main.rs:289:10:289:11 | i1 | $@ | main.rs:284:35:284:44 | source(...) | source(...) | | main.rs:298:10:298:22 | s1.expect(...) | main.rs:297:35:297:44 | source(...) | main.rs:298:10:298:22 | s1.expect(...) | $@ | main.rs:297:35:297:44 | source(...) | source(...) | | main.rs:303:10:303:26 | s2.expect_err(...) | main.rs:301:36:301:45 | source(...) | main.rs:303:10:303:26 | s2.expect_err(...) | $@ | main.rs:301:36:301:45 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected index 2bfeb4dea738..a7d350ee5acd 100644 --- a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected @@ -7,34 +7,34 @@ models | 6 | Summary: lang:core; crate::ptr::read; Argument[0].Reference; ReturnValue; value | | 7 | Summary: lang:core; crate::ptr::write; Argument[1]; Argument[0].Reference; value | edges -| main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap(...) | provenance | MaD:2 | -| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone(...) [Some] | provenance | MaD:1 | -| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone(...) [Some] | provenance | generated | +| main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap() | provenance | MaD:2 | +| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | MaD:1 | +| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | generated | | main.rs:12:13:12:28 | Some(...) [Some] | main.rs:12:9:12:9 | a [Some] | provenance | | | main.rs:12:18:12:27 | source(...) | main.rs:12:13:12:28 | Some(...) [Some] | provenance | | -| main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap(...) | provenance | MaD:2 | -| main.rs:14:13:14:21 | a.clone(...) [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | -| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap(...) | provenance | MaD:5 | -| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone(...) [Ok] | provenance | MaD:4 | -| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone(...) [Ok] | provenance | generated | +| main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap() | provenance | MaD:2 | +| main.rs:14:13:14:21 | a.clone() [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | +| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:5 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | MaD:4 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | generated | | main.rs:19:31:19:44 | Ok(...) [Ok] | main.rs:19:9:19:9 | a [Ok] | provenance | | | main.rs:19:34:19:43 | source(...) | main.rs:19:31:19:44 | Ok(...) [Ok] | provenance | | -| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap(...) | provenance | MaD:5 | -| main.rs:21:13:21:21 | a.clone(...) [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | +| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:5 | +| main.rs:21:13:21:21 | a.clone() [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | | main.rs:26:9:26:9 | a | main.rs:27:10:27:10 | a | provenance | | -| main.rs:26:9:26:9 | a | main.rs:28:13:28:21 | a.clone(...) | provenance | generated | +| main.rs:26:9:26:9 | a | main.rs:28:13:28:21 | a.clone() | provenance | generated | | main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | a | provenance | | | main.rs:28:9:28:9 | b | main.rs:29:10:29:10 | b | provenance | | -| main.rs:28:13:28:21 | a.clone(...) | main.rs:28:9:28:9 | b | provenance | | +| main.rs:28:13:28:21 | a.clone() | main.rs:28:9:28:9 | b | provenance | | | main.rs:41:13:41:13 | w [Wrapper] | main.rs:42:15:42:15 | w [Wrapper] | provenance | | | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | main.rs:41:13:41:13 | w [Wrapper] | provenance | | | main.rs:41:30:41:39 | source(...) | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | provenance | | | main.rs:42:15:42:15 | w [Wrapper] | main.rs:43:13:43:28 | Wrapper {...} [Wrapper] | provenance | | -| main.rs:42:15:42:15 | w [Wrapper] | main.rs:45:17:45:25 | w.clone(...) [Wrapper] | provenance | generated | +| main.rs:42:15:42:15 | w [Wrapper] | main.rs:45:17:45:25 | w.clone() [Wrapper] | provenance | generated | | main.rs:43:13:43:28 | Wrapper {...} [Wrapper] | main.rs:43:26:43:26 | n | provenance | | | main.rs:43:26:43:26 | n | main.rs:43:38:43:38 | n | provenance | | | main.rs:45:13:45:13 | u [Wrapper] | main.rs:46:15:46:15 | u [Wrapper] | provenance | | -| main.rs:45:17:45:25 | w.clone(...) [Wrapper] | main.rs:45:13:45:13 | u [Wrapper] | provenance | | +| main.rs:45:17:45:25 | w.clone() [Wrapper] | main.rs:45:13:45:13 | u [Wrapper] | provenance | | | main.rs:46:15:46:15 | u [Wrapper] | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | provenance | | | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | main.rs:47:26:47:26 | n | provenance | | | main.rs:47:26:47:26 | n | main.rs:47:38:47:38 | n | provenance | | @@ -55,22 +55,22 @@ nodes | main.rs:12:9:12:9 | a [Some] | semmle.label | a [Some] | | main.rs:12:13:12:28 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:12:18:12:27 | source(...) | semmle.label | source(...) | -| main.rs:13:10:13:19 | a.unwrap(...) | semmle.label | a.unwrap(...) | +| main.rs:13:10:13:19 | a.unwrap() | semmle.label | a.unwrap() | | main.rs:14:9:14:9 | b [Some] | semmle.label | b [Some] | -| main.rs:14:13:14:21 | a.clone(...) [Some] | semmle.label | a.clone(...) [Some] | -| main.rs:15:10:15:19 | b.unwrap(...) | semmle.label | b.unwrap(...) | +| main.rs:14:13:14:21 | a.clone() [Some] | semmle.label | a.clone() [Some] | +| main.rs:15:10:15:19 | b.unwrap() | semmle.label | b.unwrap() | | main.rs:19:9:19:9 | a [Ok] | semmle.label | a [Ok] | | main.rs:19:31:19:44 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:19:34:19:43 | source(...) | semmle.label | source(...) | -| main.rs:20:10:20:19 | a.unwrap(...) | semmle.label | a.unwrap(...) | +| main.rs:20:10:20:19 | a.unwrap() | semmle.label | a.unwrap() | | main.rs:21:9:21:9 | b [Ok] | semmle.label | b [Ok] | -| main.rs:21:13:21:21 | a.clone(...) [Ok] | semmle.label | a.clone(...) [Ok] | -| main.rs:22:10:22:19 | b.unwrap(...) | semmle.label | b.unwrap(...) | +| main.rs:21:13:21:21 | a.clone() [Ok] | semmle.label | a.clone() [Ok] | +| main.rs:22:10:22:19 | b.unwrap() | semmle.label | b.unwrap() | | main.rs:26:9:26:9 | a | semmle.label | a | | main.rs:26:13:26:22 | source(...) | semmle.label | source(...) | | main.rs:27:10:27:10 | a | semmle.label | a | | main.rs:28:9:28:9 | b | semmle.label | b | -| main.rs:28:13:28:21 | a.clone(...) | semmle.label | a.clone(...) | +| main.rs:28:13:28:21 | a.clone() | semmle.label | a.clone() | | main.rs:29:10:29:10 | b | semmle.label | b | | main.rs:41:13:41:13 | w [Wrapper] | semmle.label | w [Wrapper] | | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | semmle.label | Wrapper {...} [Wrapper] | @@ -80,7 +80,7 @@ nodes | main.rs:43:26:43:26 | n | semmle.label | n | | main.rs:43:38:43:38 | n | semmle.label | n | | main.rs:45:13:45:13 | u [Wrapper] | semmle.label | u [Wrapper] | -| main.rs:45:17:45:25 | w.clone(...) [Wrapper] | semmle.label | w.clone(...) [Wrapper] | +| main.rs:45:17:45:25 | w.clone() [Wrapper] | semmle.label | w.clone() [Wrapper] | | main.rs:46:15:46:15 | u [Wrapper] | semmle.label | u [Wrapper] | | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | semmle.label | Wrapper {...} [Wrapper] | | main.rs:47:26:47:26 | n | semmle.label | n | @@ -103,10 +103,10 @@ nodes subpaths testFailures #select -| main.rs:13:10:13:19 | a.unwrap(...) | main.rs:12:18:12:27 | source(...) | main.rs:13:10:13:19 | a.unwrap(...) | $@ | main.rs:12:18:12:27 | source(...) | source(...) | -| main.rs:15:10:15:19 | b.unwrap(...) | main.rs:12:18:12:27 | source(...) | main.rs:15:10:15:19 | b.unwrap(...) | $@ | main.rs:12:18:12:27 | source(...) | source(...) | -| main.rs:20:10:20:19 | a.unwrap(...) | main.rs:19:34:19:43 | source(...) | main.rs:20:10:20:19 | a.unwrap(...) | $@ | main.rs:19:34:19:43 | source(...) | source(...) | -| main.rs:22:10:22:19 | b.unwrap(...) | main.rs:19:34:19:43 | source(...) | main.rs:22:10:22:19 | b.unwrap(...) | $@ | main.rs:19:34:19:43 | source(...) | source(...) | +| main.rs:13:10:13:19 | a.unwrap() | main.rs:12:18:12:27 | source(...) | main.rs:13:10:13:19 | a.unwrap() | $@ | main.rs:12:18:12:27 | source(...) | source(...) | +| main.rs:15:10:15:19 | b.unwrap() | main.rs:12:18:12:27 | source(...) | main.rs:15:10:15:19 | b.unwrap() | $@ | main.rs:12:18:12:27 | source(...) | source(...) | +| main.rs:20:10:20:19 | a.unwrap() | main.rs:19:34:19:43 | source(...) | main.rs:20:10:20:19 | a.unwrap() | $@ | main.rs:19:34:19:43 | source(...) | source(...) | +| main.rs:22:10:22:19 | b.unwrap() | main.rs:19:34:19:43 | source(...) | main.rs:22:10:22:19 | b.unwrap() | $@ | main.rs:19:34:19:43 | source(...) | source(...) | | main.rs:27:10:27:10 | a | main.rs:26:13:26:22 | source(...) | main.rs:27:10:27:10 | a | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:29:10:29:10 | b | main.rs:26:13:26:22 | source(...) | main.rs:29:10:29:10 | b | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:43:38:43:38 | n | main.rs:41:30:41:39 | source(...) | main.rs:43:38:43:38 | n | $@ | main.rs:41:30:41:39 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected index 450d33d39986..8da24883ea7b 100644 --- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected @@ -61,26 +61,26 @@ edges | main.rs:164:14:164:39 | ...::MyNumber(...) [MyNumber] | main.rs:164:33:164:38 | number | provenance | | | main.rs:164:33:164:38 | number | main.rs:162:26:166:5 | { ... } | provenance | | | main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | provenance | | -| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:175:14:175:34 | my_number.to_number(...) | provenance | | +| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:175:14:175:34 | my_number.to_number() | provenance | | | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | main.rs:174:13:174:21 | my_number [MyNumber] | provenance | | | main.rs:174:44:174:53 | source(...) | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:179:13:179:21 | my_number [MyNumber] | main.rs:180:16:180:24 | my_number [MyNumber] | provenance | | | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | main.rs:179:13:179:21 | my_number [MyNumber] | provenance | | | main.rs:179:44:179:53 | source(...) | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:180:14:180:31 | ... .get(...) | provenance | | +| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:180:14:180:31 | ... .get() | provenance | | | main.rs:180:16:180:24 | my_number [MyNumber] | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | provenance | | | main.rs:184:13:184:21 | my_number [MyNumber] | main.rs:186:14:186:22 | my_number [MyNumber] | provenance | | | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | main.rs:184:13:184:21 | my_number [MyNumber] | provenance | | | main.rs:184:44:184:53 | source(...) | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:186:14:186:28 | my_number.get(...) | provenance | | +| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:186:14:186:28 | my_number.get() | provenance | | | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | provenance | | | main.rs:190:25:190:55 | &... [&ref, MyNumber] | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | provenance | | | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | main.rs:190:25:190:55 | &... [&ref, MyNumber] | provenance | | | main.rs:190:45:190:54 | source(...) | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | provenance | | -| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:192:14:192:34 | my_number.to_number(...) | provenance | | +| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:192:14:192:34 | my_number.to_number() | provenance | | | main.rs:200:29:200:38 | ...: i64 | main.rs:201:14:201:18 | value | provenance | | | main.rs:201:10:201:10 | [post] n [&ref] | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | provenance | | | main.rs:201:14:201:18 | value | main.rs:201:10:201:10 | [post] n [&ref] | provenance | | @@ -106,9 +106,9 @@ edges | main.rs:234:36:234:45 | source(...) | main.rs:228:37:228:47 | ...: i64 | provenance | | | main.rs:234:36:234:45 | source(...) | main.rs:234:20:234:33 | [post] &mut my_number [&ref, MyNumber] | provenance | | | main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:235:14:235:28 | my_number.get(...) | provenance | | +| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:235:14:235:28 | my_number.get() | provenance | | | main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:237:14:237:28 | my_number.get(...) | provenance | | +| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:237:14:237:28 | my_number.get() | provenance | | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | main.rs:244:24:244:32 | my_number [MyNumber] | provenance | | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | main.rs:246:24:246:32 | my_number [MyNumber] | provenance | | | main.rs:243:23:243:32 | source(...) | main.rs:223:27:223:37 | ...: i64 | provenance | | @@ -201,24 +201,24 @@ nodes | main.rs:174:13:174:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:174:44:174:53 | source(...) | semmle.label | source(...) | -| main.rs:175:14:175:34 | my_number.to_number(...) | semmle.label | my_number.to_number(...) | +| main.rs:175:14:175:34 | my_number.to_number() | semmle.label | my_number.to_number() | | main.rs:179:13:179:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:179:44:179:53 | source(...) | semmle.label | source(...) | -| main.rs:180:14:180:31 | ... .get(...) | semmle.label | ... .get(...) | +| main.rs:180:14:180:31 | ... .get() | semmle.label | ... .get() | | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | semmle.label | &my_number [&ref, MyNumber] | | main.rs:180:16:180:24 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:184:13:184:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:184:44:184:53 | source(...) | semmle.label | source(...) | | main.rs:186:14:186:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:186:14:186:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:186:14:186:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | semmle.label | my_number [&ref, MyNumber] | | main.rs:190:25:190:55 | &... [&ref, MyNumber] | semmle.label | &... [&ref, MyNumber] | | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:190:45:190:54 | source(...) | semmle.label | source(...) | | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | semmle.label | my_number [&ref, MyNumber] | -| main.rs:192:14:192:34 | my_number.to_number(...) | semmle.label | my_number.to_number(...) | +| main.rs:192:14:192:34 | my_number.to_number() | semmle.label | my_number.to_number() | | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | semmle.label | ...: ... [Return] [&ref] | | main.rs:200:29:200:38 | ...: i64 | semmle.label | ...: i64 | | main.rs:201:10:201:10 | [post] n [&ref] | semmle.label | [post] n [&ref] | @@ -245,9 +245,9 @@ nodes | main.rs:234:25:234:33 | [post] my_number [MyNumber] | semmle.label | [post] my_number [MyNumber] | | main.rs:234:36:234:45 | source(...) | semmle.label | source(...) | | main.rs:235:14:235:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:235:14:235:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:235:14:235:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:237:14:237:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:237:14:237:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:237:14:237:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | semmle.label | [post] my_number [MyNumber] | | main.rs:243:23:243:32 | source(...) | semmle.label | source(...) | | main.rs:244:14:244:33 | to_number(...) | semmle.label | to_number(...) | @@ -262,15 +262,15 @@ nodes | main.rs:255:14:255:33 | to_number(...) | semmle.label | to_number(...) | | main.rs:255:24:255:32 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | subpaths -| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:175:14:175:34 | my_number.to_number(...) | -| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:180:14:180:31 | ... .get(...) | -| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:186:14:186:28 | my_number.get(...) | -| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:192:14:192:34 | my_number.to_number(...) | +| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:175:14:175:34 | my_number.to_number() | +| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:180:14:180:31 | ... .get() | +| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:186:14:186:28 | my_number.get() | +| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:192:14:192:34 | my_number.to_number() | | main.rs:210:20:210:29 | source(...) | main.rs:200:29:200:38 | ...: i64 | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | main.rs:210:17:210:17 | [post] p [&ref] | | main.rs:218:25:218:34 | source(...) | main.rs:200:29:200:38 | ...: i64 | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | main.rs:218:17:218:22 | [post] &mut n [&ref] | | main.rs:234:36:234:45 | source(...) | main.rs:228:37:228:47 | ...: i64 | main.rs:228:19:228:34 | ...: ... [Return] [&ref, MyNumber] | main.rs:234:20:234:33 | [post] &mut my_number [&ref, MyNumber] | -| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:235:14:235:28 | my_number.get(...) | -| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:237:14:237:28 | my_number.get(...) | +| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:235:14:235:28 | my_number.get() | +| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:237:14:237:28 | my_number.get() | | main.rs:243:23:243:32 | source(...) | main.rs:223:27:223:37 | ...: i64 | main.rs:223:16:223:24 | SelfParam [Return] [&ref, MyNumber] | main.rs:243:9:243:17 | [post] my_number [MyNumber] | | main.rs:244:24:244:32 | my_number [MyNumber] | main.rs:149:14:149:24 | ...: MyNumber [MyNumber] | main.rs:149:34:153:1 | { ... } | main.rs:244:14:244:33 | to_number(...) | | main.rs:246:24:246:32 | my_number [MyNumber] | main.rs:149:14:149:24 | ...: MyNumber [MyNumber] | main.rs:149:34:153:1 | { ... } | main.rs:246:14:246:33 | to_number(...) | @@ -287,14 +287,14 @@ testFailures | main.rs:74:14:74:15 | * ... | main.rs:73:14:73:23 | source(...) | main.rs:74:14:74:15 | * ... | $@ | main.rs:73:14:73:23 | source(...) | source(...) | | main.rs:106:14:106:15 | * ... | main.rs:105:14:105:23 | source(...) | main.rs:106:14:106:15 | * ... | $@ | main.rs:105:14:105:23 | source(...) | source(...) | | main.rs:113:14:113:15 | * ... | main.rs:112:25:112:34 | source(...) | main.rs:113:14:113:15 | * ... | $@ | main.rs:112:25:112:34 | source(...) | source(...) | -| main.rs:175:14:175:34 | my_number.to_number(...) | main.rs:174:44:174:53 | source(...) | main.rs:175:14:175:34 | my_number.to_number(...) | $@ | main.rs:174:44:174:53 | source(...) | source(...) | -| main.rs:180:14:180:31 | ... .get(...) | main.rs:179:44:179:53 | source(...) | main.rs:180:14:180:31 | ... .get(...) | $@ | main.rs:179:44:179:53 | source(...) | source(...) | -| main.rs:186:14:186:28 | my_number.get(...) | main.rs:184:44:184:53 | source(...) | main.rs:186:14:186:28 | my_number.get(...) | $@ | main.rs:184:44:184:53 | source(...) | source(...) | -| main.rs:192:14:192:34 | my_number.to_number(...) | main.rs:190:45:190:54 | source(...) | main.rs:192:14:192:34 | my_number.to_number(...) | $@ | main.rs:190:45:190:54 | source(...) | source(...) | +| main.rs:175:14:175:34 | my_number.to_number() | main.rs:174:44:174:53 | source(...) | main.rs:175:14:175:34 | my_number.to_number() | $@ | main.rs:174:44:174:53 | source(...) | source(...) | +| main.rs:180:14:180:31 | ... .get() | main.rs:179:44:179:53 | source(...) | main.rs:180:14:180:31 | ... .get() | $@ | main.rs:179:44:179:53 | source(...) | source(...) | +| main.rs:186:14:186:28 | my_number.get() | main.rs:184:44:184:53 | source(...) | main.rs:186:14:186:28 | my_number.get() | $@ | main.rs:184:44:184:53 | source(...) | source(...) | +| main.rs:192:14:192:34 | my_number.to_number() | main.rs:190:45:190:54 | source(...) | main.rs:192:14:192:34 | my_number.to_number() | $@ | main.rs:190:45:190:54 | source(...) | source(...) | | main.rs:211:14:211:15 | * ... | main.rs:210:20:210:29 | source(...) | main.rs:211:14:211:15 | * ... | $@ | main.rs:210:20:210:29 | source(...) | source(...) | | main.rs:219:14:219:14 | n | main.rs:218:25:218:34 | source(...) | main.rs:219:14:219:14 | n | $@ | main.rs:218:25:218:34 | source(...) | source(...) | -| main.rs:235:14:235:28 | my_number.get(...) | main.rs:234:36:234:45 | source(...) | main.rs:235:14:235:28 | my_number.get(...) | $@ | main.rs:234:36:234:45 | source(...) | source(...) | -| main.rs:237:14:237:28 | my_number.get(...) | main.rs:234:36:234:45 | source(...) | main.rs:237:14:237:28 | my_number.get(...) | $@ | main.rs:234:36:234:45 | source(...) | source(...) | +| main.rs:235:14:235:28 | my_number.get() | main.rs:234:36:234:45 | source(...) | main.rs:235:14:235:28 | my_number.get() | $@ | main.rs:234:36:234:45 | source(...) | source(...) | +| main.rs:237:14:237:28 | my_number.get() | main.rs:234:36:234:45 | source(...) | main.rs:237:14:237:28 | my_number.get() | $@ | main.rs:234:36:234:45 | source(...) | source(...) | | main.rs:244:14:244:33 | to_number(...) | main.rs:243:23:243:32 | source(...) | main.rs:244:14:244:33 | to_number(...) | $@ | main.rs:243:23:243:32 | source(...) | source(...) | | main.rs:246:14:246:33 | to_number(...) | main.rs:243:23:243:32 | source(...) | main.rs:246:14:246:33 | to_number(...) | $@ | main.rs:243:23:243:32 | source(...) | source(...) | | main.rs:253:14:253:33 | to_number(...) | main.rs:252:30:252:39 | source(...) | main.rs:253:14:253:33 | to_number(...) | $@ | main.rs:252:30:252:39 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index fc23e6254d56..08c883f1ec17 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -18,11 +18,11 @@ edges | main.rs:52:6:52:7 | s2 | main.rs:53:7:53:8 | s2 | provenance | | | main.rs:52:11:52:26 | ...::from(...) | main.rs:52:6:52:7 | s2 | provenance | | | main.rs:52:24:52:25 | s1 | main.rs:52:11:52:26 | ...::from(...) | provenance | MaD:2 | -| main.rs:57:6:57:7 | s1 | main.rs:58:11:58:24 | s1.to_string(...) | provenance | MaD:1 | +| main.rs:57:6:57:7 | s1 | main.rs:58:11:58:24 | s1.to_string() | provenance | MaD:1 | | main.rs:57:11:57:26 | source_slice(...) | main.rs:57:6:57:7 | s1 | provenance | | | main.rs:58:6:58:7 | s2 | main.rs:59:7:59:8 | s2 | provenance | | -| main.rs:58:11:58:24 | s1.to_string(...) | main.rs:58:6:58:7 | s2 | provenance | | -| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str(...) | provenance | MaD:3 | +| main.rs:58:11:58:24 | s1.to_string() | main.rs:58:6:58:7 | s2 | provenance | | +| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 | | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance | | | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance | | | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance | | @@ -71,11 +71,11 @@ nodes | main.rs:57:6:57:7 | s1 | semmle.label | s1 | | main.rs:57:11:57:26 | source_slice(...) | semmle.label | source_slice(...) | | main.rs:58:6:58:7 | s2 | semmle.label | s2 | -| main.rs:58:11:58:24 | s1.to_string(...) | semmle.label | s1.to_string(...) | +| main.rs:58:11:58:24 | s1.to_string() | semmle.label | s1.to_string() | | main.rs:59:7:59:8 | s2 | semmle.label | s2 | | main.rs:63:9:63:9 | s | semmle.label | s | | main.rs:63:13:63:22 | source(...) | semmle.label | source(...) | -| main.rs:64:16:64:25 | s.as_str(...) | semmle.label | s.as_str(...) | +| main.rs:64:16:64:25 | s.as_str() | semmle.label | s.as_str() | | main.rs:68:9:68:9 | s | semmle.label | s | | main.rs:68:13:68:22 | source(...) | semmle.label | source(...) | | main.rs:70:9:70:18 | formatted1 | semmle.label | formatted1 | @@ -113,7 +113,7 @@ testFailures | main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) | | main.rs:53:7:53:8 | s2 | main.rs:51:11:51:26 | source_slice(...) | main.rs:53:7:53:8 | s2 | $@ | main.rs:51:11:51:26 | source_slice(...) | source_slice(...) | | main.rs:59:7:59:8 | s2 | main.rs:57:11:57:26 | source_slice(...) | main.rs:59:7:59:8 | s2 | $@ | main.rs:57:11:57:26 | source_slice(...) | source_slice(...) | -| main.rs:64:16:64:25 | s.as_str(...) | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str(...) | $@ | main.rs:63:13:63:22 | source(...) | source(...) | +| main.rs:64:16:64:25 | s.as_str() | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str() | $@ | main.rs:63:13:63:22 | source(...) | source(...) | | main.rs:71:10:71:19 | formatted1 | main.rs:68:13:68:22 | source(...) | main.rs:71:10:71:19 | formatted1 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | | main.rs:74:10:74:19 | formatted2 | main.rs:68:13:68:22 | source(...) | main.rs:74:10:74:19 | formatted2 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | | main.rs:78:10:78:19 | formatted3 | main.rs:76:17:76:32 | source_usize(...) | main.rs:78:10:78:19 | formatted3 | $@ | main.rs:76:17:76:32 | source_usize(...) | source_usize(...) | diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index e7788f014ca2..7e8d0e4e73c6 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -2,140 +2,140 @@ inferType | loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | | loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | | loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | Self [trait T2] | -| main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:27:26:27:26 | x | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:27:26:27:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:32:13:32:13 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:32:13:32:13 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:32:17:32:42 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:32:17:32:42 | GenericThing::<...> {...} | A | main.rs:2:5:3:13 | struct S | -| main.rs:32:40:32:40 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:33:26:33:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:33:26:33:26 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:33:26:33:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:36:13:36:13 | y | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:36:13:36:13 | y | A | main.rs:2:5:3:13 | struct S | -| main.rs:36:17:36:37 | GenericThing {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:36:17:36:37 | GenericThing {...} | A | main.rs:2:5:3:13 | struct S | -| main.rs:36:35:36:35 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:37:26:37:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:37:26:37:26 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:37:26:37:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:41:13:41:13 | x | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:41:17:43:9 | OptionS {...} | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:42:16:42:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:42:16:42:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:44:26:44:26 | x | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:44:26:44:28 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:44:26:44:28 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:47:13:47:13 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:47:13:47:13 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:47:13:47:13 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:48:16:48:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:48:16:48:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:50:26:50:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:50:26:50:26 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:50:26:50:26 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:50:26:50:28 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:50:26:50:28 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:52:13:52:17 | mut x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:52:13:52:17 | mut x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:52:13:52:17 | mut x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:52:21:54:9 | GenericThing {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:52:21:54:9 | GenericThing {...} | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:52:21:54:9 | GenericThing {...} | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:53:16:53:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:53:16:53:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:56:13:56:13 | a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:13:56:13 | a | T | main.rs:2:5:3:13 | struct S | -| main.rs:56:30:56:30 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:56:30:56:30 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:30:56:30 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:56:30:56:32 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:30:56:32 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:57:26:57:26 | a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:57:26:57:26 | a | T | main.rs:2:5:3:13 | struct S | -| main.rs:70:19:70:22 | SelfParam | | main.rs:67:5:67:21 | struct Foo | -| main.rs:70:33:72:9 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:71:13:71:16 | self | | main.rs:67:5:67:21 | struct Foo | -| main.rs:74:19:74:22 | SelfParam | | main.rs:67:5:67:21 | struct Foo | -| main.rs:74:32:76:9 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:75:13:75:16 | self | | main.rs:67:5:67:21 | struct Foo | -| main.rs:79:23:84:5 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:81:13:81:13 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:81:17:81:22 | Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:82:13:82:13 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:82:20:82:25 | Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:83:9:83:9 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:14:86:14 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:22:86:22 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:37:90:5 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:88:9:88:9 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:88:9:88:14 | x.m1(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:89:9:89:14 | y.m2(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | struct S1 | -| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | struct S1 | -| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | struct S2 | -| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | +| main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | MyThing | +| main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | MyThing | +| main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | S | +| main.rs:27:26:27:26 | x | | main.rs:5:5:8:5 | MyThing | +| main.rs:27:26:27:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:32:13:32:13 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:32:13:32:13 | x | A | main.rs:2:5:3:13 | S | +| main.rs:32:17:32:42 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:32:17:32:42 | GenericThing::<...> {...} | A | main.rs:2:5:3:13 | S | +| main.rs:32:40:32:40 | S | | main.rs:2:5:3:13 | S | +| main.rs:33:26:33:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:33:26:33:26 | x | A | main.rs:2:5:3:13 | S | +| main.rs:33:26:33:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:36:13:36:13 | y | | main.rs:16:5:19:5 | GenericThing | +| main.rs:36:13:36:13 | y | A | main.rs:2:5:3:13 | S | +| main.rs:36:17:36:37 | GenericThing {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:36:17:36:37 | GenericThing {...} | A | main.rs:2:5:3:13 | S | +| main.rs:36:35:36:35 | S | | main.rs:2:5:3:13 | S | +| main.rs:37:26:37:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:37:26:37:26 | x | A | main.rs:2:5:3:13 | S | +| main.rs:37:26:37:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:41:13:41:13 | x | | main.rs:21:5:23:5 | OptionS | +| main.rs:41:17:43:9 | OptionS {...} | | main.rs:21:5:23:5 | OptionS | +| main.rs:42:16:42:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:42:16:42:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:44:26:44:26 | x | | main.rs:21:5:23:5 | OptionS | +| main.rs:44:26:44:28 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:44:26:44:28 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:47:13:47:13 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:47:13:47:13 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:47:13:47:13 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | A | main.rs:10:5:14:5 | MyOption | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | A.T | main.rs:2:5:3:13 | S | +| main.rs:48:16:48:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:48:16:48:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:50:26:50:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:50:26:50:26 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:50:26:50:26 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:50:26:50:28 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:50:26:50:28 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:52:13:52:17 | mut x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:52:13:52:17 | mut x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:52:13:52:17 | mut x | A.T | main.rs:2:5:3:13 | S | +| main.rs:52:21:54:9 | GenericThing {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:52:21:54:9 | GenericThing {...} | A | main.rs:10:5:14:5 | MyOption | +| main.rs:52:21:54:9 | GenericThing {...} | A.T | main.rs:2:5:3:13 | S | +| main.rs:53:16:53:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:53:16:53:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:56:13:56:13 | a | | main.rs:10:5:14:5 | MyOption | +| main.rs:56:13:56:13 | a | T | main.rs:2:5:3:13 | S | +| main.rs:56:30:56:30 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:56:30:56:30 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:56:30:56:30 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:56:30:56:32 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:56:30:56:32 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:57:26:57:26 | a | | main.rs:10:5:14:5 | MyOption | +| main.rs:57:26:57:26 | a | T | main.rs:2:5:3:13 | S | +| main.rs:70:19:70:22 | SelfParam | | main.rs:67:5:67:21 | Foo | +| main.rs:70:33:72:9 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:71:13:71:16 | self | | main.rs:67:5:67:21 | Foo | +| main.rs:74:19:74:22 | SelfParam | | main.rs:67:5:67:21 | Foo | +| main.rs:74:32:76:9 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:75:13:75:16 | self | | main.rs:67:5:67:21 | Foo | +| main.rs:79:23:84:5 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:81:13:81:13 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:81:17:81:22 | Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:82:13:82:13 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:82:20:82:25 | Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:83:9:83:9 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:86:14:86:14 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:86:22:86:22 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:86:37:90:5 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:88:9:88:9 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:88:9:88:14 | x.m1() | | main.rs:67:5:67:21 | Foo | +| main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:89:9:89:14 | y.m2() | | main.rs:67:5:67:21 | Foo | +| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | +| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | S1 | +| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | S1 | +| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | S1 | +| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | +| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | MyThing | +| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | S2 | +| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | | main.rs:117:15:117:18 | SelfParam | A | main.rs:116:10:116:10 | T | | main.rs:117:26:119:9 | { ... } | | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | struct MyThing | +| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | MyThing | | main.rs:118:13:118:16 | self | A | main.rs:116:10:116:10 | T | | main.rs:118:13:118:18 | self.a | | main.rs:116:10:116:10 | T | -| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | struct S1 | -| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | struct S2 | -| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | struct S1 | -| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | struct S2 | -| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | struct S1 | -| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | struct S2 | -| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:136:26:136:31 | x.m2(...) | | main.rs:99:5:100:14 | struct S1 | -| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:137:26:137:31 | y.m2(...) | | main.rs:101:5:102:14 | struct S2 | +| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | S1 | +| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | S2 | +| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:136:26:136:31 | x.m2() | | main.rs:99:5:100:14 | S1 | +| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:137:26:137:31 | y.m2() | | main.rs:101:5:102:14 | S2 | | main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | @@ -143,235 +143,235 @@ inferType | main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | | main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | | main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:14 | x.m1(...) | | main.rs:163:22:163:23 | T1 | -| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | struct S1 | -| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | struct S1 | -| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | struct S2 | -| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | struct S1 | -| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | struct S2 | -| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | struct S1 | -| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | struct S2 | -| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | struct S2 | +| main.rs:164:9:164:14 | x.m1() | | main.rs:163:22:163:23 | T1 | +| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | +| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | S1 | +| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | S1 | +| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | MyThing | +| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | S1 | +| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | S1 | +| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | +| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | S2 | +| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | MyThing | +| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | MyThing | +| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | S2 | +| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | +| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | S1 | +| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | S2 | +| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | +| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | S1 | +| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | S2 | +| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | S2 | | main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | | main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | | main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | | main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | | main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:27 | x.method(...) | | main.rs:213:35:213:42 | I | +| main.rs:215:18:215:27 | x.method() | | main.rs:213:35:213:42 | I | | main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | | main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | | main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | | main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:27 | x.method(...) | | main.rs:219:36:219:43 | I | +| main.rs:221:18:221:27 | x.method() | | main.rs:219:36:219:43 | I | | main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | | main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | S1 | | main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:226:17:226:26 | x.method() | | main.rs:197:5:198:14 | S1 | +| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | S1 | | main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | S1 | | main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:231:17:231:26 | x.method() | | main.rs:197:5:198:14 | S1 | +| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | S1 | | main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | | main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | struct S2 | +| main.rs:243:18:243:24 | x.fst() | | main.rs:197:5:198:14 | S1 | +| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | S2 | | main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:24 | y.snd(...) | | main.rs:200:5:201:14 | struct S2 | -| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | struct S2 | +| main.rs:244:18:244:24 | y.snd() | | main.rs:200:5:201:14 | S2 | +| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | S1 | +| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | S2 | | main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | | main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | +| main.rs:250:18:250:24 | x.fst() | | main.rs:197:5:198:14 | S1 | | main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | | main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:24 | y.snd(...) | | main.rs:248:41:248:49 | T2 | -| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:251:18:251:24 | y.snd() | | main.rs:248:41:248:49 | T2 | +| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | | main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | | main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:274:13:274:21 | self.m1(...) | | main.rs:267:19:267:19 | A | +| main.rs:274:13:274:21 | self.m1() | | main.rs:267:19:267:19 | A | | main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | | main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | | main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:14 | x.m1(...) | | main.rs:279:22:279:23 | T1 | -| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:280:9:280:14 | x.m1() | | main.rs:279:22:279:23 | T1 | +| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | MyThing | | main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | | main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | MyThing | | main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | | main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:16 | ... .m1(...) | | main.rs:284:28:284:29 | T1 | -| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:285:9:285:16 | ... .m1() | | main.rs:284:28:284:29 | T1 | +| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | MyThing | | main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | | main.rs:289:26:291:9 | { ... } | | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | MyThing | | main.rs:290:13:290:16 | self | T | main.rs:288:10:288:10 | T | | main.rs:290:13:290:18 | self.a | | main.rs:288:10:288:10 | T | -| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:298:26:298:31 | x.m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:299:26:299:31 | y.m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:304:26:304:31 | x.m2(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:305:26:305:31 | y.m2(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | +| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:298:26:298:31 | x.m1() | | main.rs:262:5:263:14 | S1 | +| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:299:26:299:31 | y.m1() | | main.rs:264:5:265:14 | S2 | +| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:304:26:304:31 | x.m2() | | main.rs:262:5:263:14 | S1 | +| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:305:26:305:31 | y.m2() | | main.rs:264:5:265:14 | S2 | +| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | S1 | +| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | S2 | +| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | S1 | +| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | S1 | +| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | S2 | +| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | S2 | +| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | +| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | S2 | +| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | +| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | S2 | +| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | S1 | +| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | S2 | +| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | S2 | | main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | | main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | struct S | -| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | struct S | -| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:353:26:353:31 | x.m1(...) | | main.rs:340:5:341:13 | struct S | -| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | enum MyEnum | +| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | S | +| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | S | +| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | S | +| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | S | +| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | S | +| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | S | +| main.rs:353:26:353:31 | x.m1() | | main.rs:340:5:341:13 | S | +| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | S | +| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | S | +| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | S | +| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | MyEnum | | main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | | main.rs:373:26:378:9 | { ... } | | main.rs:372:10:372:10 | T | | main.rs:374:13:377:13 | match self { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | enum MyEnum | +| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | MyEnum | | main.rs:374:19:374:22 | self | A | main.rs:372:10:372:10 | T | | main.rs:375:28:375:28 | a | | main.rs:372:10:372:10 | T | | main.rs:375:34:375:34 | a | | main.rs:372:10:372:10 | T | | main.rs:376:30:376:30 | a | | main.rs:372:10:372:10 | T | | main.rs:376:37:376:37 | a | | main.rs:372:10:372:10 | T | -| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | struct S1 | -| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | struct S2 | -| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:385:26:385:31 | x.m1(...) | | main.rs:367:5:368:14 | struct S1 | -| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:386:26:386:31 | y.m1(...) | | main.rs:369:5:370:14 | struct S2 | +| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | MyEnum | +| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | S1 | +| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | MyEnum | +| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | S1 | +| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | S1 | +| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | MyEnum | +| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | S2 | +| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | MyEnum | +| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | S2 | +| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | S2 | +| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | MyEnum | +| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | S1 | +| main.rs:385:26:385:31 | x.m1() | | main.rs:367:5:368:14 | S1 | +| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | MyEnum | +| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | S2 | +| main.rs:386:26:386:31 | y.m1() | | main.rs:369:5:370:14 | S2 | | main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | | main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:416:17:416:25 | self.m1(...) | | main.rs:410:20:410:22 | Tr2 | +| main.rs:416:17:416:25 | self.m1() | | main.rs:410:20:410:22 | Tr2 | | main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | @@ -380,147 +380,147 @@ inferType | main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:429:17:429:25 | self.m2(...) | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:429:17:429:25 | self.m2(...) | A | main.rs:423:20:423:22 | Tr3 | +| main.rs:429:17:429:25 | self.m2() | | main.rs:391:5:394:5 | MyThing | +| main.rs:429:17:429:25 | self.m2() | A | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | | main.rs:430:20:432:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | MyThing | | main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | | main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | MyThing | | main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | | main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | MyThing | | main.rs:438:13:438:16 | self | A | main.rs:436:10:436:10 | T | | main.rs:438:13:438:18 | self.a | | main.rs:436:10:436:10 | T | -| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | struct MyThing2 | +| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | MyThing2 | | main.rs:445:15:445:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | MyThing | | main.rs:445:35:447:9 | { ... } | A | main.rs:444:10:444:10 | T | -| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | | main.rs:446:13:446:33 | MyThing {...} | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | struct MyThing2 | +| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | MyThing2 | | main.rs:446:26:446:29 | self | A | main.rs:444:10:444:10 | T | | main.rs:446:26:446:31 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:458:26:458:31 | x.m1(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:459:26:459:31 | y.m1(...) | | main.rs:403:5:404:14 | struct S2 | -| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:464:26:464:31 | x.m2(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:465:26:465:31 | y.m2(...) | | main.rs:403:5:404:14 | struct S2 | -| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:470:26:470:31 | x.m3(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:471:26:471:31 | y.m3(...) | | main.rs:403:5:404:14 | struct S2 | +| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:458:26:458:31 | x.m1() | | main.rs:401:5:402:14 | S1 | +| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:459:26:459:31 | y.m1() | | main.rs:403:5:404:14 | S2 | +| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:464:26:464:31 | x.m2() | | main.rs:401:5:402:14 | S1 | +| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:465:26:465:31 | y.m2() | | main.rs:403:5:404:14 | S2 | +| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:470:26:470:31 | x.m3() | | main.rs:401:5:402:14 | S1 | +| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:471:26:471:31 | y.m3() | | main.rs:403:5:404:14 | S2 | | main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | | main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | | main.rs:489:35:491:5 | { ... } | | file://:0:0:0:0 | & | | main.rs:489:35:491:5 | { ... } | &T | main.rs:489:11:489:19 | T | | main.rs:490:9:490:9 | x | | file://:0:0:0:0 | & | | main.rs:490:9:490:9 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | struct S1 | -| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | struct S2 | -| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | struct S2 | +| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | S1 | +| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | S2 | +| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | S2 | | main.rs:499:21:499:21 | x | | main.rs:499:13:499:14 | T1 | | main.rs:502:5:504:5 | { ... } | | main.rs:499:17:499:18 | T2 | | main.rs:503:9:503:9 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:503:9:503:16 | x.into(...) | | main.rs:499:17:499:18 | T2 | -| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:503:9:503:16 | x.into() | | main.rs:499:17:499:18 | T2 | +| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:508:26:508:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:508:29:508:30 | &x | | file://:0:0:0:0 | & | -| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:511:26:511:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:511:35:511:36 | &x | | file://:0:0:0:0 | & | -| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:514:26:514:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:514:42:514:43 | &x | | file://:0:0:0:0 | & | -| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | struct S1 | -| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | struct S2 | -| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | struct S1 | -| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | struct S2 | -| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | struct S2 | -| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | struct S2 | -| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | struct S3 | -| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | -| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | struct S3 | -| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | +| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | S1 | +| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | S2 | +| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | S1 | +| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | S2 | +| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | S2 | +| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | PairOption | +| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | S1 | +| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | S2 | +| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | PairOption | +| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | PairOption | +| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | S3 | +| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | S3 | +| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | S3 | +| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | S3 | | main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | | main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | @@ -531,240 +531,240 @@ inferType | main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | | main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | MyOption | | main.rs:583:16:583:24 | SelfParam | &T.T | main.rs:582:10:582:10 | T | | main.rs:583:27:583:31 | value | | main.rs:582:10:582:10 | T | -| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:587:26:589:9 | { ... } | T | main.rs:586:10:586:10 | T | -| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | | main.rs:588:13:588:30 | ...::MyNone(...) | T | main.rs:586:10:586:10 | T | -| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | MyOption | +| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | MyOption | | main.rs:593:20:593:23 | SelfParam | T.T | main.rs:592:10:592:10 | T | -| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:593:41:598:9 | { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:594:13:597:13 | match self { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | MyOption | +| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | MyOption | | main.rs:594:19:594:22 | self | T.T | main.rs:592:10:592:10 | T | -| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | | main.rs:595:39:595:56 | ...::MyNone(...) | T | main.rs:592:10:592:10 | T | -| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | MyOption | | main.rs:596:34:596:34 | x | T | main.rs:592:10:592:10 | T | -| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | MyOption | | main.rs:596:40:596:40 | x | T | main.rs:592:10:592:10 | T | -| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | struct S | +| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | MyOption | +| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | S | +| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | +| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | S | +| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | S | +| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | S | +| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | S | +| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | S | +| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | | main.rs:617:23:617:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | struct S | -| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | struct S | -| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | struct S | -| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | struct S | -| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | struct S | -| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | struct S | -| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | struct S | -| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | struct S | -| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | struct S | +| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | MyOption | +| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | S | +| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | S | +| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | S | +| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | S | +| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | S | +| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | +| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | +| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | MyOption | +| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | +| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | S | +| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | MyOption | +| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | S | +| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | S | +| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | S | +| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | S | +| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | MyOption | +| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | S | +| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | MyOption | +| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | S | +| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | S | +| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | MyOption | +| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | S | +| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | MyOption | +| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | S | +| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | S | +| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | MyOption | +| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | S | +| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | S | | main.rs:658:15:658:18 | SelfParam | T | main.rs:657:10:657:10 | T | | main.rs:658:26:660:9 | { ... } | | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | struct S | +| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | S | | main.rs:659:13:659:16 | self | T | main.rs:657:10:657:10 | T | | main.rs:659:13:659:18 | self.0 | | main.rs:657:10:657:10 | T | | main.rs:662:15:662:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | struct S | +| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | S | | main.rs:662:15:662:19 | SelfParam | &T.T | main.rs:657:10:657:10 | T | | main.rs:662:28:664:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:662:28:664:9 | { ... } | &T | main.rs:657:10:657:10 | T | | main.rs:663:13:663:19 | &... | | file://:0:0:0:0 | & | | main.rs:663:13:663:19 | &... | &T | main.rs:657:10:657:10 | T | | main.rs:663:14:663:17 | self | | file://:0:0:0:0 | & | -| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | struct S | +| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | S | | main.rs:663:14:663:17 | self | &T.T | main.rs:657:10:657:10 | T | | main.rs:663:14:663:19 | self.0 | | main.rs:657:10:657:10 | T | | main.rs:666:15:666:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | struct S | +| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | S | | main.rs:666:15:666:25 | SelfParam | &T.T | main.rs:657:10:657:10 | T | | main.rs:666:34:668:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:666:34:668:9 | { ... } | &T | main.rs:657:10:657:10 | T | | main.rs:667:13:667:19 | &... | | file://:0:0:0:0 | & | | main.rs:667:13:667:19 | &... | &T | main.rs:657:10:657:10 | T | | main.rs:667:14:667:17 | self | | file://:0:0:0:0 | & | -| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | struct S | +| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | S | | main.rs:667:14:667:17 | self | &T.T | main.rs:657:10:657:10 | T | | main.rs:667:14:667:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | struct S | -| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | struct S | -| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:673:26:673:32 | x1.m1(...) | | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:677:26:677:32 | x2.m2(...) | | file://:0:0:0:0 | & | -| main.rs:677:26:677:32 | x2.m2(...) | &T | main.rs:654:5:655:14 | struct S2 | -| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:678:26:678:32 | x2.m3(...) | | file://:0:0:0:0 | & | -| main.rs:678:26:678:32 | x2.m3(...) | &T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | S | +| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | S2 | +| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | S | +| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | S2 | +| main.rs:673:26:673:32 | x1.m1() | | main.rs:654:5:655:14 | S2 | +| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:677:26:677:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:677:26:677:32 | x2.m2() | &T | main.rs:654:5:655:14 | S2 | +| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:678:26:678:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:678:26:678:32 | x2.m3() | &T | main.rs:654:5:655:14 | S2 | +| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | S2 | +| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:682:26:682:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | S2 | | main.rs:682:38:682:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | S | +| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | S2 | | main.rs:683:26:683:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | S2 | | main.rs:683:38:683:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | S | +| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | S2 | | main.rs:685:13:685:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:685:18:685:23 | &... | | file://:0:0:0:0 | & | -| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:687:26:687:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:687:26:687:32 | x4.m2(...) | | file://:0:0:0:0 | & | -| main.rs:687:26:687:32 | x4.m2(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:687:26:687:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:687:26:687:32 | x4.m2() | &T | main.rs:654:5:655:14 | S2 | | main.rs:688:26:688:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:688:26:688:32 | x4.m3(...) | | file://:0:0:0:0 | & | -| main.rs:688:26:688:32 | x4.m3(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:688:26:688:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:688:26:688:32 | x4.m3() | &T | main.rs:654:5:655:14 | S2 | | main.rs:690:13:690:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:690:18:690:23 | &... | | file://:0:0:0:0 | & | -| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:692:26:692:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:692:26:692:32 | x5.m1(...) | | main.rs:654:5:655:14 | struct S2 | +| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:692:26:692:32 | x5.m1() | | main.rs:654:5:655:14 | S2 | | main.rs:693:26:693:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | S2 | | main.rs:695:13:695:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | S | +| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:695:18:695:23 | &... | | file://:0:0:0:0 | & | -| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | struct S | -| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:26:697:35 | ... .m1(...) | | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | struct S | -| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | S | +| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:697:26:697:35 | ... .m1() | | main.rs:654:5:655:14 | S2 | +| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | S | +| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | S2 | | main.rs:697:28:697:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | S | +| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | @@ -773,146 +773,146 @@ inferType | main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | | main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:22 | self.foo(...) | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | +| main.rs:706:13:706:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:706:13:706:22 | self.foo() | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | -| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:15 | x.bar(...) | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | MyStruct | +| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | MyStruct | +| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | MyStruct | +| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | MyStruct | +| main.rs:720:9:720:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:720:9:720:15 | x.bar() | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:730:16:730:20 | SelfParam | &T.T | main.rs:729:10:729:10 | T | | main.rs:730:32:732:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:730:32:732:9 | { ... } | &T.T | main.rs:729:10:729:10 | T | | main.rs:731:13:731:16 | self | | file://:0:0:0:0 | & | -| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:731:13:731:16 | self | &T.T | main.rs:729:10:729:10 | T | -| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | struct S | -| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | struct S | -| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | struct S | -| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | struct S | -| main.rs:737:9:737:15 | x.foo(...) | | file://:0:0:0:0 | & | -| main.rs:737:9:737:15 | x.foo(...) | &T | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:737:9:737:15 | x.foo(...) | &T.T | main.rs:725:5:725:13 | struct S | +| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | MyStruct | +| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | S | +| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | MyStruct | +| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | S | +| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | S | +| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | MyStruct | +| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | S | +| main.rs:737:9:737:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:737:9:737:15 | x.foo() | &T | main.rs:727:5:727:26 | MyStruct | +| main.rs:737:9:737:15 | x.foo() | &T.T | main.rs:725:5:725:13 | S | | main.rs:745:15:745:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | struct S | +| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | S | | main.rs:745:31:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:746:13:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:746:14:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:746:15:746:19 | &self | | file://:0:0:0:0 | & | -| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | S | | main.rs:746:16:746:19 | self | | file://:0:0:0:0 | & | -| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | S | | main.rs:749:15:749:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | struct S | +| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | S | | main.rs:749:37:751:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:750:13:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:750:14:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:750:15:750:19 | &self | | file://:0:0:0:0 | & | -| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | S | | main.rs:750:16:750:19 | self | | file://:0:0:0:0 | & | -| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | S | | main.rs:753:15:753:15 | x | | file://:0:0:0:0 | & | -| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | S | | main.rs:753:34:755:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:754:13:754:13 | x | | file://:0:0:0:0 | & | -| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | S | | main.rs:757:15:757:15 | x | | file://:0:0:0:0 | & | -| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | S | | main.rs:757:34:759:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:758:13:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:758:14:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:758:15:758:16 | &x | | file://:0:0:0:0 | & | -| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | S | | main.rs:758:16:758:16 | x | | file://:0:0:0:0 | & | -| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | struct S | -| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | struct S | -| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:764:9:764:14 | x.f1(...) | | file://:0:0:0:0 | & | -| main.rs:764:9:764:14 | x.f1(...) | &T | main.rs:742:5:742:13 | struct S | -| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:765:9:765:14 | x.f2(...) | | file://:0:0:0:0 | & | -| main.rs:765:9:765:14 | x.f2(...) | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | S | +| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | S | +| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | S | +| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | S | +| main.rs:764:9:764:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:764:9:764:14 | x.f1() | &T | main.rs:742:5:742:13 | S | +| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | S | +| main.rs:765:9:765:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:765:9:765:14 | x.f2() | &T | main.rs:742:5:742:13 | S | | main.rs:766:9:766:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | struct S | +| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | S | | main.rs:766:15:766:16 | &x | | file://:0:0:0:0 | & | -| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | struct S | -| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | struct Foo | +| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | S | +| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | S | +| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | resolveMethodCallExpr -| loop/main.rs:12:9:12:18 | self.foo(...) | loop/main.rs:7:5:7:19 | fn foo | -| main.rs:88:9:88:14 | x.m1(...) | main.rs:70:9:72:9 | fn m1 | -| main.rs:89:9:89:14 | y.m2(...) | main.rs:74:9:76:9 | fn m2 | -| main.rs:136:26:136:31 | x.m2(...) | main.rs:117:9:119:9 | fn m2 | -| main.rs:137:26:137:31 | y.m2(...) | main.rs:117:9:119:9 | fn m2 | -| main.rs:164:9:164:14 | x.m1(...) | main.rs:153:9:153:25 | fn m1 | -| main.rs:215:18:215:27 | x.method(...) | main.rs:210:9:210:30 | fn method | -| main.rs:221:18:221:27 | x.method(...) | main.rs:210:9:210:30 | fn method | -| main.rs:226:17:226:26 | x.method(...) | main.rs:206:9:206:30 | fn method | -| main.rs:231:17:231:26 | x.method(...) | main.rs:206:9:206:30 | fn method | -| main.rs:243:18:243:24 | x.fst(...) | main.rs:236:9:236:27 | fn fst | -| main.rs:244:18:244:24 | y.snd(...) | main.rs:238:9:238:27 | fn snd | -| main.rs:250:18:250:24 | x.fst(...) | main.rs:236:9:236:27 | fn fst | -| main.rs:251:18:251:24 | y.snd(...) | main.rs:238:9:238:27 | fn snd | -| main.rs:274:13:274:21 | self.m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:280:9:280:14 | x.m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:285:9:285:16 | ... .m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:298:26:298:31 | x.m1(...) | main.rs:289:9:291:9 | fn m1 | -| main.rs:299:26:299:31 | y.m1(...) | main.rs:289:9:291:9 | fn m1 | -| main.rs:304:26:304:31 | x.m2(...) | main.rs:270:9:275:9 | fn m2 | -| main.rs:305:26:305:31 | y.m2(...) | main.rs:270:9:275:9 | fn m2 | -| main.rs:353:26:353:31 | x.m1(...) | main.rs:346:9:348:9 | fn m1 | -| main.rs:356:26:356:31 | x.m2(...) | main.rs:331:9:337:9 | fn m2 | -| main.rs:385:26:385:31 | x.m1(...) | main.rs:373:9:378:9 | fn m1 | -| main.rs:386:26:386:31 | y.m1(...) | main.rs:373:9:378:9 | fn m1 | -| main.rs:416:17:416:25 | self.m1(...) | main.rs:407:9:407:27 | fn m1 | -| main.rs:429:17:429:25 | self.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:458:26:458:31 | x.m1(...) | main.rs:437:9:439:9 | fn m1 | -| main.rs:459:26:459:31 | y.m1(...) | main.rs:437:9:439:9 | fn m1 | -| main.rs:464:26:464:31 | x.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:465:26:465:31 | y.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:470:26:470:31 | x.m3(...) | main.rs:424:9:433:9 | fn m3 | -| main.rs:471:26:471:31 | y.m3(...) | main.rs:424:9:433:9 | fn m3 | +| loop/main.rs:12:9:12:18 | self.foo() | loop/main.rs:7:5:7:19 | fn foo | +| main.rs:88:9:88:14 | x.m1() | main.rs:70:9:72:9 | fn m1 | +| main.rs:89:9:89:14 | y.m2() | main.rs:74:9:76:9 | fn m2 | +| main.rs:136:26:136:31 | x.m2() | main.rs:117:9:119:9 | fn m2 | +| main.rs:137:26:137:31 | y.m2() | main.rs:117:9:119:9 | fn m2 | +| main.rs:164:9:164:14 | x.m1() | main.rs:153:9:153:25 | fn m1 | +| main.rs:215:18:215:27 | x.method() | main.rs:210:9:210:30 | fn method | +| main.rs:221:18:221:27 | x.method() | main.rs:210:9:210:30 | fn method | +| main.rs:226:17:226:26 | x.method() | main.rs:206:9:206:30 | fn method | +| main.rs:231:17:231:26 | x.method() | main.rs:206:9:206:30 | fn method | +| main.rs:243:18:243:24 | x.fst() | main.rs:236:9:236:27 | fn fst | +| main.rs:244:18:244:24 | y.snd() | main.rs:238:9:238:27 | fn snd | +| main.rs:250:18:250:24 | x.fst() | main.rs:236:9:236:27 | fn fst | +| main.rs:251:18:251:24 | y.snd() | main.rs:238:9:238:27 | fn snd | +| main.rs:274:13:274:21 | self.m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:280:9:280:14 | x.m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:285:9:285:16 | ... .m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:298:26:298:31 | x.m1() | main.rs:289:9:291:9 | fn m1 | +| main.rs:299:26:299:31 | y.m1() | main.rs:289:9:291:9 | fn m1 | +| main.rs:304:26:304:31 | x.m2() | main.rs:270:9:275:9 | fn m2 | +| main.rs:305:26:305:31 | y.m2() | main.rs:270:9:275:9 | fn m2 | +| main.rs:353:26:353:31 | x.m1() | main.rs:346:9:348:9 | fn m1 | +| main.rs:356:26:356:31 | x.m2() | main.rs:331:9:337:9 | fn m2 | +| main.rs:385:26:385:31 | x.m1() | main.rs:373:9:378:9 | fn m1 | +| main.rs:386:26:386:31 | y.m1() | main.rs:373:9:378:9 | fn m1 | +| main.rs:416:17:416:25 | self.m1() | main.rs:407:9:407:27 | fn m1 | +| main.rs:429:17:429:25 | self.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:458:26:458:31 | x.m1() | main.rs:437:9:439:9 | fn m1 | +| main.rs:459:26:459:31 | y.m1() | main.rs:437:9:439:9 | fn m1 | +| main.rs:464:26:464:31 | x.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:465:26:465:31 | y.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:470:26:470:31 | x.m3() | main.rs:424:9:433:9 | fn m3 | +| main.rs:471:26:471:31 | y.m3() | main.rs:424:9:433:9 | fn m3 | | main.rs:578:13:578:27 | self.set(...) | main.rs:575:9:575:36 | fn set | | main.rs:609:9:609:17 | x2.set(...) | main.rs:583:9:583:38 | fn set | | main.rs:613:9:613:22 | x3.call_set(...) | main.rs:577:9:579:9 | fn call_set | -| main.rs:673:26:673:32 | x1.m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:677:26:677:32 | x2.m2(...) | main.rs:662:9:664:9 | fn m2 | -| main.rs:678:26:678:32 | x2.m3(...) | main.rs:666:9:668:9 | fn m3 | -| main.rs:687:26:687:32 | x4.m2(...) | main.rs:662:9:664:9 | fn m2 | -| main.rs:688:26:688:32 | x4.m3(...) | main.rs:666:9:668:9 | fn m3 | -| main.rs:692:26:692:32 | x5.m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:697:26:697:35 | ... .m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:706:13:706:22 | self.foo(...) | main.rs:703:9:703:31 | fn foo | -| main.rs:720:9:720:15 | x.bar(...) | main.rs:705:9:707:9 | fn bar | -| main.rs:737:9:737:15 | x.foo(...) | main.rs:730:9:732:9 | fn foo | -| main.rs:764:9:764:14 | x.f1(...) | main.rs:745:9:747:9 | fn f1 | -| main.rs:765:9:765:14 | x.f2(...) | main.rs:749:9:751:9 | fn f2 | +| main.rs:673:26:673:32 | x1.m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:677:26:677:32 | x2.m2() | main.rs:662:9:664:9 | fn m2 | +| main.rs:678:26:678:32 | x2.m3() | main.rs:666:9:668:9 | fn m3 | +| main.rs:687:26:687:32 | x4.m2() | main.rs:662:9:664:9 | fn m2 | +| main.rs:688:26:688:32 | x4.m3() | main.rs:666:9:668:9 | fn m3 | +| main.rs:692:26:692:32 | x5.m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:697:26:697:35 | ... .m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:706:13:706:22 | self.foo() | main.rs:703:9:703:31 | fn foo | +| main.rs:720:9:720:15 | x.bar() | main.rs:705:9:707:9 | fn bar | +| main.rs:737:9:737:15 | x.foo() | main.rs:730:9:732:9 | fn foo | +| main.rs:764:9:764:14 | x.f1() | main.rs:745:9:747:9 | fn f1 | +| main.rs:765:9:765:14 | x.f2() | main.rs:749:9:751:9 | fn f2 | resolveFieldExpr | main.rs:27:26:27:28 | x.a | main.rs:7:9:7:12 | StructField | | main.rs:33:26:33:28 | x.a | main.rs:18:9:18:12 | StructField | diff --git a/rust/ql/test/library-tests/variables/Cfg.expected b/rust/ql/test/library-tests/variables/Cfg.expected index 1f25c751eaf7..2f3d99277101 100644 --- a/rust/ql/test/library-tests/variables/Cfg.expected +++ b/rust/ql/test/library-tests/variables/Cfg.expected @@ -1312,8 +1312,8 @@ edges | main.rs:532:5:532:13 | print_i64 | main.rs:532:15:532:15 | a | | | main.rs:532:5:532:25 | print_i64(...) | main.rs:533:5:533:14 | ExprStmt | | | main.rs:532:5:532:26 | ExprStmt | main.rs:532:5:532:13 | print_i64 | | -| main.rs:532:15:532:15 | a | main.rs:532:15:532:24 | a.my_get(...) | | -| main.rs:532:15:532:24 | a.my_get(...) | main.rs:532:5:532:25 | print_i64(...) | | +| main.rs:532:15:532:15 | a | main.rs:532:15:532:24 | a.my_get() | | +| main.rs:532:15:532:24 | a.my_get() | main.rs:532:5:532:25 | print_i64(...) | | | main.rs:533:5:533:5 | a | main.rs:533:5:533:9 | a.val | | | main.rs:533:5:533:9 | a.val | main.rs:533:13:533:13 | 5 | | | main.rs:533:5:533:13 | ... = ... | main.rs:534:5:534:26 | ExprStmt | | @@ -1322,8 +1322,8 @@ edges | main.rs:534:5:534:13 | print_i64 | main.rs:534:15:534:15 | a | | | main.rs:534:5:534:25 | print_i64(...) | main.rs:535:5:535:28 | ExprStmt | | | main.rs:534:5:534:26 | ExprStmt | main.rs:534:5:534:13 | print_i64 | | -| main.rs:534:15:534:15 | a | main.rs:534:15:534:24 | a.my_get(...) | | -| main.rs:534:15:534:24 | a.my_get(...) | main.rs:534:5:534:25 | print_i64(...) | | +| main.rs:534:15:534:15 | a | main.rs:534:15:534:24 | a.my_get() | | +| main.rs:534:15:534:24 | a.my_get() | main.rs:534:5:534:25 | print_i64(...) | | | main.rs:535:5:535:5 | a | main.rs:535:25:535:25 | 2 | | | main.rs:535:5:535:27 | ... = ... | main.rs:536:5:536:26 | ExprStmt | | | main.rs:535:5:535:28 | ExprStmt | main.rs:535:5:535:5 | a | | @@ -1332,8 +1332,8 @@ edges | main.rs:536:5:536:13 | print_i64 | main.rs:536:15:536:15 | a | | | main.rs:536:5:536:25 | print_i64(...) | main.rs:530:14:537:1 | { ... } | | | main.rs:536:5:536:26 | ExprStmt | main.rs:536:5:536:13 | print_i64 | | -| main.rs:536:15:536:15 | a | main.rs:536:15:536:24 | a.my_get(...) | | -| main.rs:536:15:536:24 | a.my_get(...) | main.rs:536:5:536:25 | print_i64(...) | | +| main.rs:536:15:536:15 | a | main.rs:536:15:536:24 | a.my_get() | | +| main.rs:536:15:536:24 | a.my_get() | main.rs:536:5:536:25 | print_i64(...) | | | main.rs:539:1:546:1 | enter fn arrays | main.rs:540:5:540:26 | let ... = ... | | | main.rs:539:1:546:1 | exit fn arrays (normal) | main.rs:539:1:546:1 | exit fn arrays | | | main.rs:539:13:546:1 | { ... } | main.rs:539:1:546:1 | exit fn arrays (normal) | | @@ -1419,8 +1419,8 @@ edges | main.rs:568:11:568:11 | a | main.rs:568:7:568:11 | mut a | | | main.rs:568:15:568:33 | MyStruct {...} | main.rs:568:11:568:11 | a | | | main.rs:568:31:568:31 | 1 | main.rs:568:15:568:33 | MyStruct {...} | | -| main.rs:569:3:569:3 | a | main.rs:569:3:569:9 | a.bar(...) | | -| main.rs:569:3:569:9 | a.bar(...) | main.rs:571:3:571:19 | ExprStmt | | +| main.rs:569:3:569:3 | a | main.rs:569:3:569:9 | a.bar() | | +| main.rs:569:3:569:9 | a.bar() | main.rs:571:3:571:19 | ExprStmt | | | main.rs:569:3:569:10 | ExprStmt | main.rs:569:3:569:3 | a | | | main.rs:571:3:571:11 | print_i64 | main.rs:571:13:571:13 | a | | | main.rs:571:3:571:18 | print_i64(...) | main.rs:567:30:572:1 | { ... } | | diff --git a/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected b/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected index d85eed692f6b..69f922e27bb2 100644 --- a/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected +++ b/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected @@ -15,13 +15,13 @@ edges | src/main.rs:40:52:40:60 | file_path | src/main.rs:40:38:40:61 | ...::from(...) | provenance | MaD:4 | | src/main.rs:45:24:45:32 | file_path | src/main.rs:45:5:45:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 | | src/main.rs:50:11:50:19 | file_path | src/main.rs:53:52:53:60 | file_path | provenance | | -| src/main.rs:53:9:53:17 | file_path | src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | provenance | Config | +| src/main.rs:53:9:53:17 | file_path | src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | provenance | Config | | src/main.rs:53:21:53:62 | public_path.join(...) | src/main.rs:53:9:53:17 | file_path | provenance | | | src/main.rs:53:38:53:61 | ...::from(...) | src/main.rs:53:21:53:62 | public_path.join(...) | provenance | MaD:3 | | src/main.rs:53:52:53:60 | file_path | src/main.rs:53:38:53:61 | ...::from(...) | provenance | MaD:4 | | src/main.rs:54:9:54:17 | file_path | src/main.rs:59:24:59:32 | file_path | provenance | | -| src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | src/main.rs:54:21:54:53 | ... .unwrap(...) | provenance | MaD:2 | -| src/main.rs:54:21:54:53 | ... .unwrap(...) | src/main.rs:54:9:54:17 | file_path | provenance | | +| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | src/main.rs:54:21:54:53 | ... .unwrap() | provenance | MaD:2 | +| src/main.rs:54:21:54:53 | ... .unwrap() | src/main.rs:54:9:54:17 | file_path | provenance | | | src/main.rs:59:24:59:32 | file_path | src/main.rs:59:5:59:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 | models | 1 | Sink: lang:std; crate::fs::read_to_string; path-injection; Argument[0] | @@ -48,8 +48,8 @@ nodes | src/main.rs:53:38:53:61 | ...::from(...) | semmle.label | ...::from(...) | | src/main.rs:53:52:53:60 | file_path | semmle.label | file_path | | src/main.rs:54:9:54:17 | file_path | semmle.label | file_path | -| src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | semmle.label | file_path.canonicalize(...) [Ok] | -| src/main.rs:54:21:54:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | semmle.label | file_path.canonicalize() [Ok] | +| src/main.rs:54:21:54:53 | ... .unwrap() | semmle.label | ... .unwrap() | | src/main.rs:59:5:59:22 | ...::read_to_string | semmle.label | ...::read_to_string | | src/main.rs:59:24:59:32 | file_path | semmle.label | file_path | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index 0d6f031a18f0..f2b9d39fd162 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -1,31 +1,31 @@ #select -| sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | -| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | -| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:62:26:62:46 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:62:26:62:46 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | +| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:73:25:73:45 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:73:25:73:45 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | +| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | edges | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | | | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:1 | | sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:10 | | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:5 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | provenance | MaD:8 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:8 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:56:34:56:89 | MacroExpr | provenance | | | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 | -| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:6 | -| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:11 | -| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 | +| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:6 | +| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance | | | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance | | -| sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance | | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | provenance | MaD:3 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | provenance | MaD:3 | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:62:26:62:46 | safe_query_3.as_str() | provenance | MaD:3 | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:73:25:73:45 | safe_query_3.as_str() | provenance | MaD:3 | | sqlx.rs:52:24:52:88 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | | | sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:88 | res | provenance | | | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | | @@ -39,17 +39,17 @@ edges | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | provenance | MaD:3 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | provenance | MaD:3 | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | provenance | MaD:3 | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | provenance | MaD:3 | | sqlx.rs:56:26:56:90 | res | sqlx.rs:56:34:56:89 | { ... } | provenance | | | sqlx.rs:56:34:56:89 | ...::format(...) | sqlx.rs:56:26:56:90 | res | provenance | | | sqlx.rs:56:34:56:89 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | | | sqlx.rs:56:34:56:89 | MacroExpr | sqlx.rs:56:34:56:89 | ...::format(...) | provenance | MaD:4 | | sqlx.rs:56:34:56:89 | { ... } | sqlx.rs:56:34:56:89 | ...::must_use(...) | provenance | MaD:9 | -| sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | provenance | MaD:3 | -| sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | provenance | MaD:3 | -| sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | provenance | MaD:3 | -| sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:3 | +| sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | provenance | MaD:3 | +| sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | provenance | MaD:3 | +| sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | provenance | MaD:3 | +| sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | provenance | MaD:3 | models | 1 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | | 2 | Source: repo:https://github.com/seanmonstar/reqwest:reqwest; crate::blocking::get; remote; ReturnValue.Field[crate::result::Result::Ok(0)] | @@ -71,11 +71,11 @@ nodes | sqlx.rs:48:9:48:21 | remote_string | semmle.label | remote_string | | sqlx.rs:48:25:48:46 | ...::get | semmle.label | ...::get | | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | -| sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] | +| sqlx.rs:48:25:48:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:49:9:49:21 | remote_number | semmle.label | remote_number | -| sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | semmle.label | remote_string.parse(...) [Ok] | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 | | sqlx.rs:52:24:52:88 | res | semmle.label | res | @@ -95,16 +95,16 @@ nodes | sqlx.rs:56:34:56:89 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:56:34:56:89 | MacroExpr | semmle.label | MacroExpr | | sqlx.rs:56:34:56:89 | { ... } | semmle.label | { ... } | -| sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | semmle.label | safe_query_3.as_str(...) | +| sqlx.rs:62:26:62:46 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() | | sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] | -| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | +| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | | sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | -| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) | -| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | semmle.label | unsafe_query_4.as_str(...) | -| sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | semmle.label | safe_query_3.as_str(...) | +| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() | +| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | +| sqlx.rs:73:25:73:45 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() | | sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] | -| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | +| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | | sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | -| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) | -| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | semmle.label | unsafe_query_4.as_str(...) | +| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() | +| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected index 763558a9c16c..689a333ef718 100644 --- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected +++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected @@ -21,8 +21,8 @@ edges | main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:7 | | main.rs:12:50:12:57 | password | main.rs:12:27:12:59 | MacroExpr | provenance | | | main.rs:13:9:13:11 | url | main.rs:14:28:14:30 | url | provenance | | -| main.rs:13:15:13:34 | ...::parse(...) [Ok] | main.rs:13:15:13:43 | ... .unwrap(...) | provenance | MaD:6 | -| main.rs:13:15:13:43 | ... .unwrap(...) | main.rs:13:9:13:11 | url | provenance | | +| main.rs:13:15:13:34 | ...::parse(...) [Ok] | main.rs:13:15:13:43 | ... .unwrap() | provenance | MaD:6 | +| main.rs:13:15:13:43 | ... .unwrap() | main.rs:13:9:13:11 | url | provenance | | | main.rs:13:26:13:33 | &address [&ref] | main.rs:13:15:13:34 | ...::parse(...) [Ok] | provenance | MaD:8 | | main.rs:13:27:13:33 | address | main.rs:13:26:13:33 | &address [&ref] | provenance | | | main.rs:14:28:14:30 | url | main.rs:14:5:14:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | @@ -78,7 +78,7 @@ nodes | main.rs:12:50:12:57 | password | semmle.label | password | | main.rs:13:9:13:11 | url | semmle.label | url | | main.rs:13:15:13:34 | ...::parse(...) [Ok] | semmle.label | ...::parse(...) [Ok] | -| main.rs:13:15:13:43 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:13:15:13:43 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:13:26:13:33 | &address [&ref] | semmle.label | &address [&ref] | | main.rs:13:27:13:33 | address | semmle.label | address | | main.rs:14:5:14:26 | ...::get | semmle.label | ...::get | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected index c085f4290588..92ba9448e38c 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected @@ -181,37 +181,37 @@ edges | test_logging.rs:167:40:167:63 | MacroExpr | test_logging.rs:167:40:167:63 | ...::Some(...) [Some] | provenance | | | test_logging.rs:167:56:167:63 | password | test_logging.rs:167:40:167:63 | MacroExpr | provenance | | | test_logging.rs:168:34:168:66 | res | test_logging.rs:168:42:168:65 | { ... } | provenance | | -| test_logging.rs:168:34:168:75 | ... .as_str(...) | test_logging.rs:168:27:168:32 | expect | provenance | MaD:1 Sink:MaD:1 | +| test_logging.rs:168:34:168:75 | ... .as_str() | test_logging.rs:168:27:168:32 | expect | provenance | MaD:1 Sink:MaD:1 | | test_logging.rs:168:42:168:65 | ...::format(...) | test_logging.rs:168:34:168:66 | res | provenance | | -| test_logging.rs:168:42:168:65 | ...::must_use(...) | test_logging.rs:168:34:168:75 | ... .as_str(...) | provenance | MaD:12 | +| test_logging.rs:168:42:168:65 | ...::must_use(...) | test_logging.rs:168:34:168:75 | ... .as_str() | provenance | MaD:12 | | test_logging.rs:168:42:168:65 | MacroExpr | test_logging.rs:168:42:168:65 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:168:42:168:65 | { ... } | test_logging.rs:168:42:168:65 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:168:58:168:65 | password | test_logging.rs:168:42:168:65 | MacroExpr | provenance | | | test_logging.rs:174:36:174:70 | res | test_logging.rs:174:44:174:69 | { ... } | provenance | | -| test_logging.rs:174:36:174:81 | ... .as_bytes(...) | test_logging.rs:174:30:174:34 | write | provenance | MaD:5 Sink:MaD:5 | +| test_logging.rs:174:36:174:81 | ... .as_bytes() | test_logging.rs:174:30:174:34 | write | provenance | MaD:5 Sink:MaD:5 | | test_logging.rs:174:44:174:69 | ...::format(...) | test_logging.rs:174:36:174:70 | res | provenance | | -| test_logging.rs:174:44:174:69 | ...::must_use(...) | test_logging.rs:174:36:174:81 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:174:44:174:69 | ...::must_use(...) | test_logging.rs:174:36:174:81 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:174:44:174:69 | MacroExpr | test_logging.rs:174:44:174:69 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:174:44:174:69 | { ... } | test_logging.rs:174:44:174:69 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:174:62:174:69 | password | test_logging.rs:174:44:174:69 | MacroExpr | provenance | | | test_logging.rs:175:40:175:74 | res | test_logging.rs:175:48:175:73 | { ... } | provenance | | -| test_logging.rs:175:40:175:85 | ... .as_bytes(...) | test_logging.rs:175:30:175:38 | write_all | provenance | MaD:6 Sink:MaD:6 | +| test_logging.rs:175:40:175:85 | ... .as_bytes() | test_logging.rs:175:30:175:38 | write_all | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:175:48:175:73 | ...::format(...) | test_logging.rs:175:40:175:74 | res | provenance | | -| test_logging.rs:175:48:175:73 | ...::must_use(...) | test_logging.rs:175:40:175:85 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:175:48:175:73 | ...::must_use(...) | test_logging.rs:175:40:175:85 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:175:48:175:73 | MacroExpr | test_logging.rs:175:48:175:73 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:175:48:175:73 | { ... } | test_logging.rs:175:48:175:73 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:175:66:175:73 | password | test_logging.rs:175:48:175:73 | MacroExpr | provenance | | | test_logging.rs:178:15:178:49 | res | test_logging.rs:178:23:178:48 | { ... } | provenance | | -| test_logging.rs:178:15:178:60 | ... .as_bytes(...) | test_logging.rs:178:9:178:13 | write | provenance | MaD:5 Sink:MaD:5 | +| test_logging.rs:178:15:178:60 | ... .as_bytes() | test_logging.rs:178:9:178:13 | write | provenance | MaD:5 Sink:MaD:5 | | test_logging.rs:178:23:178:48 | ...::format(...) | test_logging.rs:178:15:178:49 | res | provenance | | -| test_logging.rs:178:23:178:48 | ...::must_use(...) | test_logging.rs:178:15:178:60 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:178:23:178:48 | ...::must_use(...) | test_logging.rs:178:15:178:60 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:178:23:178:48 | MacroExpr | test_logging.rs:178:23:178:48 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:178:23:178:48 | { ... } | test_logging.rs:178:23:178:48 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:178:41:178:48 | password | test_logging.rs:178:23:178:48 | MacroExpr | provenance | | | test_logging.rs:181:15:181:49 | res | test_logging.rs:181:23:181:48 | { ... } | provenance | | -| test_logging.rs:181:15:181:60 | ... .as_bytes(...) | test_logging.rs:181:9:181:13 | write | provenance | MaD:4 Sink:MaD:4 | +| test_logging.rs:181:15:181:60 | ... .as_bytes() | test_logging.rs:181:9:181:13 | write | provenance | MaD:4 Sink:MaD:4 | | test_logging.rs:181:23:181:48 | ...::format(...) | test_logging.rs:181:15:181:49 | res | provenance | | -| test_logging.rs:181:23:181:48 | ...::must_use(...) | test_logging.rs:181:15:181:60 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:181:23:181:48 | ...::must_use(...) | test_logging.rs:181:15:181:60 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:181:23:181:48 | MacroExpr | test_logging.rs:181:23:181:48 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:181:23:181:48 | { ... } | test_logging.rs:181:23:181:48 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:181:41:181:48 | password | test_logging.rs:181:23:181:48 | MacroExpr | provenance | | @@ -400,7 +400,7 @@ nodes | test_logging.rs:167:56:167:63 | password | semmle.label | password | | test_logging.rs:168:27:168:32 | expect | semmle.label | expect | | test_logging.rs:168:34:168:66 | res | semmle.label | res | -| test_logging.rs:168:34:168:75 | ... .as_str(...) | semmle.label | ... .as_str(...) | +| test_logging.rs:168:34:168:75 | ... .as_str() | semmle.label | ... .as_str() | | test_logging.rs:168:42:168:65 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:168:42:168:65 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:168:42:168:65 | MacroExpr | semmle.label | MacroExpr | @@ -408,7 +408,7 @@ nodes | test_logging.rs:168:58:168:65 | password | semmle.label | password | | test_logging.rs:174:30:174:34 | write | semmle.label | write | | test_logging.rs:174:36:174:70 | res | semmle.label | res | -| test_logging.rs:174:36:174:81 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:174:36:174:81 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:174:44:174:69 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:174:44:174:69 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:174:44:174:69 | MacroExpr | semmle.label | MacroExpr | @@ -416,7 +416,7 @@ nodes | test_logging.rs:174:62:174:69 | password | semmle.label | password | | test_logging.rs:175:30:175:38 | write_all | semmle.label | write_all | | test_logging.rs:175:40:175:74 | res | semmle.label | res | -| test_logging.rs:175:40:175:85 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:175:40:175:85 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:175:48:175:73 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:175:48:175:73 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:175:48:175:73 | MacroExpr | semmle.label | MacroExpr | @@ -424,7 +424,7 @@ nodes | test_logging.rs:175:66:175:73 | password | semmle.label | password | | test_logging.rs:178:9:178:13 | write | semmle.label | write | | test_logging.rs:178:15:178:49 | res | semmle.label | res | -| test_logging.rs:178:15:178:60 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:178:15:178:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:178:23:178:48 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:178:23:178:48 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:178:23:178:48 | MacroExpr | semmle.label | MacroExpr | @@ -432,7 +432,7 @@ nodes | test_logging.rs:178:41:178:48 | password | semmle.label | password | | test_logging.rs:181:9:181:13 | write | semmle.label | write | | test_logging.rs:181:15:181:49 | res | semmle.label | res | -| test_logging.rs:181:15:181:60 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:181:15:181:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:181:23:181:48 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:181:23:181:48 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:181:23:181:48 | MacroExpr | semmle.label | MacroExpr | From d5d61dd8b3a2149588ee1f7d84139eefbfbb7164 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 12:49:34 +0200 Subject: [PATCH 209/409] Rust: Add inline expectations test for type inference --- .../rust/elements/internal/FunctionImpl.qll | 18 + rust/ql/lib/utils/test/InlineMadTest.qll | 11 +- .../library-tests/type-inference/loop/main.rs | 2 +- .../test/library-tests/type-inference/main.rs | 171 +- .../type-inference/type-inference.expected | 1644 ++++++++--------- .../type-inference/type-inference.ql | 56 +- 6 files changed, 948 insertions(+), 954 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll index ca019bd01e22..594dbaa0bf5d 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll @@ -5,6 +5,7 @@ */ private import codeql.rust.elements.internal.generated.Function +private import codeql.rust.elements.Comment /** * INTERNAL: This module contains the customizable definition of `Function` and should not @@ -26,5 +27,22 @@ module Impl { */ class Function extends Generated::Function { override string toStringImpl() { result = "fn " + this.getName().getText() } + + /** + * Gets a comment preceding this function. + * + * A comment is considered preceding if it occurs immediately before this + * function or if only other comments occur between the comment and this + * function. + */ + Comment getPrecedingComment() { + result.getLocation().getFile() = this.getLocation().getFile() and + // When a function is preceded by comments its start line is the line of + // the first comment. Hence all relevant comments are found by including + // comments from the start line and up to the line with the function + // name. + this.getLocation().getStartLine() <= result.getLocation().getStartLine() and + result.getLocation().getStartLine() <= this.getName().getLocation().getStartLine() + } } } diff --git a/rust/ql/lib/utils/test/InlineMadTest.qll b/rust/ql/lib/utils/test/InlineMadTest.qll index b79818ad0e93..00000060ab63 100644 --- a/rust/ql/lib/utils/test/InlineMadTest.qll +++ b/rust/ql/lib/utils/test/InlineMadTest.qll @@ -5,16 +5,7 @@ private module InlineMadTestLang implements InlineMadTestLangSig { class Callable = R::Function; string getComment(R::Function callable) { - exists(R::Comment comment | - result = comment.getCommentText() and - comment.getLocation().getFile() = callable.getLocation().getFile() and - // When a function is preceded by comments its start line is the line of - // the first comment. Hence all relevant comments are found by including - // comments from the start line and up to the line with the function - // name. - callable.getLocation().getStartLine() <= comment.getLocation().getStartLine() and - comment.getLocation().getStartLine() <= callable.getName().getLocation().getStartLine() - ) + result = callable.getPrecedingComment().getCommentText() } } diff --git a/rust/ql/test/library-tests/type-inference/loop/main.rs b/rust/ql/test/library-tests/type-inference/loop/main.rs index da1d19e3f62d..cee32b0da99b 100644 --- a/rust/ql/test/library-tests/type-inference/loop/main.rs +++ b/rust/ql/test/library-tests/type-inference/loop/main.rs @@ -9,6 +9,6 @@ trait T1: T2> { trait T2: T1> { fn bar(self) { - self.foo() + self.foo() // $ method=foo } } diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 287dbeb29c2c..2a432d50b8d9 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -24,36 +24,36 @@ mod field_access { fn simple_field_access() { let x = MyThing { a: S }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=MyThing } fn generic_field_access() { // Explicit type argument - let x = GenericThing:: { a: S }; - println!("{:?}", x.a); + let x = GenericThing:: { a: S }; // $ type=x:A.S + println!("{:?}", x.a); // $ fieldof=GenericThing // Implicit type argument let y = GenericThing { a: S }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=GenericThing // The type of the field `a` can only be inferred from the concrete type // in the struct declaration. let x = OptionS { a: MyOption::MyNone(), }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=OptionS // The type of the field `a` can only be inferred from the type argument let x = GenericThing::> { a: MyOption::MyNone(), }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=GenericThing let mut x = GenericThing { a: MyOption::MyNone(), }; // Only after this access can we infer the type parameter of `x` - let a: MyOption = x.a; + let a: MyOption = x.a; // $ fieldof=GenericThing println!("{:?}", a); } @@ -85,8 +85,8 @@ mod method_impl { pub fn g(x: Foo, y: Foo) -> Foo { println!("main.rs::m1::g"); - x.m1(); - y.m2() + x.m1(); // $ method=m1 + y.m2() // $ method=m2 } } @@ -102,20 +102,22 @@ mod method_non_parametric_impl { struct S2; impl MyThing { + // MyThing::m1 fn m1(self) -> S1 { - self.a + self.a // $ fieldof=MyThing } } impl MyThing { + // MyThing::m1 fn m1(self) -> Self { - Self { a: self.a } + Self { a: self.a } // $ fieldof=MyThing } } impl MyThing { fn m2(self) -> T { - self.a + self.a // $ fieldof=MyThing } } @@ -124,17 +126,17 @@ mod method_non_parametric_impl { let y = MyThing { a: S2 }; // simple field access - println!("{:?}", x.a); - println!("{:?}", y.a); + println!("{:?}", x.a); // $ fieldof=MyThing + println!("{:?}", y.a); // $ fieldof=MyThing - println!("{:?}", x.m1()); // missing call target - println!("{:?}", y.m1().a); // missing call target + println!("{:?}", x.m1()); // $ MISSING: method=MyThing::m1 + println!("{:?}", y.m1().a); // $ MISSING: method=MyThing::m1, field=MyThing let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 } } @@ -161,18 +163,20 @@ mod method_non_parametric_trait_impl { } fn call_trait_m1>(x: T2) -> T1 { - x.m1() + x.m1() // $ method=m1 } impl MyTrait for MyThing { + // MyThing::m1 fn m1(self) -> S1 { - self.a + self.a // $ fieldof=MyThing } } impl MyTrait for MyThing { + // MyThing::m1 fn m1(self) -> Self { - Self { a: self.a } + Self { a: self.a } // $ fieldof=MyThing } } @@ -180,14 +184,14 @@ mod method_non_parametric_trait_impl { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); // missing call target - println!("{:?}", y.m1().a); // missing call target + println!("{:?}", x.m1()); // $ MISSING: method=MyThing::m1 + println!("{:?}", y.m1().a); // $ MISSING: method=MyThing::m1, field=MyThing let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", call_trait_m1(x)); // missing - println!("{:?}", call_trait_m1(y).a); // missing + println!("{:?}", call_trait_m1(x)); // MISSING: type=call_trait_m1(...):S1 + println!("{:?}", call_trait_m1(y).a); // MISSING: field=MyThing } } @@ -203,32 +207,34 @@ mod type_parameter_bounds { // Two traits with the same method name. trait FirstTrait { + // FirstTrait::method fn method(self) -> FT; } trait SecondTrait { + // SecondTrait::method fn method(self) -> ST; } fn call_first_trait_per_bound>(x: T) { // The type parameter bound determines which method this call is resolved to. - let s1 = x.method(); + let s1 = x.method(); // $ method=SecondTrait::method println!("{:?}", s1); } fn call_second_trait_per_bound>(x: T) { // The type parameter bound determines which method this call is resolved to. - let s2 = x.method(); + let s2 = x.method(); // $ method=SecondTrait::method println!("{:?}", s2); } fn trait_bound_with_type>(x: T) { - let s = x.method(); - println!("{:?}", s); + let s = x.method(); // $ method=FirstTrait::method + println!("{:?}", s); // $ type=s:S1 } fn trait_per_bound_with_type>(x: T) { - let s = x.method(); + let s = x.method(); // $ method=FirstTrait::method println!("{:?}", s); } @@ -240,15 +246,15 @@ mod type_parameter_bounds { fn call_trait_per_bound_with_type_1>(x: T, y: T) { // The type in the type parameter bound determines the return type. - let s1 = x.fst(); - let s2 = y.snd(); + let s1 = x.fst(); // $ method=fst + let s2 = y.snd(); // $ method=snd println!("{:?}, {:?}", s1, s2); } fn call_trait_per_bound_with_type_2>(x: T, y: T) { // The type in the type parameter bound determines the return type. - let s1 = x.fst(); - let s2 = y.snd(); + let s1 = x.fst(); // $ method=fst + let s2 = y.snd(); // $ method=snd println!("{:?}, {:?}", s1, s2); } } @@ -271,23 +277,23 @@ mod function_trait_bounds { where Self: Sized, { - self.m1() + self.m1() // $ method=m1 } } // Type parameter with bound occurs in the root of a parameter type. fn call_trait_m1>(x: T2) -> T1 { - x.m1() + x.m1() // $ method=m1 type=x.m1():T1 } // Type parameter with bound occurs nested within another type. fn call_trait_thing_m1>(x: MyThing) -> T1 { - x.a.m1() + x.a.m1() // $ fieldof=MyThing method=m1 } impl MyTrait for MyThing { fn m1(self) -> T { - self.a + self.a // $ fieldof=MyThing } } @@ -295,14 +301,14 @@ mod function_trait_bounds { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=m1 + println!("{:?}", y.m1()); // $ method=m1 let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 let x2 = MyThing { a: S1 }; let y2 = MyThing { a: S2 }; @@ -343,6 +349,7 @@ mod trait_associated_type { impl MyTrait for S { type AssociatedType = S; + // S::m1 fn m1(self) -> Self::AssociatedType { S } @@ -350,10 +357,10 @@ mod trait_associated_type { pub fn f() { let x = S; - println!("{:?}", x.m1()); + println!("{:?}", x.m1()); // $ method=S::m1 let x = S; - println!("{:?}", x.m2()); // missing + println!("{:?}", x.m2()); // $ method=m2 } } @@ -382,8 +389,8 @@ mod generic_enum { let x = MyEnum::C1(S1); let y = MyEnum::C2 { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=m1 + println!("{:?}", y.m1()); // $ method=m1 } } @@ -404,6 +411,7 @@ mod method_supertraits { struct S2; trait MyTrait1 { + // MyTrait1::m1 fn m1(self) -> Tr1; } @@ -413,7 +421,7 @@ mod method_supertraits { Self: Sized, { if 1 + 1 > 2 { - self.m1() + self.m1() // $ method=MyTrait1::m1 } else { Self::m1(self) } @@ -426,24 +434,26 @@ mod method_supertraits { Self: Sized, { if 1 + 1 > 2 { - self.m2().a + self.m2().a // $ method=m2 $ fieldof=MyThing } else { - Self::m2(self).a + Self::m2(self).a // $ fieldof=MyThing } } } impl MyTrait1 for MyThing { + // MyThing::m1 fn m1(self) -> T { - self.a + self.a // $ fieldof=MyThing } } impl MyTrait2 for MyThing {} impl MyTrait1> for MyThing2 { + // MyThing2::m1 fn m1(self) -> MyThing { - MyThing { a: self.a } + MyThing { a: self.a } // $ fieldof=MyThing2 } } @@ -455,20 +465,20 @@ mod method_supertraits { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=MyThing::m1 + println!("{:?}", y.m1()); // $ method=MyThing::m1 let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 let x = MyThing2 { a: S1 }; let y = MyThing2 { a: S2 }; - println!("{:?}", x.m3()); - println!("{:?}", y.m3()); + println!("{:?}", x.m3()); // $ method=m3 + println!("{:?}", y.m3()); // $ method=m3 } } @@ -572,14 +582,16 @@ mod option_methods { } trait MyTrait { + // MyTrait::set fn set(&mut self, value: S); fn call_set(&mut self, value: S) { - self.set(value); + self.set(value); // $ method=MyTrait::set } } impl MyTrait for MyOption { + // MyOption::set fn set(&mut self, value: T) {} } @@ -602,15 +614,15 @@ mod option_methods { struct S; pub fn f() { - let x1 = MyOption::::new(); // `::new` missing type `S` + let x1 = MyOption::::new(); // $ MISSING: type=x1:T.S println!("{:?}", x1); let mut x2 = MyOption::new(); - x2.set(S); + x2.set(S); // $ method=MyOption::set println!("{:?}", x2); let mut x3 = MyOption::new(); // missing type `S` from `MyOption` (but can resolve `MyTrait`) - x3.call_set(S); + x3.call_set(S); // $ method=call_set println!("{:?}", x3); let mut x4 = MyOption::new(); @@ -618,7 +630,7 @@ mod option_methods { println!("{:?}", x4); let x5 = MyOption::MySome(MyOption::::MyNone()); - println!("{:?}", x5.flatten()); // missing call target + println!("{:?}", x5.flatten()); // MISSING: method=flatten let x6 = MyOption::MySome(MyOption::::MyNone()); println!("{:?}", MyOption::>::flatten(x6)); @@ -656,26 +668,26 @@ mod method_call_type_conversion { impl S { fn m1(self) -> T { - self.0 + self.0 // $ fieldof=S } fn m2(&self) -> &T { - &self.0 + &self.0 // $ fieldof=S } fn m3(self: &S) -> &T { - &self.0 + &self.0 // $ fieldof=S } } pub fn f() { let x1 = S(S2); - println!("{:?}", x1.m1()); + println!("{:?}", x1.m1()); // $ method=m1 let x2 = S(S2); // implicit borrow - println!("{:?}", x2.m2()); - println!("{:?}", x2.m3()); + println!("{:?}", x2.m2()); // $ method=m2 + println!("{:?}", x2.m3()); // $ method=m3 let x3 = S(S2); // explicit borrow @@ -684,32 +696,35 @@ mod method_call_type_conversion { let x4 = &S(S2); // explicit borrow - println!("{:?}", x4.m2()); - println!("{:?}", x4.m3()); + println!("{:?}", x4.m2()); // $ method=m2 + println!("{:?}", x4.m3()); // $ method=m3 let x5 = &S(S2); // implicit dereference - println!("{:?}", x5.m1()); - println!("{:?}", x5.0); + println!("{:?}", x5.m1()); // $ method=m1 + println!("{:?}", x5.0); // $ fieldof=S let x6 = &S(S2); // explicit dereference - println!("{:?}", (*x6).m1()); + println!("{:?}", (*x6).m1()); // $ method=m1 } } mod trait_implicit_self_borrow { trait MyTrait { + // MyTrait::foo fn foo(&self) -> &Self; + // MyTrait::bar fn bar(&self) -> &Self { - self.foo() + self.foo() // $ method=MyTrait::foo } } struct MyStruct; impl MyTrait for MyStruct { + // MyStruct::foo fn foo(&self) -> &MyStruct { self } @@ -717,7 +732,7 @@ mod trait_implicit_self_borrow { pub fn f() { let x = MyStruct; - x.bar(); + x.bar(); // $ method=MyTrait::bar } } @@ -734,7 +749,7 @@ mod implicit_self_borrow { pub fn f() { let x = MyStruct(S); - x.foo(); + x.foo(); // $ method=foo } } @@ -761,8 +776,8 @@ mod borrowed_typed { pub fn f() { let x = S {}; - x.f1(); - x.f2(); + x.f1(); // $ method=f1 + x.f2(); // $ method=f2 S::f3(&x); } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 7e8d0e4e73c6..d8164f4be81b 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -1,3 +1,4 @@ +testFailures inferType | loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | | loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | @@ -79,861 +80,788 @@ inferType | main.rs:88:9:88:14 | x.m1() | | main.rs:67:5:67:21 | Foo | | main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | Foo | | main.rs:89:9:89:14 | y.m2() | | main.rs:67:5:67:21 | Foo | -| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | -| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | S1 | -| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | S1 | -| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | S1 | -| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | -| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | MyThing | -| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | S2 | -| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:117:15:117:18 | SelfParam | A | main.rs:116:10:116:10 | T | -| main.rs:117:26:119:9 | { ... } | | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:118:13:118:16 | self | A | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:18 | self.a | | main.rs:116:10:116:10 | T | -| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | -| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | S1 | -| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | S2 | -| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | S1 | -| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | S2 | -| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | -| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | S1 | -| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | S2 | -| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:136:26:136:31 | x.m2() | | main.rs:99:5:100:14 | S1 | -| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:137:26:137:31 | y.m2() | | main.rs:101:5:102:14 | S2 | -| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | -| main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:14 | x.m1() | | main.rs:163:22:163:23 | T1 | -| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | -| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | S1 | -| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | S1 | -| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | MyThing | -| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | S1 | -| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | S1 | -| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | -| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | S2 | -| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | MyThing | -| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | MyThing | -| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | S2 | -| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | -| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | S1 | -| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | S2 | -| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | -| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | S1 | -| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | S2 | -| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | -| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | -| main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:27 | x.method() | | main.rs:213:35:213:42 | I | -| main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:27 | x.method() | | main.rs:219:36:219:43 | I | -| main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:26 | x.method() | | main.rs:197:5:198:14 | S1 | -| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:26 | x.method() | | main.rs:197:5:198:14 | S1 | -| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | -| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | -| main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | -| main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:24 | x.fst() | | main.rs:197:5:198:14 | S1 | -| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | S2 | -| main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:24 | y.snd() | | main.rs:200:5:201:14 | S2 | -| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | S2 | -| main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | -| main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:24 | x.fst() | | main.rs:197:5:198:14 | S1 | -| main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:24 | y.snd() | | main.rs:248:41:248:49 | T2 | -| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | -| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:274:13:274:21 | self.m1() | | main.rs:267:19:267:19 | A | -| main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | -| main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:14 | x.m1() | | main.rs:279:22:279:23 | T1 | -| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:16 | ... .m1() | | main.rs:284:28:284:29 | T1 | -| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | MyThing | -| main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | -| main.rs:289:26:291:9 | { ... } | | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | MyThing | -| main.rs:290:13:290:16 | self | T | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:18 | self.a | | main.rs:288:10:288:10 | T | -| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:298:26:298:31 | x.m1() | | main.rs:262:5:263:14 | S1 | -| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:299:26:299:31 | y.m1() | | main.rs:264:5:265:14 | S2 | -| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:304:26:304:31 | x.m2() | | main.rs:262:5:263:14 | S1 | -| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:305:26:305:31 | y.m2() | | main.rs:264:5:265:14 | S2 | -| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | S1 | -| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | S2 | -| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | S1 | -| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | S1 | -| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | S2 | -| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | S2 | -| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | S1 | -| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | S2 | -| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | S | -| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | S | -| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | S | -| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | S | -| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | S | -| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | S | -| main.rs:353:26:353:31 | x.m1() | | main.rs:340:5:341:13 | S | -| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | S | -| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | S | -| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | S | -| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | MyEnum | -| main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | -| main.rs:373:26:378:9 | { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:13:377:13 | match self { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | MyEnum | -| main.rs:374:19:374:22 | self | A | main.rs:372:10:372:10 | T | -| main.rs:375:28:375:28 | a | | main.rs:372:10:372:10 | T | -| main.rs:375:34:375:34 | a | | main.rs:372:10:372:10 | T | -| main.rs:376:30:376:30 | a | | main.rs:372:10:372:10 | T | -| main.rs:376:37:376:37 | a | | main.rs:372:10:372:10 | T | -| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | MyEnum | -| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | S1 | -| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | MyEnum | -| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | S1 | -| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | S1 | -| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | MyEnum | -| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | S2 | -| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | MyEnum | -| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | S2 | -| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | S2 | -| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | MyEnum | -| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | S1 | -| main.rs:385:26:385:31 | x.m1() | | main.rs:367:5:368:14 | S1 | -| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | MyEnum | -| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | S2 | -| main.rs:386:26:386:31 | y.m1() | | main.rs:369:5:370:14 | S2 | -| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | -| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | -| main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:416:17:416:25 | self.m1() | | main.rs:410:20:410:22 | Tr2 | -| main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:427:9:433:9 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | -| main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:429:17:429:25 | self.m2() | | main.rs:391:5:394:5 | MyThing | -| main.rs:429:17:429:25 | self.m2() | A | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:430:20:432:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | MyThing | -| main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | MyThing | -| main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | -| main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | MyThing | -| main.rs:438:13:438:16 | self | A | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:18 | self.a | | main.rs:436:10:436:10 | T | -| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:445:15:445:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | MyThing | -| main.rs:445:35:447:9 | { ... } | A | main.rs:444:10:444:10 | T | -| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:446:13:446:33 | MyThing {...} | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:446:26:446:29 | self | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:31 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:458:26:458:31 | x.m1() | | main.rs:401:5:402:14 | S1 | -| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:459:26:459:31 | y.m1() | | main.rs:403:5:404:14 | S2 | -| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:464:26:464:31 | x.m2() | | main.rs:401:5:402:14 | S1 | -| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:465:26:465:31 | y.m2() | | main.rs:403:5:404:14 | S2 | -| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:470:26:470:31 | x.m3() | | main.rs:401:5:402:14 | S1 | -| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:471:26:471:31 | y.m3() | | main.rs:403:5:404:14 | S2 | -| main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | -| main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:489:35:491:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:489:35:491:5 | { ... } | &T | main.rs:489:11:489:19 | T | -| main.rs:490:9:490:9 | x | | file://:0:0:0:0 | & | -| main.rs:490:9:490:9 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | S1 | -| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | S2 | -| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | S2 | -| main.rs:499:21:499:21 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:502:5:504:5 | { ... } | | main.rs:499:17:499:18 | T2 | -| main.rs:503:9:503:9 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:503:9:503:16 | x.into() | | main.rs:499:17:499:18 | T2 | -| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:508:26:508:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:508:29:508:30 | &x | | file://:0:0:0:0 | & | -| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:511:26:511:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:511:35:511:36 | &x | | file://:0:0:0:0 | & | -| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:514:26:514:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:514:42:514:43 | &x | | file://:0:0:0:0 | & | -| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | S2 | -| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | S2 | -| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | S2 | -| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | PairOption | -| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | S1 | -| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | S2 | -| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | PairOption | -| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | PairOption | -| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | S3 | -| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | -| main.rs:577:21:577:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:577:32:577:36 | value | | main.rs:574:19:574:19 | S | -| main.rs:578:13:578:16 | self | | file://:0:0:0:0 | & | -| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | -| main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | MyOption | -| main.rs:583:16:583:24 | SelfParam | &T.T | main.rs:582:10:582:10 | T | -| main.rs:583:27:583:31 | value | | main.rs:582:10:582:10 | T | -| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:587:26:589:9 | { ... } | T | main.rs:586:10:586:10 | T | -| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:588:13:588:30 | ...::MyNone(...) | T | main.rs:586:10:586:10 | T | -| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | MyOption | -| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | MyOption | -| main.rs:593:20:593:23 | SelfParam | T.T | main.rs:592:10:592:10 | T | -| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:593:41:598:9 | { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:594:13:597:13 | match self { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | MyOption | -| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | MyOption | -| main.rs:594:19:594:22 | self | T.T | main.rs:592:10:592:10 | T | -| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:595:39:595:56 | ...::MyNone(...) | T | main.rs:592:10:592:10 | T | -| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | MyOption | -| main.rs:596:34:596:34 | x | T | main.rs:592:10:592:10 | T | -| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | MyOption | -| main.rs:596:40:596:40 | x | T | main.rs:592:10:592:10 | T | -| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | MyOption | -| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | S | -| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | -| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | S | -| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | S | -| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | S | -| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | S | -| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | S | -| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | -| main.rs:617:23:617:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | MyOption | -| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | S | -| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | S | -| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | S | -| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | S | -| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | S | -| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | -| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | MyOption | -| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | S | -| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | MyOption | -| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | S | -| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | S | -| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | S | -| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | S | -| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | MyOption | -| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | S | -| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | MyOption | -| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | S | -| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | S | -| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | MyOption | -| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | S | -| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | MyOption | -| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | S | -| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | S | -| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | MyOption | -| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | S | -| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | S | -| main.rs:658:15:658:18 | SelfParam | T | main.rs:657:10:657:10 | T | -| main.rs:658:26:660:9 | { ... } | | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | S | -| main.rs:659:13:659:16 | self | T | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:18 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:662:15:662:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | S | -| main.rs:662:15:662:19 | SelfParam | &T.T | main.rs:657:10:657:10 | T | -| main.rs:662:28:664:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:662:28:664:9 | { ... } | &T | main.rs:657:10:657:10 | T | -| main.rs:663:13:663:19 | &... | | file://:0:0:0:0 | & | -| main.rs:663:13:663:19 | &... | &T | main.rs:657:10:657:10 | T | -| main.rs:663:14:663:17 | self | | file://:0:0:0:0 | & | -| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | S | -| main.rs:663:14:663:17 | self | &T.T | main.rs:657:10:657:10 | T | -| main.rs:663:14:663:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:666:15:666:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | S | -| main.rs:666:15:666:25 | SelfParam | &T.T | main.rs:657:10:657:10 | T | -| main.rs:666:34:668:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:666:34:668:9 | { ... } | &T | main.rs:657:10:657:10 | T | -| main.rs:667:13:667:19 | &... | | file://:0:0:0:0 | & | -| main.rs:667:13:667:19 | &... | &T | main.rs:657:10:657:10 | T | -| main.rs:667:14:667:17 | self | | file://:0:0:0:0 | & | -| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | S | -| main.rs:667:14:667:17 | self | &T.T | main.rs:657:10:657:10 | T | -| main.rs:667:14:667:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | S | -| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | S2 | -| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | S | -| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | S2 | -| main.rs:673:26:673:32 | x1.m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:677:26:677:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:677:26:677:32 | x2.m2() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:678:26:678:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:678:26:678:32 | x2.m3() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:682:26:682:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | S2 | -| main.rs:682:38:682:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | S | -| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:683:26:683:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | S2 | -| main.rs:683:38:683:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | S | -| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:685:13:685:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:685:18:685:23 | &... | | file://:0:0:0:0 | & | -| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:687:26:687:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:687:26:687:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:687:26:687:32 | x4.m2() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:688:26:688:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:688:26:688:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:688:26:688:32 | x4.m3() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:690:13:690:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:690:18:690:23 | &... | | file://:0:0:0:0 | & | -| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:692:26:692:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:692:26:692:32 | x5.m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:693:26:693:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | S2 | -| main.rs:695:13:695:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | S | -| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:695:18:695:23 | &... | | file://:0:0:0:0 | & | -| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | S | -| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:697:26:697:35 | ... .m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | S | -| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | S2 | -| main.rs:697:28:697:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | S | -| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:705:32:707:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | -| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo() | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | -| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | MyStruct | -| main.rs:720:9:720:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar() | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:730:16:730:20 | SelfParam | &T.T | main.rs:729:10:729:10 | T | -| main.rs:730:32:732:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:730:32:732:9 | { ... } | &T.T | main.rs:729:10:729:10 | T | -| main.rs:731:13:731:16 | self | | file://:0:0:0:0 | & | -| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:731:13:731:16 | self | &T.T | main.rs:729:10:729:10 | T | -| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | MyStruct | -| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | S | -| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | MyStruct | -| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | S | -| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | S | -| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | MyStruct | -| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | S | -| main.rs:737:9:737:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:737:9:737:15 | x.foo() | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:737:9:737:15 | x.foo() | &T.T | main.rs:725:5:725:13 | S | -| main.rs:745:15:745:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | S | -| main.rs:745:31:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:746:13:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:746:14:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:746:15:746:19 | &self | | file://:0:0:0:0 | & | -| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | S | -| main.rs:746:16:746:19 | self | | file://:0:0:0:0 | & | -| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | S | -| main.rs:749:15:749:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | S | -| main.rs:749:37:751:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:750:13:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:750:14:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:750:15:750:19 | &self | | file://:0:0:0:0 | & | -| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | S | -| main.rs:750:16:750:19 | self | | file://:0:0:0:0 | & | -| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | S | -| main.rs:753:15:753:15 | x | | file://:0:0:0:0 | & | -| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:753:34:755:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:754:13:754:13 | x | | file://:0:0:0:0 | & | -| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:757:15:757:15 | x | | file://:0:0:0:0 | & | -| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:757:34:759:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:758:13:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:758:14:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:758:15:758:16 | &x | | file://:0:0:0:0 | & | -| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | S | -| main.rs:758:16:758:16 | x | | file://:0:0:0:0 | & | -| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | S | -| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | S | -| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | S | -| main.rs:764:9:764:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:764:9:764:14 | x.f1() | &T | main.rs:742:5:742:13 | S | -| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | S | -| main.rs:765:9:765:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:765:9:765:14 | x.f2() | &T | main.rs:742:5:742:13 | S | -| main.rs:766:9:766:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | S | -| main.rs:766:15:766:16 | &x | | file://:0:0:0:0 | & | -| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | S | -| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | S | -| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -resolveMethodCallExpr -| loop/main.rs:12:9:12:18 | self.foo() | loop/main.rs:7:5:7:19 | fn foo | -| main.rs:88:9:88:14 | x.m1() | main.rs:70:9:72:9 | fn m1 | -| main.rs:89:9:89:14 | y.m2() | main.rs:74:9:76:9 | fn m2 | -| main.rs:136:26:136:31 | x.m2() | main.rs:117:9:119:9 | fn m2 | -| main.rs:137:26:137:31 | y.m2() | main.rs:117:9:119:9 | fn m2 | -| main.rs:164:9:164:14 | x.m1() | main.rs:153:9:153:25 | fn m1 | -| main.rs:215:18:215:27 | x.method() | main.rs:210:9:210:30 | fn method | -| main.rs:221:18:221:27 | x.method() | main.rs:210:9:210:30 | fn method | -| main.rs:226:17:226:26 | x.method() | main.rs:206:9:206:30 | fn method | -| main.rs:231:17:231:26 | x.method() | main.rs:206:9:206:30 | fn method | -| main.rs:243:18:243:24 | x.fst() | main.rs:236:9:236:27 | fn fst | -| main.rs:244:18:244:24 | y.snd() | main.rs:238:9:238:27 | fn snd | -| main.rs:250:18:250:24 | x.fst() | main.rs:236:9:236:27 | fn fst | -| main.rs:251:18:251:24 | y.snd() | main.rs:238:9:238:27 | fn snd | -| main.rs:274:13:274:21 | self.m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:280:9:280:14 | x.m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:285:9:285:16 | ... .m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:298:26:298:31 | x.m1() | main.rs:289:9:291:9 | fn m1 | -| main.rs:299:26:299:31 | y.m1() | main.rs:289:9:291:9 | fn m1 | -| main.rs:304:26:304:31 | x.m2() | main.rs:270:9:275:9 | fn m2 | -| main.rs:305:26:305:31 | y.m2() | main.rs:270:9:275:9 | fn m2 | -| main.rs:353:26:353:31 | x.m1() | main.rs:346:9:348:9 | fn m1 | -| main.rs:356:26:356:31 | x.m2() | main.rs:331:9:337:9 | fn m2 | -| main.rs:385:26:385:31 | x.m1() | main.rs:373:9:378:9 | fn m1 | -| main.rs:386:26:386:31 | y.m1() | main.rs:373:9:378:9 | fn m1 | -| main.rs:416:17:416:25 | self.m1() | main.rs:407:9:407:27 | fn m1 | -| main.rs:429:17:429:25 | self.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:458:26:458:31 | x.m1() | main.rs:437:9:439:9 | fn m1 | -| main.rs:459:26:459:31 | y.m1() | main.rs:437:9:439:9 | fn m1 | -| main.rs:464:26:464:31 | x.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:465:26:465:31 | y.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:470:26:470:31 | x.m3() | main.rs:424:9:433:9 | fn m3 | -| main.rs:471:26:471:31 | y.m3() | main.rs:424:9:433:9 | fn m3 | -| main.rs:578:13:578:27 | self.set(...) | main.rs:575:9:575:36 | fn set | -| main.rs:609:9:609:17 | x2.set(...) | main.rs:583:9:583:38 | fn set | -| main.rs:613:9:613:22 | x3.call_set(...) | main.rs:577:9:579:9 | fn call_set | -| main.rs:673:26:673:32 | x1.m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:677:26:677:32 | x2.m2() | main.rs:662:9:664:9 | fn m2 | -| main.rs:678:26:678:32 | x2.m3() | main.rs:666:9:668:9 | fn m3 | -| main.rs:687:26:687:32 | x4.m2() | main.rs:662:9:664:9 | fn m2 | -| main.rs:688:26:688:32 | x4.m3() | main.rs:666:9:668:9 | fn m3 | -| main.rs:692:26:692:32 | x5.m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:697:26:697:35 | ... .m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:706:13:706:22 | self.foo() | main.rs:703:9:703:31 | fn foo | -| main.rs:720:9:720:15 | x.bar() | main.rs:705:9:707:9 | fn bar | -| main.rs:737:9:737:15 | x.foo() | main.rs:730:9:732:9 | fn foo | -| main.rs:764:9:764:14 | x.f1() | main.rs:745:9:747:9 | fn f1 | -| main.rs:765:9:765:14 | x.f2() | main.rs:749:9:751:9 | fn f2 | -resolveFieldExpr -| main.rs:27:26:27:28 | x.a | main.rs:7:9:7:12 | StructField | -| main.rs:33:26:33:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:37:26:37:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:44:26:44:28 | x.a | main.rs:22:9:22:22 | StructField | -| main.rs:50:26:50:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:56:30:56:32 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:106:13:106:18 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:112:23:112:28 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:118:13:118:18 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:127:26:127:28 | x.a | main.rs:96:9:96:12 | StructField | -| main.rs:128:26:128:28 | y.a | main.rs:96:9:96:12 | StructField | -| main.rs:169:13:169:18 | self.a | main.rs:144:9:144:12 | StructField | -| main.rs:175:23:175:28 | self.a | main.rs:144:9:144:12 | StructField | -| main.rs:285:9:285:11 | x.a | main.rs:259:9:259:12 | StructField | -| main.rs:290:13:290:18 | self.a | main.rs:259:9:259:12 | StructField | -| main.rs:429:17:429:27 | ... .a | main.rs:393:9:393:12 | StructField | -| main.rs:431:17:431:32 | ... .a | main.rs:393:9:393:12 | StructField | -| main.rs:438:13:438:18 | self.a | main.rs:393:9:393:12 | StructField | -| main.rs:446:26:446:31 | self.a | main.rs:398:9:398:12 | StructField | -| main.rs:659:13:659:18 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:663:14:663:19 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:667:14:667:19 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:693:26:693:29 | x5.0 | main.rs:652:17:652:17 | TupleField | +| main.rs:106:15:106:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:106:15:106:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | +| main.rs:106:27:108:9 | { ... } | | main.rs:99:5:100:14 | S1 | +| main.rs:107:13:107:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:107:13:107:16 | self | A | main.rs:99:5:100:14 | S1 | +| main.rs:107:13:107:18 | self.a | | main.rs:99:5:100:14 | S1 | +| main.rs:113:15:113:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:113:15:113:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | +| main.rs:113:29:115:9 | { ... } | | main.rs:94:5:97:5 | MyThing | +| main.rs:113:29:115:9 | { ... } | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:13:114:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:114:13:114:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:23:114:26 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:114:23:114:26 | self | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:23:114:28 | self.a | | main.rs:101:5:102:14 | S2 | +| main.rs:119:15:119:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:119:15:119:18 | SelfParam | A | main.rs:118:10:118:10 | T | +| main.rs:119:26:121:9 | { ... } | | main.rs:118:10:118:10 | T | +| main.rs:120:13:120:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:120:13:120:16 | self | A | main.rs:118:10:118:10 | T | +| main.rs:120:13:120:18 | self.a | | main.rs:118:10:118:10 | T | +| main.rs:125:13:125:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:125:13:125:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:125:17:125:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:125:17:125:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:125:30:125:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:126:13:126:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:126:13:126:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:126:17:126:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:126:17:126:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:126:30:126:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:129:26:129:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:129:26:129:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:129:26:129:28 | x.a | | main.rs:99:5:100:14 | S1 | +| main.rs:130:26:130:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:130:26:130:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:130:26:130:28 | y.a | | main.rs:101:5:102:14 | S2 | +| main.rs:132:26:132:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:132:26:132:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:26:133:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:26:133:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:135:13:135:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:135:13:135:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:135:17:135:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:135:17:135:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:135:30:135:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:136:13:136:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:13:136:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:136:17:136:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:17:136:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:136:30:136:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:138:26:138:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:138:26:138:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:138:26:138:31 | x.m2() | | main.rs:99:5:100:14 | S1 | +| main.rs:139:26:139:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:139:26:139:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:139:26:139:31 | y.m2() | | main.rs:101:5:102:14 | S2 | +| main.rs:155:15:155:18 | SelfParam | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:157:15:157:18 | SelfParam | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:160:9:162:9 | { ... } | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:161:13:161:16 | self | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:165:43:165:43 | x | | main.rs:165:26:165:40 | T2 | +| main.rs:165:56:167:5 | { ... } | | main.rs:165:22:165:23 | T1 | +| main.rs:166:9:166:9 | x | | main.rs:165:26:165:40 | T2 | +| main.rs:166:9:166:14 | x.m1() | | main.rs:165:22:165:23 | T1 | +| main.rs:171:15:171:18 | SelfParam | | main.rs:144:5:147:5 | MyThing | +| main.rs:171:15:171:18 | SelfParam | A | main.rs:149:5:150:14 | S1 | +| main.rs:171:27:173:9 | { ... } | | main.rs:149:5:150:14 | S1 | +| main.rs:172:13:172:16 | self | | main.rs:144:5:147:5 | MyThing | +| main.rs:172:13:172:16 | self | A | main.rs:149:5:150:14 | S1 | +| main.rs:172:13:172:18 | self.a | | main.rs:149:5:150:14 | S1 | +| main.rs:178:15:178:18 | SelfParam | | main.rs:144:5:147:5 | MyThing | +| main.rs:178:15:178:18 | SelfParam | A | main.rs:151:5:152:14 | S2 | +| main.rs:178:29:180:9 | { ... } | | main.rs:144:5:147:5 | MyThing | +| main.rs:178:29:180:9 | { ... } | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:13:179:30 | Self {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:179:13:179:30 | Self {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:23:179:26 | self | | main.rs:144:5:147:5 | MyThing | +| main.rs:179:23:179:26 | self | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:23:179:28 | self.a | | main.rs:151:5:152:14 | S2 | +| main.rs:184:13:184:13 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:184:13:184:13 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:184:17:184:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:184:17:184:33 | MyThing {...} | A | main.rs:149:5:150:14 | S1 | +| main.rs:184:30:184:31 | S1 | | main.rs:149:5:150:14 | S1 | +| main.rs:185:13:185:13 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:185:13:185:13 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:185:17:185:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:185:17:185:33 | MyThing {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:185:30:185:31 | S2 | | main.rs:151:5:152:14 | S2 | +| main.rs:187:26:187:26 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:187:26:187:26 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:188:26:188:26 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:188:26:188:26 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:190:13:190:13 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:190:13:190:13 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:190:17:190:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:190:17:190:33 | MyThing {...} | A | main.rs:149:5:150:14 | S1 | +| main.rs:190:30:190:31 | S1 | | main.rs:149:5:150:14 | S1 | +| main.rs:191:13:191:13 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:191:13:191:13 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:191:17:191:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:191:17:191:33 | MyThing {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:191:30:191:31 | S2 | | main.rs:151:5:152:14 | S2 | +| main.rs:193:40:193:40 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:193:40:193:40 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:194:40:194:40 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:194:40:194:40 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:211:19:211:22 | SelfParam | | main.rs:209:5:212:5 | Self [trait FirstTrait] | +| main.rs:216:19:216:22 | SelfParam | | main.rs:214:5:217:5 | Self [trait SecondTrait] | +| main.rs:219:64:219:64 | x | | main.rs:219:45:219:61 | T | +| main.rs:221:13:221:14 | s1 | | main.rs:219:35:219:42 | I | +| main.rs:221:18:221:18 | x | | main.rs:219:45:219:61 | T | +| main.rs:221:18:221:27 | x.method() | | main.rs:219:35:219:42 | I | +| main.rs:222:26:222:27 | s1 | | main.rs:219:35:219:42 | I | +| main.rs:225:65:225:65 | x | | main.rs:225:46:225:62 | T | +| main.rs:227:13:227:14 | s2 | | main.rs:225:36:225:43 | I | +| main.rs:227:18:227:18 | x | | main.rs:225:46:225:62 | T | +| main.rs:227:18:227:27 | x.method() | | main.rs:225:36:225:43 | I | +| main.rs:228:26:228:27 | s2 | | main.rs:225:36:225:43 | I | +| main.rs:231:49:231:49 | x | | main.rs:231:30:231:46 | T | +| main.rs:232:13:232:13 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:232:17:232:17 | x | | main.rs:231:30:231:46 | T | +| main.rs:232:17:232:26 | x.method() | | main.rs:201:5:202:14 | S1 | +| main.rs:233:26:233:26 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:236:53:236:53 | x | | main.rs:236:34:236:50 | T | +| main.rs:237:13:237:13 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:237:17:237:17 | x | | main.rs:236:34:236:50 | T | +| main.rs:237:17:237:26 | x.method() | | main.rs:201:5:202:14 | S1 | +| main.rs:238:26:238:26 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:242:16:242:19 | SelfParam | | main.rs:241:5:245:5 | Self [trait Pair] | +| main.rs:244:16:244:19 | SelfParam | | main.rs:241:5:245:5 | Self [trait Pair] | +| main.rs:247:58:247:58 | x | | main.rs:247:41:247:55 | T | +| main.rs:247:64:247:64 | y | | main.rs:247:41:247:55 | T | +| main.rs:249:13:249:14 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:249:18:249:18 | x | | main.rs:247:41:247:55 | T | +| main.rs:249:18:249:24 | x.fst() | | main.rs:201:5:202:14 | S1 | +| main.rs:250:13:250:14 | s2 | | main.rs:204:5:205:14 | S2 | +| main.rs:250:18:250:18 | y | | main.rs:247:41:247:55 | T | +| main.rs:250:18:250:24 | y.snd() | | main.rs:204:5:205:14 | S2 | +| main.rs:251:32:251:33 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:251:36:251:37 | s2 | | main.rs:204:5:205:14 | S2 | +| main.rs:254:69:254:69 | x | | main.rs:254:52:254:66 | T | +| main.rs:254:75:254:75 | y | | main.rs:254:52:254:66 | T | +| main.rs:256:13:256:14 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:256:18:256:18 | x | | main.rs:254:52:254:66 | T | +| main.rs:256:18:256:24 | x.fst() | | main.rs:201:5:202:14 | S1 | +| main.rs:257:13:257:14 | s2 | | main.rs:254:41:254:49 | T2 | +| main.rs:257:18:257:18 | y | | main.rs:254:52:254:66 | T | +| main.rs:257:18:257:24 | y.snd() | | main.rs:254:41:254:49 | T2 | +| main.rs:258:32:258:33 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:258:36:258:37 | s2 | | main.rs:254:41:254:49 | T2 | +| main.rs:274:15:274:18 | SelfParam | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:276:15:276:18 | SelfParam | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:279:9:281:9 | { ... } | | main.rs:273:19:273:19 | A | +| main.rs:280:13:280:16 | self | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:280:13:280:21 | self.m1() | | main.rs:273:19:273:19 | A | +| main.rs:285:43:285:43 | x | | main.rs:285:26:285:40 | T2 | +| main.rs:285:56:287:5 | { ... } | | main.rs:285:22:285:23 | T1 | +| main.rs:286:9:286:9 | x | | main.rs:285:26:285:40 | T2 | +| main.rs:286:9:286:14 | x.m1() | | main.rs:285:22:285:23 | T1 | +| main.rs:290:49:290:49 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:290:49:290:49 | x | T | main.rs:290:32:290:46 | T2 | +| main.rs:290:71:292:5 | { ... } | | main.rs:290:28:290:29 | T1 | +| main.rs:291:9:291:9 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:291:9:291:9 | x | T | main.rs:290:32:290:46 | T2 | +| main.rs:291:9:291:11 | x.a | | main.rs:290:32:290:46 | T2 | +| main.rs:291:9:291:16 | ... .m1() | | main.rs:290:28:290:29 | T1 | +| main.rs:295:15:295:18 | SelfParam | | main.rs:263:5:266:5 | MyThing | +| main.rs:295:15:295:18 | SelfParam | T | main.rs:294:10:294:10 | T | +| main.rs:295:26:297:9 | { ... } | | main.rs:294:10:294:10 | T | +| main.rs:296:13:296:16 | self | | main.rs:263:5:266:5 | MyThing | +| main.rs:296:13:296:16 | self | T | main.rs:294:10:294:10 | T | +| main.rs:296:13:296:18 | self.a | | main.rs:294:10:294:10 | T | +| main.rs:301:13:301:13 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:301:13:301:13 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:301:17:301:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:301:30:301:31 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:302:13:302:13 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:302:13:302:13 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:302:17:302:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:302:30:302:31 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:304:26:304:26 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:304:26:304:26 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:304:26:304:31 | x.m1() | | main.rs:268:5:269:14 | S1 | +| main.rs:305:26:305:26 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:305:26:305:26 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:305:26:305:31 | y.m1() | | main.rs:270:5:271:14 | S2 | +| main.rs:307:13:307:13 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:307:13:307:13 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:307:17:307:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:307:17:307:33 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:307:30:307:31 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:308:13:308:13 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:308:13:308:13 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:308:17:308:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:308:17:308:33 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:308:30:308:31 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:310:26:310:26 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:310:26:310:26 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:310:26:310:31 | x.m2() | | main.rs:268:5:269:14 | S1 | +| main.rs:311:26:311:26 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:311:26:311:26 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:311:26:311:31 | y.m2() | | main.rs:270:5:271:14 | S2 | +| main.rs:313:13:313:14 | x2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:313:13:313:14 | x2 | T | main.rs:268:5:269:14 | S1 | +| main.rs:313:18:313:34 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:313:18:313:34 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:313:31:313:32 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:314:13:314:14 | y2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:314:13:314:14 | y2 | T | main.rs:270:5:271:14 | S2 | +| main.rs:314:18:314:34 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:314:18:314:34 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:314:31:314:32 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:316:26:316:42 | call_trait_m1(...) | | main.rs:268:5:269:14 | S1 | +| main.rs:316:40:316:41 | x2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:316:40:316:41 | x2 | T | main.rs:268:5:269:14 | S1 | +| main.rs:317:26:317:42 | call_trait_m1(...) | | main.rs:270:5:271:14 | S2 | +| main.rs:317:40:317:41 | y2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:317:40:317:41 | y2 | T | main.rs:270:5:271:14 | S2 | +| main.rs:319:13:319:14 | x3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:319:13:319:14 | x3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:319:13:319:14 | x3 | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:319:18:321:9 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:319:18:321:9 | MyThing {...} | T | main.rs:263:5:266:5 | MyThing | +| main.rs:319:18:321:9 | MyThing {...} | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:320:16:320:32 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:320:16:320:32 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:320:29:320:30 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:322:13:322:14 | y3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:322:13:322:14 | y3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:322:13:322:14 | y3 | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:322:18:324:9 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:322:18:324:9 | MyThing {...} | T | main.rs:263:5:266:5 | MyThing | +| main.rs:322:18:324:9 | MyThing {...} | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:323:16:323:32 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:323:16:323:32 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:323:29:323:30 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:326:26:326:48 | call_trait_thing_m1(...) | | main.rs:268:5:269:14 | S1 | +| main.rs:326:46:326:47 | x3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:326:46:326:47 | x3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:326:46:326:47 | x3 | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:327:26:327:48 | call_trait_thing_m1(...) | | main.rs:270:5:271:14 | S2 | +| main.rs:327:46:327:47 | y3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:327:46:327:47 | y3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:327:46:327:47 | y3 | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:335:15:335:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | +| main.rs:337:15:337:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | +| main.rs:353:15:353:18 | SelfParam | | main.rs:346:5:347:13 | S | +| main.rs:353:45:355:9 | { ... } | | main.rs:346:5:347:13 | S | +| main.rs:354:13:354:13 | S | | main.rs:346:5:347:13 | S | +| main.rs:359:13:359:13 | x | | main.rs:346:5:347:13 | S | +| main.rs:359:17:359:17 | S | | main.rs:346:5:347:13 | S | +| main.rs:360:26:360:26 | x | | main.rs:346:5:347:13 | S | +| main.rs:360:26:360:31 | x.m1() | | main.rs:346:5:347:13 | S | +| main.rs:362:13:362:13 | x | | main.rs:346:5:347:13 | S | +| main.rs:362:17:362:17 | S | | main.rs:346:5:347:13 | S | +| main.rs:363:26:363:26 | x | | main.rs:346:5:347:13 | S | +| main.rs:380:15:380:18 | SelfParam | | main.rs:368:5:372:5 | MyEnum | +| main.rs:380:15:380:18 | SelfParam | A | main.rs:379:10:379:10 | T | +| main.rs:380:26:385:9 | { ... } | | main.rs:379:10:379:10 | T | +| main.rs:381:13:384:13 | match self { ... } | | main.rs:379:10:379:10 | T | +| main.rs:381:19:381:22 | self | | main.rs:368:5:372:5 | MyEnum | +| main.rs:381:19:381:22 | self | A | main.rs:379:10:379:10 | T | +| main.rs:382:28:382:28 | a | | main.rs:379:10:379:10 | T | +| main.rs:382:34:382:34 | a | | main.rs:379:10:379:10 | T | +| main.rs:383:30:383:30 | a | | main.rs:379:10:379:10 | T | +| main.rs:383:37:383:37 | a | | main.rs:379:10:379:10 | T | +| main.rs:389:13:389:13 | x | | main.rs:368:5:372:5 | MyEnum | +| main.rs:389:13:389:13 | x | A | main.rs:374:5:375:14 | S1 | +| main.rs:389:17:389:30 | ...::C1(...) | | main.rs:368:5:372:5 | MyEnum | +| main.rs:389:17:389:30 | ...::C1(...) | A | main.rs:374:5:375:14 | S1 | +| main.rs:389:28:389:29 | S1 | | main.rs:374:5:375:14 | S1 | +| main.rs:390:13:390:13 | y | | main.rs:368:5:372:5 | MyEnum | +| main.rs:390:13:390:13 | y | A | main.rs:376:5:377:14 | S2 | +| main.rs:390:17:390:36 | ...::C2 {...} | | main.rs:368:5:372:5 | MyEnum | +| main.rs:390:17:390:36 | ...::C2 {...} | A | main.rs:376:5:377:14 | S2 | +| main.rs:390:33:390:34 | S2 | | main.rs:376:5:377:14 | S2 | +| main.rs:392:26:392:26 | x | | main.rs:368:5:372:5 | MyEnum | +| main.rs:392:26:392:26 | x | A | main.rs:374:5:375:14 | S1 | +| main.rs:392:26:392:31 | x.m1() | | main.rs:374:5:375:14 | S1 | +| main.rs:393:26:393:26 | y | | main.rs:368:5:372:5 | MyEnum | +| main.rs:393:26:393:26 | y | A | main.rs:376:5:377:14 | S2 | +| main.rs:393:26:393:31 | y.m1() | | main.rs:376:5:377:14 | S2 | +| main.rs:415:15:415:18 | SelfParam | | main.rs:413:5:416:5 | Self [trait MyTrait1] | +| main.rs:419:15:419:18 | SelfParam | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:422:9:428:9 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:423:13:427:13 | if ... {...} else {...} | | main.rs:418:20:418:22 | Tr2 | +| main.rs:423:26:425:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:424:17:424:20 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:424:17:424:25 | self.m1() | | main.rs:418:20:418:22 | Tr2 | +| main.rs:425:20:427:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:426:17:426:30 | ...::m1(...) | | main.rs:418:20:418:22 | Tr2 | +| main.rs:426:26:426:29 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:432:15:432:18 | SelfParam | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:435:9:441:9 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:436:13:440:13 | if ... {...} else {...} | | main.rs:431:20:431:22 | Tr3 | +| main.rs:436:26:438:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:437:17:437:20 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:437:17:437:25 | self.m2() | | main.rs:398:5:401:5 | MyThing | +| main.rs:437:17:437:25 | self.m2() | A | main.rs:431:20:431:22 | Tr3 | +| main.rs:437:17:437:27 | ... .a | | main.rs:431:20:431:22 | Tr3 | +| main.rs:438:20:440:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:17:439:30 | ...::m2(...) | | main.rs:398:5:401:5 | MyThing | +| main.rs:439:17:439:30 | ...::m2(...) | A | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:17:439:32 | ... .a | | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:26:439:29 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:446:15:446:18 | SelfParam | | main.rs:398:5:401:5 | MyThing | +| main.rs:446:15:446:18 | SelfParam | A | main.rs:444:10:444:10 | T | +| main.rs:446:26:448:9 | { ... } | | main.rs:444:10:444:10 | T | +| main.rs:447:13:447:16 | self | | main.rs:398:5:401:5 | MyThing | +| main.rs:447:13:447:16 | self | A | main.rs:444:10:444:10 | T | +| main.rs:447:13:447:18 | self.a | | main.rs:444:10:444:10 | T | +| main.rs:455:15:455:18 | SelfParam | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:455:15:455:18 | SelfParam | A | main.rs:453:10:453:10 | T | +| main.rs:455:35:457:9 | { ... } | | main.rs:398:5:401:5 | MyThing | +| main.rs:455:35:457:9 | { ... } | A | main.rs:453:10:453:10 | T | +| main.rs:456:13:456:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:456:13:456:33 | MyThing {...} | A | main.rs:453:10:453:10 | T | +| main.rs:456:26:456:29 | self | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:456:26:456:29 | self | A | main.rs:453:10:453:10 | T | +| main.rs:456:26:456:31 | self.a | | main.rs:453:10:453:10 | T | +| main.rs:465:13:465:13 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:465:13:465:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:465:17:465:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:465:17:465:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:465:30:465:31 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:466:13:466:13 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:466:13:466:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:466:17:466:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:466:17:466:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:466:30:466:31 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:468:26:468:26 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:468:26:468:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:468:26:468:31 | x.m1() | | main.rs:408:5:409:14 | S1 | +| main.rs:469:26:469:26 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:469:26:469:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:469:26:469:31 | y.m1() | | main.rs:410:5:411:14 | S2 | +| main.rs:471:13:471:13 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:471:13:471:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:471:17:471:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:471:17:471:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:471:30:471:31 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:472:13:472:13 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:472:13:472:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:472:17:472:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:472:17:472:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:472:30:472:31 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:474:26:474:26 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:474:26:474:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:474:26:474:31 | x.m2() | | main.rs:408:5:409:14 | S1 | +| main.rs:475:26:475:26 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:475:26:475:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:475:26:475:31 | y.m2() | | main.rs:410:5:411:14 | S2 | +| main.rs:477:13:477:13 | x | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:477:13:477:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:477:17:477:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:477:17:477:34 | MyThing2 {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:477:31:477:32 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:478:13:478:13 | y | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:478:13:478:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:478:17:478:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:478:17:478:34 | MyThing2 {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:478:31:478:32 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:480:26:480:26 | x | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:480:26:480:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:480:26:480:31 | x.m3() | | main.rs:408:5:409:14 | S1 | +| main.rs:481:26:481:26 | y | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:481:26:481:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:481:26:481:31 | y.m3() | | main.rs:410:5:411:14 | S2 | +| main.rs:499:22:499:22 | x | | file://:0:0:0:0 | & | +| main.rs:499:22:499:22 | x | &T | main.rs:499:11:499:19 | T | +| main.rs:499:35:501:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:499:35:501:5 | { ... } | &T | main.rs:499:11:499:19 | T | +| main.rs:500:9:500:9 | x | | file://:0:0:0:0 | & | +| main.rs:500:9:500:9 | x | &T | main.rs:499:11:499:19 | T | +| main.rs:504:17:504:20 | SelfParam | | main.rs:489:5:490:14 | S1 | +| main.rs:504:29:506:9 | { ... } | | main.rs:492:5:493:14 | S2 | +| main.rs:505:13:505:14 | S2 | | main.rs:492:5:493:14 | S2 | +| main.rs:509:21:509:21 | x | | main.rs:509:13:509:14 | T1 | +| main.rs:512:5:514:5 | { ... } | | main.rs:509:17:509:18 | T2 | +| main.rs:513:9:513:9 | x | | main.rs:509:13:509:14 | T1 | +| main.rs:513:9:513:16 | x.into() | | main.rs:509:17:509:18 | T2 | +| main.rs:517:13:517:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:517:17:517:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:518:26:518:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:518:26:518:31 | id(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:518:29:518:30 | &x | | file://:0:0:0:0 | & | +| main.rs:518:29:518:30 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:518:30:518:30 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:520:13:520:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:520:17:520:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:521:26:521:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:521:26:521:37 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:521:35:521:36 | &x | | file://:0:0:0:0 | & | +| main.rs:521:35:521:36 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:521:36:521:36 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:523:13:523:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:523:17:523:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:524:26:524:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:524:26:524:44 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:524:42:524:43 | &x | | file://:0:0:0:0 | & | +| main.rs:524:42:524:43 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:524:43:524:43 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:526:13:526:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:526:17:526:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:527:9:527:25 | into::<...>(...) | | main.rs:492:5:493:14 | S2 | +| main.rs:527:24:527:24 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:529:13:529:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:529:17:529:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | +| main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | +| main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | +| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | +| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | +| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | +| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | +| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | +| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | +| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | +| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | +| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | +| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | +| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | +| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | +| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | +| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | +| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | +| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | +| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | +| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | +| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | +| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | +| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | +| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | +| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | +| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | +| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | +| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | +| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | +| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | +| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | +| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | +| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | +| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | +| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | +| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | +| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | +| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | +| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | +| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | +| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | +| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | +| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | +| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | +| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | +| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | +| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | +| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | +| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | +| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | +| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | +| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | +| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | +| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | +| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | +| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | +| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | +| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | +| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | +| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | +| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | +| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | +| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | +| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | +| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | +| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | +| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | +| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | +| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | +| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | +| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | +| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | +| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | +| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | +| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | +| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | +| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | +| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | +| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | +| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | +| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | +| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | +| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | +| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | +| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | +| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | +| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | +| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | +| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | +| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | +| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | +| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | +| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | +| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | +| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | +| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | +| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | +| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | +| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | +| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | +| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | +| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | +| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | +| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | +| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | +| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | +| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | +| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | +| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | +| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | +| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | +| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | +| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | +| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | +| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | +| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | +| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | +| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | +| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | +| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | +| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | +| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | +| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | +| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | +| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | +| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | +| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | +| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | +| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | +| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | +| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | +| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | +| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | +| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | +| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | +| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | +| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | +| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | +| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | +| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | +| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | +| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | +| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | +| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | +| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | +| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | +| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | +| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | +| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | +| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | +| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index 67f02c96cfa8..b0e47e7f574c 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -1,18 +1,60 @@ import rust +import utils.test.InlineExpectationsTest import codeql.rust.internal.TypeInference as TypeInference import TypeInference -import utils.test.InlineExpectationsTest query predicate inferType(AstNode n, TypePath path, Type t) { t = TypeInference::inferType(n, path) } -query predicate resolveMethodCallExpr(MethodCallExpr mce, Function f) { - f = resolveMethodCallExpr(mce) +module ResolveTest implements TestSig { + string getARelevantTag() { result = ["method", "fieldof"] } + + private predicate functionHasValue(Function f, string value) { + f.getPrecedingComment().getCommentText() = value + or + not exists(f.getPrecedingComment()) and + value = f.getName().getText() + } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(AstNode source, AstNode target | + location = source.getLocation() and + element = source.toString() + | + target = resolveMethodCallExpr(source) and + functionHasValue(target, value) and + tag = "method" + or + target = resolveStructFieldExpr(source) and + any(Struct s | s.getStructField(_) = target).getName().getText() = value and + tag = "fieldof" + or + target = resolveTupleFieldExpr(source) and + any(Struct s | s.getTupleField(_) = target).getName().getText() = value and + tag = "fieldof" + ) + } } -query predicate resolveFieldExpr(FieldExpr fe, AstNode target) { - target = resolveStructFieldExpr(fe) - or - target = resolveTupleFieldExpr(fe) +module TypeTest implements TestSig { + string getARelevantTag() { result = "type" } + + predicate tagIsOptional(string expectedTag) { expectedTag = "type" } + + predicate hasActualResult(Location location, string element, string tag, string value) { none() } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + tag = "type" and + exists(AstNode n, TypePath path, Type t | + t = TypeInference::inferType(n, path) and + location = n.getLocation() and + element = n.toString() and + if path.isEmpty() + then value = element + ":" + t + else value = element + ":" + path.toString() + "." + t.toString() + ) + } } + +import MakeTest> From c49ffa01eebc42df13a904d9fa1e2d972d0a0a0d Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 3 Apr 2025 12:27:42 +0200 Subject: [PATCH 210/409] JS: Enable post-processed inline expectations for query predicates --- .../util/test/InlineExpectationsTest.qll | 49 ++++++++++++++++--- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index f67f54da9378..5fe8932808c9 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -858,17 +858,26 @@ module TestPostProcessing { bindingset[result] string getARelevantTag() { any() } - predicate tagMatches = PathProblemSourceTestInput::tagMatches/2; + bindingset[expectedTag, actualTag] + predicate tagMatches(string expectedTag, string actualTag) { + PathProblemSourceTestInput::tagMatches(expectedTag, actualTag) + or + not exists(getQueryKind()) and + expectedTag = actualTag + } bindingset[expectedTag] predicate tagIsOptional(string expectedTag) { - // ignore irrelevant tags - not expectedTag.regexpMatch(getTagRegex()) - or - // ignore tags annotated with a query ID that does not match the current query ID - exists(string queryId | - queryId = expectedTag.regexpCapture(getTagRegex(), 3) and - queryId != getQueryId() + exists(getQueryKind()) and + ( + // ignore irrelevant tags + not expectedTag.regexpMatch(getTagRegex()) + or + // ignore tags annotated with a query ID that does not match the current query ID + exists(string queryId | + queryId = expectedTag.regexpCapture(getTagRegex(), 3) and + queryId != getQueryId() + ) ) } @@ -911,6 +920,28 @@ module TestPostProcessing { not hasPathProblemSink(row, location, _, _) } + /** + * Holds if a custom query predicate implies `tag=value` at the given `location`. + * + * Such query predicates are only allowed in kind-less queries, usually in the form + * of a `.ql` file in a test folder, with a same-named `.qlref` file to enable + * post-processing for that test. + */ + private predicate hasCustomQueryPredicateResult( + int row, TestLocation location, string element, string tag, string value + ) { + not exists(getQueryKind()) and + queryResults(tag, row, 0, location.getRelativeUrl()) and + queryResults(tag, row, 1, element) and + ( + queryResults(tag, row, 2, value) and + not queryResults(tag, row, 3, _) // ignore if arity is greater than expected + or + not queryResults(tag, row, 2, _) and + value = "" // allow value-less expectations for unary predicates + ) + } + /** * Gets the expected value for result row `row`, if any. This value must * match the value at the corresponding path-problem source (if it is @@ -939,6 +970,8 @@ module TestPostProcessing { or value = getValue(row) ) + or + hasCustomQueryPredicateResult(_, location, element, tag, value) } } From 14c5495b4c48b9d53f1e6e38c9d2e386bdca623e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 3 Apr 2025 13:21:26 +0200 Subject: [PATCH 211/409] JS: Use in SensitiveActions test as an example --- .../SensitiveActions/tests.expected | 22 ++++++++-------- .../library-tests/SensitiveActions/tests.ql | 2 +- .../SensitiveActions/tests.qlref | 2 ++ .../library-tests/SensitiveActions/tst.js | 26 +++++++++---------- 4 files changed, 27 insertions(+), 25 deletions(-) create mode 100644 javascript/ql/test/library-tests/SensitiveActions/tests.qlref diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.expected b/javascript/ql/test/library-tests/SensitiveActions/tests.expected index 2c0dfff14f75..cbbe7c1a0db8 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tests.expected +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.expected @@ -31,14 +31,14 @@ sensitiveAction | tst.js:23:1:23:25 | require ... .exit() | | tst.js:24:1:24:21 | global. ... .exit() | sensitiveExpr -| tst.js:1:1:1:8 | password | -| tst.js:2:1:2:8 | PassWord | -| tst.js:3:1:3:21 | myPassw ... eartext | -| tst.js:4:1:4:10 | x.password | -| tst.js:5:1:5:11 | getPassword | -| tst.js:5:1:5:13 | getPassword() | -| tst.js:6:1:6:13 | x.getPassword | -| tst.js:6:1:6:15 | x.getPassword() | -| tst.js:7:1:7:15 | get("password") | -| tst.js:8:1:8:17 | x.get("password") | -| tst.js:21:1:21:6 | secret | +| tst.js:1:1:1:8 | password | password | +| tst.js:2:1:2:8 | PassWord | password | +| tst.js:3:1:3:21 | myPassw ... eartext | password | +| tst.js:4:1:4:10 | x.password | password | +| tst.js:5:1:5:11 | getPassword | password | +| tst.js:5:1:5:13 | getPassword() | password | +| tst.js:6:1:6:13 | x.getPassword | password | +| tst.js:6:1:6:15 | x.getPassword() | password | +| tst.js:7:1:7:15 | get("password") | password | +| tst.js:8:1:8:17 | x.get("password") | password | +| tst.js:21:1:21:6 | secret | secret | diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.ql b/javascript/ql/test/library-tests/SensitiveActions/tests.ql index e1cd2cbd095b..d7273fe13b7d 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tests.ql +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.ql @@ -20,4 +20,4 @@ query predicate processTermination(NodeJSLib::ProcessTermination term) { any() } query predicate sensitiveAction(SensitiveAction ac) { any() } -query predicate sensitiveExpr(SensitiveNode e) { any() } +query predicate sensitiveExpr(SensitiveNode e, string kind) { kind = e.getClassification() } diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.qlref b/javascript/ql/test/library-tests/SensitiveActions/tests.qlref new file mode 100644 index 000000000000..8581a3f8b748 --- /dev/null +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.qlref @@ -0,0 +1,2 @@ +query: tests.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/library-tests/SensitiveActions/tst.js b/javascript/ql/test/library-tests/SensitiveActions/tst.js index c4a627b742c5..c6fa5aa873b7 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tst.js +++ b/javascript/ql/test/library-tests/SensitiveActions/tst.js @@ -1,11 +1,11 @@ -password; -PassWord; -myPasswordInCleartext; -x.password; -getPassword(); -x.getPassword(); -get("password"); -x.get("password"); +password; // $ cleartextPasswordExpr sensitiveExpr=password +PassWord; // $ cleartextPasswordExpr sensitiveExpr=password +myPasswordInCleartext; // $ cleartextPasswordExpr sensitiveExpr=password +x.password; // $ cleartextPasswordExpr sensitiveExpr=password +getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password +x.getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password +get("password"); // $ cleartextPasswordExpr sensitiveExpr=password +x.get("password"); // $ cleartextPasswordExpr sensitiveExpr=password hashed_password; password_hashed; @@ -15,13 +15,13 @@ hashedPassword; var exit = require('exit'); var e = process.exit; -e(); -exit(); +e(); // $ processTermination sensitiveAction +exit(); // $ processTermination sensitiveAction -secret; +secret; // $ sensitiveExpr=secret -require("process").exit(); -global.process.exit(); +require("process").exit(); // $ processTermination sensitiveAction +global.process.exit(); // $ processTermination sensitiveAction get("https://example.com/news?password=true") get("https://username:password@example.com") From a53f664e85e82b8da1cc916fcf36006228399c91 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 14:33:02 +0200 Subject: [PATCH 212/409] Rust: Fix bad join --- .../rust/elements/internal/FunctionImpl.qll | 25 +++++++++++++++++++ rust/ql/lib/utils/test/InlineMadTest.qll | 2 +- .../type-inference/type-inference.ql | 4 +-- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll index 594dbaa0bf5d..67bd0a4eee91 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll @@ -4,6 +4,7 @@ * INTERNAL: Do not use. */ +private import codeql.files.FileSystem private import codeql.rust.elements.internal.generated.Function private import codeql.rust.elements.Comment @@ -28,6 +29,30 @@ module Impl { class Function extends Generated::Function { override string toStringImpl() { result = "fn " + this.getName().getText() } + pragma[nomagic] + private predicate hasPotentialCommentAt(File f, int line) { + f = this.getLocation().getFile() and + // When a function is preceded by comments its start line is the line of + // the first comment. Hence all relevant comments are found by including + // comments from the start line and up to the line with the function + // name. + line in [this.getLocation().getStartLine() .. this.getName().getLocation().getStartLine()] + } + + /** + * Gets a comment preceding this function. + * + * A comment is considered preceding if it occurs immediately before this + * function or if only other comments occur between the comment and this + * function. + */ + Comment getAPrecedingComment() { + exists(File f, int line | + this.hasPotentialCommentAt(f, line) and + result.getLocation().hasLocationFileInfo(f, line, _, _, _) + ) + } + /** * Gets a comment preceding this function. * diff --git a/rust/ql/lib/utils/test/InlineMadTest.qll b/rust/ql/lib/utils/test/InlineMadTest.qll index 00000060ab63..ed21ab1f8b1f 100644 --- a/rust/ql/lib/utils/test/InlineMadTest.qll +++ b/rust/ql/lib/utils/test/InlineMadTest.qll @@ -5,7 +5,7 @@ private module InlineMadTestLang implements InlineMadTestLangSig { class Callable = R::Function; string getComment(R::Function callable) { - result = callable.getPrecedingComment().getCommentText() + result = callable.getAPrecedingComment().getCommentText() } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index b0e47e7f574c..d683e7d75d85 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -11,9 +11,9 @@ module ResolveTest implements TestSig { string getARelevantTag() { result = ["method", "fieldof"] } private predicate functionHasValue(Function f, string value) { - f.getPrecedingComment().getCommentText() = value + f.getAPrecedingComment().getCommentText() = value or - not exists(f.getPrecedingComment()) and + not exists(f.getAPrecedingComment()) and value = f.getName().getText() } From e6c7ad8ee0b3ff9a94e73588d77779cdef811b7b Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 14:34:23 +0200 Subject: [PATCH 213/409] Rust: Add comment as suggested in review --- rust/ql/test/library-tests/type-inference/type-inference.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index d683e7d75d85..d83900e58402 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -14,6 +14,7 @@ module ResolveTest implements TestSig { f.getAPrecedingComment().getCommentText() = value or not exists(f.getAPrecedingComment()) and + // TODO: Default to canonical path once that is available value = f.getName().getText() } From e7027f0979b8ea3925c7820cf025856653297609 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 10:18:38 +0100 Subject: [PATCH 214/409] Rust: Add type inference tests for type aliases --- .../test/library-tests/type-inference/main.rs | 32 +- .../type-inference/type-inference.expected | 765 +++++++++--------- 2 files changed, 423 insertions(+), 374 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2a432d50b8d9..2774332761e1 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -540,6 +540,17 @@ mod type_aliases { PairBoth(Fst, Snd), } + impl PairOption { + fn unwrapSnd(self) -> Snd { + match self { + PairOption::PairNone() => panic!("PairNone has no second element"), + PairOption::PairFst(_) => panic!("PairFst has no second element"), + PairOption::PairSnd(snd) => snd, + PairOption::PairBoth(_, snd) => snd, + } + } + } + #[derive(Debug)] struct S1; @@ -553,7 +564,18 @@ mod type_aliases { type MyPair = PairOption; // Generic type alias that partially applies the generic type - type AnotherPair = PairOption; + type AnotherPair = PairOption; + + // Alias to another alias + type AliasToAlias = AnotherPair; + + // Alias that appears nested withing another alias + type NestedAlias = AnotherPair>; + + fn g(t: NestedAlias) { + let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd MISSING: type=x:S3 + println!("{:?}", x); + } pub fn f() { // Type can be inferred from the constructor @@ -561,16 +583,18 @@ mod type_aliases { println!("{:?}", p1); // Type can be only inferred from the type alias - let p2: MyPair = PairOption::PairNone(); // types for `Fst` and `Snd` missing + let p2: MyPair = PairOption::PairNone(); // $ MISSING: type=p2:Fst.S1 MISSING: type=p2:Snd.S2 println!("{:?}", p2); // First type from alias, second from constructor - let p3: AnotherPair<_> = PairOption::PairSnd(S3); // type for `Fst` missing + let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ MISSING: type=p3:Fst.S2 println!("{:?}", p3); // First type from alias definition, second from argument to alias - let p3: AnotherPair = PairOption::PairNone(); // type for `Snd` missing, spurious `S3` for `Fst` + let p3: AnotherPair = PairOption::PairNone(); // $ SPURIOUS: type=p3:Fst.S3 MISSING: type=p3:Snd.S3 println!("{:?}", p3); + + g(PairOption::PairSnd(PairOption::PairSnd(S3))); } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index d8164f4be81b..af1dac9c43fc 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -495,373 +495,398 @@ inferType | main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | | main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | | main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | -| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | -| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | -| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | -| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | -| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | -| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | -| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | -| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | -| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | -| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | -| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | -| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | -| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | -| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | -| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | -| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | -| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | -| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | -| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | -| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | -| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | -| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | -| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | -| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | -| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | -| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | -| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | -| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | -| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | -| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | -| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | -| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | -| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | -| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | -| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | -| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | -| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | -| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | -| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | -| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | -| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | -| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | -| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | -| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | -| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | -| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | -| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | -| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | -| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | -| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | -| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | -| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | -| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | -| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | -| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | -| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | -| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | -| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | -| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | -| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | -| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | -| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:544:22:544:25 | SelfParam | | main.rs:535:5:541:5 | PairOption | +| main.rs:544:22:544:25 | SelfParam | Fst | main.rs:543:10:543:12 | Fst | +| main.rs:544:22:544:25 | SelfParam | Snd | main.rs:543:15:543:17 | Snd | +| main.rs:544:35:551:9 | { ... } | | main.rs:543:15:543:17 | Snd | +| main.rs:545:13:550:13 | match self { ... } | | main.rs:543:15:543:17 | Snd | +| main.rs:545:19:545:22 | self | | main.rs:535:5:541:5 | PairOption | +| main.rs:545:19:545:22 | self | Fst | main.rs:543:10:543:12 | Fst | +| main.rs:545:19:545:22 | self | Snd | main.rs:543:15:543:17 | Snd | +| main.rs:546:43:546:82 | MacroExpr | | main.rs:543:15:543:17 | Snd | +| main.rs:547:43:547:81 | MacroExpr | | main.rs:543:15:543:17 | Snd | +| main.rs:548:37:548:39 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:548:45:548:47 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:549:41:549:43 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:549:49:549:51 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:575:10:575:10 | t | | main.rs:535:5:541:5 | PairOption | +| main.rs:575:10:575:10 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:17 | t | | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:17 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:582:13:582:14 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:582:13:582:14 | p1 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:582:13:582:14 | p1 | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:582:26:582:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:582:26:582:53 | ...::PairBoth(...) | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:582:26:582:53 | ...::PairBoth(...) | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:582:47:582:48 | S1 | | main.rs:554:5:555:14 | S1 | +| main.rs:582:51:582:52 | S2 | | main.rs:557:5:558:14 | S2 | +| main.rs:583:26:583:27 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:583:26:583:27 | p1 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:583:26:583:27 | p1 | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:586:13:586:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:26:586:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:587:26:587:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:590:34:590:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:34:590:56 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:590:54:590:55 | S3 | | main.rs:560:5:561:14 | S3 | +| main.rs:591:26:591:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:591:26:591:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:594:13:594:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:594:13:594:14 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:35:594:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:595:26:595:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:595:26:595:27 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:597:31:597:53 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:31:597:53 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:597:51:597:52 | S3 | | main.rs:560:5:561:14 | S3 | +| main.rs:610:16:610:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:610:16:610:24 | SelfParam | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:610:27:610:31 | value | | main.rs:608:19:608:19 | S | +| main.rs:612:21:612:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:612:21:612:29 | SelfParam | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:612:32:612:36 | value | | main.rs:608:19:608:19 | S | +| main.rs:613:13:613:16 | self | | file://:0:0:0:0 | & | +| main.rs:613:13:613:16 | self | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:613:22:613:26 | value | | main.rs:608:19:608:19 | S | +| main.rs:619:16:619:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:619:16:619:24 | SelfParam | &T | main.rs:602:5:606:5 | MyOption | +| main.rs:619:16:619:24 | SelfParam | &T.T | main.rs:617:10:617:10 | T | +| main.rs:619:27:619:31 | value | | main.rs:617:10:617:10 | T | +| main.rs:623:26:625:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:623:26:625:9 | { ... } | T | main.rs:622:10:622:10 | T | +| main.rs:624:13:624:30 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:624:13:624:30 | ...::MyNone(...) | T | main.rs:622:10:622:10 | T | +| main.rs:629:20:629:23 | SelfParam | | main.rs:602:5:606:5 | MyOption | +| main.rs:629:20:629:23 | SelfParam | T | main.rs:602:5:606:5 | MyOption | +| main.rs:629:20:629:23 | SelfParam | T.T | main.rs:628:10:628:10 | T | +| main.rs:629:41:634:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:629:41:634:9 | { ... } | T | main.rs:628:10:628:10 | T | +| main.rs:630:13:633:13 | match self { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:630:13:633:13 | match self { ... } | T | main.rs:628:10:628:10 | T | +| main.rs:630:19:630:22 | self | | main.rs:602:5:606:5 | MyOption | +| main.rs:630:19:630:22 | self | T | main.rs:602:5:606:5 | MyOption | +| main.rs:630:19:630:22 | self | T.T | main.rs:628:10:628:10 | T | +| main.rs:631:39:631:56 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:631:39:631:56 | ...::MyNone(...) | T | main.rs:628:10:628:10 | T | +| main.rs:632:34:632:34 | x | | main.rs:602:5:606:5 | MyOption | +| main.rs:632:34:632:34 | x | T | main.rs:628:10:628:10 | T | +| main.rs:632:40:632:40 | x | | main.rs:602:5:606:5 | MyOption | +| main.rs:632:40:632:40 | x | T | main.rs:628:10:628:10 | T | +| main.rs:641:13:641:14 | x1 | | main.rs:602:5:606:5 | MyOption | +| main.rs:641:18:641:37 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:642:26:642:27 | x1 | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:13:644:18 | mut x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:13:644:18 | mut x2 | T | main.rs:637:5:638:13 | S | +| main.rs:644:22:644:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:22:644:36 | ...::new(...) | T | main.rs:637:5:638:13 | S | +| main.rs:645:9:645:10 | x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:645:9:645:10 | x2 | T | main.rs:637:5:638:13 | S | +| main.rs:645:16:645:16 | S | | main.rs:637:5:638:13 | S | +| main.rs:646:26:646:27 | x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:646:26:646:27 | x2 | T | main.rs:637:5:638:13 | S | +| main.rs:648:13:648:18 | mut x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:648:22:648:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:649:9:649:10 | x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:649:21:649:21 | S | | main.rs:637:5:638:13 | S | +| main.rs:650:26:650:27 | x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:13:652:18 | mut x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:13:652:18 | mut x4 | T | main.rs:637:5:638:13 | S | +| main.rs:652:22:652:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:22:652:36 | ...::new(...) | T | main.rs:637:5:638:13 | S | +| main.rs:653:23:653:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:653:23:653:29 | &mut x4 | &T | main.rs:602:5:606:5 | MyOption | +| main.rs:653:23:653:29 | &mut x4 | &T.T | main.rs:637:5:638:13 | S | +| main.rs:653:28:653:29 | x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:653:28:653:29 | x4 | T | main.rs:637:5:638:13 | S | +| main.rs:653:32:653:32 | S | | main.rs:637:5:638:13 | S | +| main.rs:654:26:654:27 | x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:654:26:654:27 | x4 | T | main.rs:637:5:638:13 | S | +| main.rs:656:13:656:14 | x5 | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:13:656:14 | x5 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:656:13:656:14 | x5 | T.T | main.rs:637:5:638:13 | S | +| main.rs:656:18:656:58 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:18:656:58 | ...::MySome(...) | T | main.rs:602:5:606:5 | MyOption | +| main.rs:656:18:656:58 | ...::MySome(...) | T.T | main.rs:637:5:638:13 | S | +| main.rs:656:35:656:57 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:35:656:57 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:657:26:657:27 | x5 | | main.rs:602:5:606:5 | MyOption | +| main.rs:657:26:657:27 | x5 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:657:26:657:27 | x5 | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:13:659:14 | x6 | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:13:659:14 | x6 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:659:13:659:14 | x6 | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:18:659:58 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:18:659:58 | ...::MySome(...) | T | main.rs:602:5:606:5 | MyOption | +| main.rs:659:18:659:58 | ...::MySome(...) | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:35:659:57 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:35:659:57 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:660:26:660:61 | ...::flatten(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:660:26:660:61 | ...::flatten(...) | T | main.rs:637:5:638:13 | S | +| main.rs:660:59:660:60 | x6 | | main.rs:602:5:606:5 | MyOption | +| main.rs:660:59:660:60 | x6 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:660:59:660:60 | x6 | T.T | main.rs:637:5:638:13 | S | +| main.rs:662:13:662:19 | from_if | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:13:662:19 | from_if | T | main.rs:637:5:638:13 | S | +| main.rs:662:23:666:9 | if ... {...} else {...} | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:23:666:9 | if ... {...} else {...} | T | main.rs:637:5:638:13 | S | +| main.rs:662:36:664:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:36:664:9 | { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:663:13:663:30 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:663:13:663:30 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:664:16:666:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:664:16:666:9 | { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:665:13:665:31 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:665:13:665:31 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:665:30:665:30 | S | | main.rs:637:5:638:13 | S | +| main.rs:667:26:667:32 | from_if | | main.rs:602:5:606:5 | MyOption | +| main.rs:667:26:667:32 | from_if | T | main.rs:637:5:638:13 | S | +| main.rs:669:13:669:22 | from_match | | main.rs:602:5:606:5 | MyOption | +| main.rs:669:13:669:22 | from_match | T | main.rs:637:5:638:13 | S | +| main.rs:669:26:672:9 | match ... { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:669:26:672:9 | match ... { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:670:21:670:38 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:670:21:670:38 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:671:22:671:40 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:671:22:671:40 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:671:39:671:39 | S | | main.rs:637:5:638:13 | S | +| main.rs:673:26:673:35 | from_match | | main.rs:602:5:606:5 | MyOption | +| main.rs:673:26:673:35 | from_match | T | main.rs:637:5:638:13 | S | +| main.rs:675:13:675:21 | from_loop | | main.rs:602:5:606:5 | MyOption | +| main.rs:675:13:675:21 | from_loop | T | main.rs:637:5:638:13 | S | +| main.rs:675:25:680:9 | loop { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:675:25:680:9 | loop { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:677:23:677:40 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:677:23:677:40 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:679:19:679:37 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:679:19:679:37 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:679:36:679:36 | S | | main.rs:637:5:638:13 | S | +| main.rs:681:26:681:34 | from_loop | | main.rs:602:5:606:5 | MyOption | +| main.rs:681:26:681:34 | from_loop | T | main.rs:637:5:638:13 | S | +| main.rs:694:15:694:18 | SelfParam | | main.rs:687:5:688:19 | S | +| main.rs:694:15:694:18 | SelfParam | T | main.rs:693:10:693:10 | T | +| main.rs:694:26:696:9 | { ... } | | main.rs:693:10:693:10 | T | +| main.rs:695:13:695:16 | self | | main.rs:687:5:688:19 | S | +| main.rs:695:13:695:16 | self | T | main.rs:693:10:693:10 | T | +| main.rs:695:13:695:18 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:698:15:698:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:698:15:698:19 | SelfParam | &T | main.rs:687:5:688:19 | S | +| main.rs:698:15:698:19 | SelfParam | &T.T | main.rs:693:10:693:10 | T | +| main.rs:698:28:700:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:698:28:700:9 | { ... } | &T | main.rs:693:10:693:10 | T | +| main.rs:699:13:699:19 | &... | | file://:0:0:0:0 | & | +| main.rs:699:13:699:19 | &... | &T | main.rs:693:10:693:10 | T | +| main.rs:699:14:699:17 | self | | file://:0:0:0:0 | & | +| main.rs:699:14:699:17 | self | &T | main.rs:687:5:688:19 | S | +| main.rs:699:14:699:17 | self | &T.T | main.rs:693:10:693:10 | T | +| main.rs:699:14:699:19 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:702:15:702:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:702:15:702:25 | SelfParam | &T | main.rs:687:5:688:19 | S | +| main.rs:702:15:702:25 | SelfParam | &T.T | main.rs:693:10:693:10 | T | +| main.rs:702:34:704:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:702:34:704:9 | { ... } | &T | main.rs:693:10:693:10 | T | +| main.rs:703:13:703:19 | &... | | file://:0:0:0:0 | & | +| main.rs:703:13:703:19 | &... | &T | main.rs:693:10:693:10 | T | +| main.rs:703:14:703:17 | self | | file://:0:0:0:0 | & | +| main.rs:703:14:703:17 | self | &T | main.rs:687:5:688:19 | S | +| main.rs:703:14:703:17 | self | &T.T | main.rs:693:10:693:10 | T | +| main.rs:703:14:703:19 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:708:13:708:14 | x1 | | main.rs:687:5:688:19 | S | +| main.rs:708:13:708:14 | x1 | T | main.rs:690:5:691:14 | S2 | +| main.rs:708:18:708:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:708:18:708:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:708:20:708:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:709:26:709:27 | x1 | | main.rs:687:5:688:19 | S | +| main.rs:709:26:709:27 | x1 | T | main.rs:690:5:691:14 | S2 | +| main.rs:709:26:709:32 | x1.m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:711:13:711:14 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:711:13:711:14 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:711:18:711:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:711:18:711:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:711:20:711:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:713:26:713:27 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:713:26:713:27 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:713:26:713:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:713:26:713:32 | x2.m2() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:714:26:714:27 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:714:26:714:27 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:714:26:714:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:714:26:714:32 | x2.m3() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:716:13:716:14 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:716:13:716:14 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:716:18:716:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:716:18:716:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:716:20:716:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:718:26:718:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:718:26:718:41 | ...::m2(...) | &T | main.rs:690:5:691:14 | S2 | +| main.rs:718:38:718:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:718:38:718:40 | &x3 | &T | main.rs:687:5:688:19 | S | +| main.rs:718:38:718:40 | &x3 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:718:39:718:40 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:718:39:718:40 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:719:26:719:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:719:26:719:41 | ...::m3(...) | &T | main.rs:690:5:691:14 | S2 | +| main.rs:719:38:719:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:719:38:719:40 | &x3 | &T | main.rs:687:5:688:19 | S | +| main.rs:719:38:719:40 | &x3 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:719:39:719:40 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:719:39:719:40 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:721:13:721:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:721:13:721:14 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:721:13:721:14 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:721:18:721:23 | &... | | file://:0:0:0:0 | & | +| main.rs:721:18:721:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:721:18:721:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:721:19:721:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:721:19:721:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:721:21:721:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:723:26:723:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:723:26:723:27 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:723:26:723:27 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:723:26:723:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:723:26:723:32 | x4.m2() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:724:26:724:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:724:26:724:27 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:724:26:724:27 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:724:26:724:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:724:26:724:32 | x4.m3() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:726:13:726:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:726:13:726:14 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:726:13:726:14 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:726:18:726:23 | &... | | file://:0:0:0:0 | & | +| main.rs:726:18:726:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:726:18:726:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:726:19:726:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:726:19:726:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:726:21:726:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:728:26:728:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:728:26:728:27 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:728:26:728:27 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:728:26:728:32 | x5.m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:729:26:729:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:729:26:729:27 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:729:26:729:27 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:729:26:729:29 | x5.0 | | main.rs:690:5:691:14 | S2 | +| main.rs:731:13:731:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:731:13:731:14 | x6 | &T | main.rs:687:5:688:19 | S | +| main.rs:731:13:731:14 | x6 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:731:18:731:23 | &... | | file://:0:0:0:0 | & | +| main.rs:731:18:731:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:731:18:731:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:731:19:731:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:731:19:731:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:731:21:731:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:733:26:733:30 | (...) | | main.rs:687:5:688:19 | S | +| main.rs:733:26:733:30 | (...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:733:26:733:35 | ... .m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:733:27:733:29 | * ... | | main.rs:687:5:688:19 | S | +| main.rs:733:27:733:29 | * ... | T | main.rs:690:5:691:14 | S2 | +| main.rs:733:28:733:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:733:28:733:29 | x6 | &T | main.rs:687:5:688:19 | S | +| main.rs:733:28:733:29 | x6 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:740:16:740:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:740:16:740:20 | SelfParam | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:743:16:743:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:743:16:743:20 | SelfParam | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:743:32:745:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:743:32:745:9 | { ... } | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:744:13:744:16 | self | | file://:0:0:0:0 | & | +| main.rs:744:13:744:16 | self | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:744:13:744:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:744:13:744:22 | self.foo() | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:752:16:752:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:752:16:752:20 | SelfParam | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:752:36:754:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:752:36:754:9 | { ... } | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:753:13:753:16 | self | | file://:0:0:0:0 | & | +| main.rs:753:13:753:16 | self | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:758:13:758:13 | x | | main.rs:748:5:748:20 | MyStruct | +| main.rs:758:17:758:24 | MyStruct | | main.rs:748:5:748:20 | MyStruct | +| main.rs:759:9:759:9 | x | | main.rs:748:5:748:20 | MyStruct | +| main.rs:759:9:759:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:759:9:759:15 | x.bar() | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:769:16:769:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:769:16:769:20 | SelfParam | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:769:16:769:20 | SelfParam | &T.T | main.rs:768:10:768:10 | T | +| main.rs:769:32:771:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:769:32:771:9 | { ... } | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:769:32:771:9 | { ... } | &T.T | main.rs:768:10:768:10 | T | +| main.rs:770:13:770:16 | self | | file://:0:0:0:0 | & | +| main.rs:770:13:770:16 | self | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:770:13:770:16 | self | &T.T | main.rs:768:10:768:10 | T | +| main.rs:775:13:775:13 | x | | main.rs:766:5:766:26 | MyStruct | +| main.rs:775:13:775:13 | x | T | main.rs:764:5:764:13 | S | +| main.rs:775:17:775:27 | MyStruct(...) | | main.rs:766:5:766:26 | MyStruct | +| main.rs:775:17:775:27 | MyStruct(...) | T | main.rs:764:5:764:13 | S | +| main.rs:775:26:775:26 | S | | main.rs:764:5:764:13 | S | +| main.rs:776:9:776:9 | x | | main.rs:766:5:766:26 | MyStruct | +| main.rs:776:9:776:9 | x | T | main.rs:764:5:764:13 | S | +| main.rs:776:9:776:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:776:9:776:15 | x.foo() | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:776:9:776:15 | x.foo() | &T.T | main.rs:764:5:764:13 | S | +| main.rs:784:15:784:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:784:15:784:19 | SelfParam | &T | main.rs:781:5:781:13 | S | +| main.rs:784:31:786:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:784:31:786:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:785:13:785:19 | &... | | file://:0:0:0:0 | & | +| main.rs:785:13:785:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:785:14:785:19 | &... | | file://:0:0:0:0 | & | +| main.rs:785:14:785:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:785:15:785:19 | &self | | file://:0:0:0:0 | & | +| main.rs:785:15:785:19 | &self | &T | main.rs:781:5:781:13 | S | +| main.rs:785:16:785:19 | self | | file://:0:0:0:0 | & | +| main.rs:785:16:785:19 | self | &T | main.rs:781:5:781:13 | S | +| main.rs:788:15:788:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:788:15:788:25 | SelfParam | &T | main.rs:781:5:781:13 | S | +| main.rs:788:37:790:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:788:37:790:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:789:13:789:19 | &... | | file://:0:0:0:0 | & | +| main.rs:789:13:789:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:789:14:789:19 | &... | | file://:0:0:0:0 | & | +| main.rs:789:14:789:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:789:15:789:19 | &self | | file://:0:0:0:0 | & | +| main.rs:789:15:789:19 | &self | &T | main.rs:781:5:781:13 | S | +| main.rs:789:16:789:19 | self | | file://:0:0:0:0 | & | +| main.rs:789:16:789:19 | self | &T | main.rs:781:5:781:13 | S | +| main.rs:792:15:792:15 | x | | file://:0:0:0:0 | & | +| main.rs:792:15:792:15 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:792:34:794:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:792:34:794:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:793:13:793:13 | x | | file://:0:0:0:0 | & | +| main.rs:793:13:793:13 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:796:15:796:15 | x | | file://:0:0:0:0 | & | +| main.rs:796:15:796:15 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:796:34:798:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:796:34:798:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:797:13:797:16 | &... | | file://:0:0:0:0 | & | +| main.rs:797:13:797:16 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:797:14:797:16 | &... | | file://:0:0:0:0 | & | +| main.rs:797:14:797:16 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:797:15:797:16 | &x | | file://:0:0:0:0 | & | +| main.rs:797:15:797:16 | &x | &T | main.rs:781:5:781:13 | S | +| main.rs:797:16:797:16 | x | | file://:0:0:0:0 | & | +| main.rs:797:16:797:16 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:802:13:802:13 | x | | main.rs:781:5:781:13 | S | +| main.rs:802:17:802:20 | S {...} | | main.rs:781:5:781:13 | S | +| main.rs:803:9:803:9 | x | | main.rs:781:5:781:13 | S | +| main.rs:803:9:803:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:803:9:803:14 | x.f1() | &T | main.rs:781:5:781:13 | S | +| main.rs:804:9:804:9 | x | | main.rs:781:5:781:13 | S | +| main.rs:804:9:804:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:804:9:804:14 | x.f2() | &T | main.rs:781:5:781:13 | S | +| main.rs:805:9:805:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:805:9:805:17 | ...::f3(...) | &T | main.rs:781:5:781:13 | S | +| main.rs:805:15:805:16 | &x | | file://:0:0:0:0 | & | +| main.rs:805:15:805:16 | &x | &T | main.rs:781:5:781:13 | S | +| main.rs:805:16:805:16 | x | | main.rs:781:5:781:13 | S | +| main.rs:811:5:811:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:812:5:812:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:812:20:812:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:812:41:812:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From a1d36c05017903a8454647f42be59788b77bada0 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 11:06:49 +0100 Subject: [PATCH 215/409] Rust: Implement support for inference of type aliases --- .../lib/codeql/rust/internal/TypeMention.qll | 49 ++++++++++++++++++- .../test/library-tests/type-inference/main.rs | 10 ++-- .../type-inference/type-inference.expected | 38 +++++++++++--- 3 files changed, 85 insertions(+), 12 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index a5e696313a3c..2fd50b974c98 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -53,9 +53,25 @@ class TypeReprMention extends TypeMention, TypeRepr { or result = this.(PathTypeRepr).getPath().(PathMention).resolveType() } + + override Type resolveTypeAt(TypePath path) { + result = this.(PathTypeRepr).getPath().(PathMention).resolveTypeAt(path) + or + not exists(this.(PathTypeRepr).getPath()) and + result = super.resolveTypeAt(path) + } +} + +/** Holds if `path` resolves the type alias `alias` with the definition `rhs`. */ +private predicate resolvePathAlias(Path path, TypeAlias alias, TypeReprMention rhs) { + alias = resolvePath(path) and rhs = alias.getTypeRepr() } -class PathMention extends TypeMention, Path { +abstract class PathMention extends TypeMention, Path { } + +class NonAliasPathMention extends PathMention { + NonAliasPathMention() { not resolvePathAlias(this, _, _) } + override TypeMention getTypeArgument(int i) { result = this.getSegment().getGenericArgList().getTypeArg(i) or @@ -98,6 +114,37 @@ class PathMention extends TypeMention, Path { } } +class AliasPathMention extends PathMention { + TypeAlias alias; + TypeReprMention rhs; + + AliasPathMention() { resolvePathAlias(this, alias, rhs) } + + override TypeMention getTypeArgument(int i) { + result = this.getSegment().getGenericArgList().getTypeArg(i) + } + + /** Get the `i`th type parameter of the alias itself. */ + private TypeParameter getTypeParameter(int i) { + result = TTypeParamTypeParameter(alias.getGenericParamList().getTypeParam(i)) + } + + override Type resolveType() { result = rhs.resolveType() } + + override Type resolveTypeAt(TypePath path) { + result = rhs.resolveTypeAt(path) and + not result = this.getTypeParameter(_) + or + exists(TypeParameter tp, TypeMention arg, TypePath prefix, TypePath suffix, int i | + tp = rhs.resolveTypeAt(prefix) and + tp = this.getTypeParameter(i) and + arg = this.getTypeArgument(i) and + result = arg.resolveTypeAt(suffix) and + path = prefix.append(suffix) + ) + } +} + // Used to represent implicit `Self` type arguments in traits and `impl` blocks, // see `PathMention` for details. class TypeParamMention extends TypeMention, TypeParam { diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2774332761e1..23a5fbaaa4d7 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -569,11 +569,11 @@ mod type_aliases { // Alias to another alias type AliasToAlias = AnotherPair; - // Alias that appears nested withing another alias + // Alias that appears nested within another alias type NestedAlias = AnotherPair>; fn g(t: NestedAlias) { - let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd MISSING: type=x:S3 + let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd type=x:S3 println!("{:?}", x); } @@ -583,15 +583,15 @@ mod type_aliases { println!("{:?}", p1); // Type can be only inferred from the type alias - let p2: MyPair = PairOption::PairNone(); // $ MISSING: type=p2:Fst.S1 MISSING: type=p2:Snd.S2 + let p2: MyPair = PairOption::PairNone(); // $ type=p2:Fst.S1 type=p2:Snd.S2 println!("{:?}", p2); // First type from alias, second from constructor - let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ MISSING: type=p3:Fst.S2 + let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ type=p3:Fst.S2 println!("{:?}", p3); // First type from alias definition, second from argument to alias - let p3: AnotherPair = PairOption::PairNone(); // $ SPURIOUS: type=p3:Fst.S3 MISSING: type=p3:Snd.S3 + let p3: AnotherPair = PairOption::PairNone(); // $ type=p3:Fst.S2 type=p3:Snd.S3 println!("{:?}", p3); g(PairOption::PairSnd(PairOption::PairSnd(S3))); diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index af1dac9c43fc..ebe21ec72666 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -510,9 +510,21 @@ inferType | main.rs:549:41:549:43 | snd | | main.rs:543:15:543:17 | Snd | | main.rs:549:49:549:51 | snd | | main.rs:543:15:543:17 | Snd | | main.rs:575:10:575:10 | t | | main.rs:535:5:541:5 | PairOption | -| main.rs:575:10:575:10 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:575:10:575:10 | t | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:575:10:575:10 | t | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:575:10:575:10 | t | Snd.Fst | main.rs:557:5:558:14 | S2 | +| main.rs:575:10:575:10 | t | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:13:576:13 | x | | main.rs:560:5:561:14 | S3 | | main.rs:576:17:576:17 | t | | main.rs:535:5:541:5 | PairOption | -| main.rs:576:17:576:17 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:17 | t | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:17 | t | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:17 | t | Snd.Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:17 | t | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:29 | t.unwrapSnd() | | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:29 | t.unwrapSnd() | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:29 | t.unwrapSnd() | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:41 | ... .unwrapSnd() | | main.rs:560:5:561:14 | S3 | +| main.rs:577:26:577:26 | x | | main.rs:560:5:561:14 | S3 | | main.rs:582:13:582:14 | p1 | | main.rs:535:5:541:5 | PairOption | | main.rs:582:13:582:14 | p1 | Fst | main.rs:554:5:555:14 | S1 | | main.rs:582:13:582:14 | p1 | Snd | main.rs:557:5:558:14 | S2 | @@ -525,26 +537,40 @@ inferType | main.rs:583:26:583:27 | p1 | Fst | main.rs:554:5:555:14 | S1 | | main.rs:583:26:583:27 | p1 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:586:13:586:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:13:586:14 | p2 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:586:13:586:14 | p2 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:586:26:586:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:26:586:47 | ...::PairNone(...) | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:586:26:586:47 | ...::PairNone(...) | Snd | main.rs:557:5:558:14 | S2 | | main.rs:587:26:587:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:587:26:587:27 | p2 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:587:26:587:27 | p2 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:590:13:590:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | Fst | main.rs:557:5:558:14 | S2 | | main.rs:590:13:590:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:590:34:590:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:34:590:56 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:590:34:590:56 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:590:54:590:55 | S3 | | main.rs:560:5:561:14 | S3 | | main.rs:591:26:591:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:591:26:591:27 | p3 | Fst | main.rs:557:5:558:14 | S2 | | main.rs:591:26:591:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:594:13:594:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:594:13:594:14 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:13:594:14 | p3 | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:594:13:594:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:594:35:594:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:594:35:594:56 | ...::PairNone(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:595:26:595:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:595:26:595:27 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:595:26:595:27 | p3 | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:595:26:595:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:11:597:54 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:11:597:54 | ...::PairSnd(...) | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:31:597:53 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:31:597:53 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:31:597:53 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:51:597:52 | S3 | | main.rs:560:5:561:14 | S3 | | main.rs:610:16:610:24 | SelfParam | | file://:0:0:0:0 | & | From 3bfb4fbd8dd323d26253a7fcfc69b537b0d62bf6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 10:59:48 +0200 Subject: [PATCH 216/409] Rust: More path resolution tests --- .../library-tests/path-resolution/main.rs | 27 ++++ .../path-resolution/path-resolution.expected | 129 ++++++++++-------- 2 files changed, 97 insertions(+), 59 deletions(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 374f290b00e1..c6235ae780e2 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -493,6 +493,33 @@ mod m18 { } } +mod m21 { + mod m22 { + pub enum MyEnum { + A, // I104 + } // I105 + + pub struct MyStruct; // I106 + } // I107 + + mod m33 { + #[rustfmt::skip] + use super::m22::MyEnum::{ // $ item=I105 + self // $ MISSING: item=I105 $ SPURIOUS: item=I107 + }; + + #[rustfmt::skip] + use super::m22::MyStruct::{ // $ item=I106 + self // $ MISSING: item=I106 $ SPURIOUS: item=I107 + }; + + fn f() { + let _ = MyEnum::A; // $ MISSING: item=I104 + let _ = MyStruct {}; // $ MISSING: item=I106 + } + } +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 235ad7451c56..4fdb0d7843b8 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -24,6 +24,9 @@ mod | main.rs:476:1:494:1 | mod m18 | | main.rs:481:5:493:5 | mod m19 | | main.rs:486:9:492:9 | mod m20 | +| main.rs:496:1:521:1 | mod m21 | +| main.rs:497:5:503:5 | mod m22 | +| main.rs:505:5:520:5 | mod m33 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -56,7 +59,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:523:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:550:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -68,7 +71,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:523:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:550:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -82,7 +85,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:523:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:550:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -220,61 +223,69 @@ resolvePath | main.rs:490:17:490:21 | super | main.rs:481:5:493:5 | mod m19 | | main.rs:490:17:490:28 | ...::super | main.rs:476:1:494:1 | mod m18 | | main.rs:490:17:490:31 | ...::f | main.rs:477:5:479:5 | fn f | -| main.rs:497:5:497:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:497:5:497:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:497:5:497:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:497:5:497:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:497:5:497:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:498:5:498:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:498:5:498:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:499:5:499:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:499:5:499:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:499:5:499:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:499:5:499:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:500:5:500:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:501:5:501:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:502:5:502:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:502:5:502:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:503:5:503:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:503:5:503:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:503:5:503:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:504:5:504:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:504:5:504:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:504:5:504:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:504:5:504:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:505:5:505:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:505:5:505:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:506:5:506:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:507:5:507:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:508:5:508:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:509:5:509:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:510:5:510:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:510:5:510:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:511:5:511:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:511:5:511:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:512:5:512:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:512:5:512:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:513:5:513:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:513:5:513:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:514:5:514:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:514:5:514:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:515:5:515:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:515:5:515:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:516:5:516:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:516:5:516:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:517:5:517:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:517:5:517:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:518:5:518:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:518:5:518:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:519:5:519:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:521:5:521:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | -| main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | -| main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | -| main.rs:522:5:522:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:507:13:507:17 | super | main.rs:496:1:521:1 | mod m21 | +| main.rs:507:13:507:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | +| main.rs:507:13:507:30 | ...::MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:508:13:508:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:512:13:512:17 | super | main.rs:496:1:521:1 | mod m21 | +| main.rs:512:13:512:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | +| main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | +| main.rs:513:13:513:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:524:5:524:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:524:5:524:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:525:5:525:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:525:5:525:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:526:5:526:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:526:5:526:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:526:5:526:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:526:5:526:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:527:5:527:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:528:5:528:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:529:5:529:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:529:5:529:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:530:5:530:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:530:5:530:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:530:5:530:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:531:5:531:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:531:5:531:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:531:5:531:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:531:5:531:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:532:5:532:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:532:5:532:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:533:5:533:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:534:5:534:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:535:5:535:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:536:5:536:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:537:5:537:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:537:5:537:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:538:5:538:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:538:5:538:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:539:5:539:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:539:5:539:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:540:5:540:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:540:5:540:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:541:5:541:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:541:5:541:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:542:5:542:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:542:5:542:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:543:5:543:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:543:5:543:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:544:5:544:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:544:5:544:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:545:5:545:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:545:5:545:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:546:5:546:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:546:5:546:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:547:5:547:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:547:5:547:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:548:5:548:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:549:5:549:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:549:5:549:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:549:5:549:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:549:5:549:20 | ...::g | main.rs:487:13:491:13 | fn g | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -288,7 +299,7 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:523:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:550:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | From f09c3c5813f00810c76b0267e0e173e5ce53b0f1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:14:07 +0200 Subject: [PATCH 217/409] Rust: Handle `self` enum/struct uses --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 4 +++- rust/ql/test/library-tests/path-resolution/main.rs | 6 +++--- .../library-tests/path-resolution/path-resolution.expected | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index ea4e4774d8be..9d0829f95a0d 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -181,7 +181,9 @@ abstract class ItemNode extends Locatable { else result = this.getImmediateParentModule().getImmediateParentModule() or name = "self" and - if this instanceof Module then result = this else result = this.getImmediateParentModule() + if this instanceof Module or this instanceof Enum or this instanceof Struct + then result = this + else result = this.getImmediateParentModule() or name = "Self" and this = result.(ImplOrTraitItemNode).getAnItemInSelfScope() diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index c6235ae780e2..bbbb7006401e 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -505,17 +505,17 @@ mod m21 { mod m33 { #[rustfmt::skip] use super::m22::MyEnum::{ // $ item=I105 - self // $ MISSING: item=I105 $ SPURIOUS: item=I107 + self // $ item=I105 }; #[rustfmt::skip] use super::m22::MyStruct::{ // $ item=I106 - self // $ MISSING: item=I106 $ SPURIOUS: item=I107 + self // $ item=I106 }; fn f() { let _ = MyEnum::A; // $ MISSING: item=I104 - let _ = MyStruct {}; // $ MISSING: item=I106 + let _ = MyStruct {}; // $ item=I106 } } } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 4fdb0d7843b8..f012a7488b8b 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -226,11 +226,13 @@ resolvePath | main.rs:507:13:507:17 | super | main.rs:496:1:521:1 | mod m21 | | main.rs:507:13:507:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | | main.rs:507:13:507:30 | ...::MyEnum | main.rs:498:9:500:9 | enum MyEnum | -| main.rs:508:13:508:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:508:13:508:16 | self | main.rs:498:9:500:9 | enum MyEnum | | main.rs:512:13:512:17 | super | main.rs:496:1:521:1 | mod m21 | | main.rs:512:13:512:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | | main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | -| main.rs:513:13:513:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:513:13:513:16 | self | main.rs:502:9:502:28 | struct MyStruct | +| main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | | main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | | main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | From 4b3816e14edcb4c6f70c3ae74d186c4b6e79e1d6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:20:18 +0200 Subject: [PATCH 218/409] Rust: Variants inherit visibility from their parent enum --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 +- rust/ql/test/library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/path-resolution.expected | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 9d0829f95a0d..27fa622ff706 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -321,7 +321,7 @@ private class VariantItemNode extends ItemNode instanceof Variant { result = super.getEnum().getGenericParamList().getTypeParam(i) } - override Visibility getVisibility() { result = Variant.super.getVisibility() } + override Visibility getVisibility() { result = super.getEnum().getVisibility() } } class FunctionItemNode extends AssocItemNode instanceof Function { diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index bbbb7006401e..3d54b1a4b6a4 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -514,7 +514,7 @@ mod m21 { }; fn f() { - let _ = MyEnum::A; // $ MISSING: item=I104 + let _ = MyEnum::A; // $ item=I104 let _ = MyStruct {}; // $ item=I106 } } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index f012a7488b8b..a7ead02db842 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -232,6 +232,7 @@ resolvePath | main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:513:13:513:16 | self | main.rs:502:9:502:28 | struct MyStruct | | main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | | main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | From f4e93826221c7a0bbeb4ffab81d2687d5c794961 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:20:44 +0200 Subject: [PATCH 219/409] Rust: Take prelude into account when resolving paths --- .../hello-project/summary.expected | 2 +- .../hello-workspace/summary.cargo.expected | 2 +- .../summary.rust-project.expected | 2 +- .../codeql/rust/dataflow/internal/Content.qll | 2 - .../rust/dataflow/internal/DataFlowImpl.qll | 134 +----------------- .../dataflow/internal/FlowSummaryImpl.qll | 21 ++- .../rust/elements/internal/EnumImpl.qll | 9 ++ .../rust/elements/internal/PathImpl.qll | 12 ++ .../codeql/rust/frameworks/stdlib/Stdlib.qll | 45 ++++++ .../lib/codeql/rust/internal/CachedStages.qll | 35 ++++- .../codeql/rust/internal/PathResolution.qll | 120 +++++++++++++--- .../internal/PathResolutionConsistency.qll | 8 +- rust/ql/lib/codeql/rust/internal/Type.qll | 2 +- .../codeql/rust/internal/TypeInference.qll | 2 +- .../PathResolutionConsistency.expected | 2 +- .../PathResolutionConsistency.expected | 2 +- .../PathResolutionConsistency.expected | 3 - .../path-resolution/path-resolution.ql | 4 +- .../diagnostics/SummaryStats.expected | 2 +- 19 files changed, 237 insertions(+), 172 deletions(-) diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1dd49972c22b..a4b0d0a16415 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index baaba2837e7b..564cbfd7bc97 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index baaba2837e7b..564cbfd7bc97 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll index ccdf8c763ca8..95a5fa98bb40 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll @@ -255,8 +255,6 @@ cached newtype TContent = TTupleFieldContent(TupleField field) { Stages::DataFlowStage::ref() } or TStructFieldContent(StructField field) or - // TODO: Remove once library types are extracted - TVariantInLibTupleFieldContent(VariantInLib::VariantInLib v, int pos) { pos = v.getAPosition() } or TElementContent() or TFutureContent() or TTuplePositionContent(int pos) { diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 60aa10016be9..91af72fce4e9 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -296,125 +296,6 @@ module LocalFlow { } } -/** - * Provides temporary modeling of built-in variants, for which no source code - * `Item`s are available. - * - * TODO: Remove once library code is extracted. - */ -module VariantInLib { - private import codeql.util.Option - - private class CrateOrigin extends string { - CrateOrigin() { this = any(Resolvable r).getResolvedCrateOrigin() } - } - - private class CrateOriginOption = Option::Option; - - private CrateOriginOption langCoreCrate() { result.asSome() = "lang:core" } - - private newtype TVariantInLib = - MkVariantInLib(CrateOriginOption crate, string path, string name) { - crate = langCoreCrate() and - ( - path = "crate::option::Option" and - name = "Some" - or - path = "crate::result::Result" and - name = ["Ok", "Err"] - ) - } - - /** An enum variant from library code, represented by the enum's canonical path and the variant's name. */ - class VariantInLib extends MkVariantInLib { - CrateOriginOption crate; - string path; - string name; - - VariantInLib() { this = MkVariantInLib(crate, path, name) } - - int getAPosition() { - this = MkVariantInLib(langCoreCrate(), "crate::option::Option", "Some") and - result = 0 - or - this = MkVariantInLib(langCoreCrate(), "crate::result::Result", ["Ok", "Err"]) and - result = 0 - } - - string getExtendedCanonicalPath() { result = path + "::" + name } - - string toString() { result = name } - } - - /** A tuple variant from library code. */ - class VariantInLibTupleFieldContent extends Content, TVariantInLibTupleFieldContent { - private VariantInLib::VariantInLib v; - private int pos_; - - VariantInLibTupleFieldContent() { this = TVariantInLibTupleFieldContent(v, pos_) } - - VariantInLib::VariantInLib getVariantInLib(int pos) { result = v and pos = pos_ } - - string getExtendedCanonicalPath() { result = v.getExtendedCanonicalPath() } - - int getPosition() { result = pos_ } - - final override string toString() { - // only print indices when the arity is > 1 - if exists(TVariantInLibTupleFieldContent(v, 1)) - then result = v.toString() + "(" + pos_ + ")" - else result = v.toString() - } - - final override Location getLocation() { result instanceof EmptyLocation } - } - - pragma[nomagic] - private predicate resolveExtendedCanonicalPath(Resolvable r, CrateOriginOption crate, string path) { - path = r.getResolvedPath() and - ( - crate.asSome() = r.getResolvedCrateOrigin() - or - crate.isNone() and - not r.hasResolvedCrateOrigin() - ) - } - - /** Holds if path `p` resolves to variant `v`. */ - private predicate pathResolveToVariantInLib(PathAstNode p, VariantInLib v) { - exists(CrateOriginOption crate, string path, string name | - resolveExtendedCanonicalPath(p, pragma[only_bind_into](crate), path + "::" + name) and - v = MkVariantInLib(pragma[only_bind_into](crate), path, name) - ) - } - - /** Holds if `p` destructs an enum variant `v`. */ - pragma[nomagic] - private predicate tupleVariantCanonicalDestruction(TupleStructPat p, VariantInLib v) { - pathResolveToVariantInLib(p, v) - } - - bindingset[pos] - predicate tupleVariantCanonicalDestruction( - TupleStructPat pat, VariantInLibTupleFieldContent c, int pos - ) { - tupleVariantCanonicalDestruction(pat, c.getVariantInLib(pos)) - } - - /** Holds if `ce` constructs an enum value of type `v`. */ - pragma[nomagic] - private predicate tupleVariantCanonicalConstruction(CallExpr ce, VariantInLib v) { - pathResolveToVariantInLib(ce.getFunction().(PathExpr), v) - } - - bindingset[pos] - predicate tupleVariantCanonicalConstruction(CallExpr ce, VariantInLibTupleFieldContent c, int pos) { - tupleVariantCanonicalConstruction(ce, c.getVariantInLib(pos)) - } -} - -class VariantInLibTupleFieldContent = VariantInLib::VariantInLibTupleFieldContent; - class LambdaCallKind = Unit; /** Holds if `creation` is an expression that creates a lambda of kind `kind`. */ @@ -480,6 +361,7 @@ module RustDataFlow implements InputSig { private import Aliases private import codeql.rust.dataflow.DataFlow private import Node as Node + private import codeql.rust.frameworks.stdlib.Stdlib /** * An element, viewed as a node in a data flow graph. Either an expression @@ -665,11 +547,8 @@ module RustDataFlow implements InputSig { exists(Content c | c = cs.(SingletonContentSet).getContent() | exists(TupleStructPatCfgNode pat, int pos | pat = node1.asPat() and - node2.asPat() = pat.getField(pos) - | + node2.asPat() = pat.getField(pos) and c = TTupleFieldContent(pat.getTupleStructPat().getTupleField(pos)) - or - VariantInLib::tupleVariantCanonicalDestruction(pat.getPat(), c, pos) ) or exists(TuplePatCfgNode pat, int pos | @@ -714,8 +593,8 @@ module RustDataFlow implements InputSig { exists(TryExprCfgNode try | node1.asExpr() = try.getExpr() and node2.asExpr() = try and - c.(VariantInLibTupleFieldContent).getVariantInLib(0).getExtendedCanonicalPath() = - ["crate::option::Option::Some", "crate::result::Result::Ok"] + c.(TupleFieldContent) + .isVariantField([any(OptionEnum o).getSome(), any(ResultEnum r).getOk()], 0) ) or exists(PrefixExprCfgNode deref | @@ -791,11 +670,8 @@ module RustDataFlow implements InputSig { private predicate storeContentStep(Node node1, Content c, Node node2) { exists(CallExprCfgNode call, int pos | node1.asExpr() = call.getArgument(pragma[only_bind_into](pos)) and - node2.asExpr() = call - | + node2.asExpr() = call and c = TTupleFieldContent(call.getCallExpr().getTupleField(pragma[only_bind_into](pos))) - or - VariantInLib::tupleVariantCanonicalConstruction(call.getCallExpr(), c, pos) ) or exists(StructExprCfgNode re, string field | diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll index e1cf87397b91..62cc47dfc0d3 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll @@ -11,6 +11,7 @@ private import Content module Input implements InputSig { private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl + private import codeql.rust.frameworks.stdlib.Stdlib class SummarizedCallableBase = string; @@ -66,9 +67,20 @@ module Input implements InputSig { exists(Content c | cs = TSingletonContentSet(c) | result = "Field" and ( - exists(Addressable a, int pos | + exists(Addressable a, int pos, string prefix | // TODO: calculate in QL - arg = a.getExtendedCanonicalPath() + "(" + pos + ")" + arg = prefix + "(" + pos + ")" and + ( + prefix = a.getExtendedCanonicalPath() + or + a = any(OptionEnum o).getSome() and + prefix = "crate::option::Option::Some" + or + exists(string name | + a = any(ResultEnum r).getVariant(name) and + prefix = "crate::result::Result::" + name + ) + ) | c.(TupleFieldContent).isStructField(a, pos) or @@ -84,11 +96,6 @@ module Input implements InputSig { c.(StructFieldContent).isVariantField(a, field) ) or - c = - any(VariantInLibTupleFieldContent v | - arg = v.getExtendedCanonicalPath() + "(" + v.getPosition() + ")" - ) - or exists(int pos | c = TTuplePositionContent(pos) and arg = pos.toString() diff --git a/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll index a298aa7319f2..39663b6a0e0a 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll @@ -11,6 +11,8 @@ private import codeql.rust.elements.internal.generated.Enum * be referenced directly. */ module Impl { + private import rust + // the following QLdoc is generated: if you need to edit it, do it in the schema file /** * A Enum. For example: @@ -20,5 +22,12 @@ module Impl { */ class Enum extends Generated::Enum { override string toStringImpl() { result = "enum " + this.getName().getText() } + + /** Gets the variant named `name`, if any. */ + pragma[nomagic] + Variant getVariant(string name) { + result = this.getVariantList().getAVariant() and + result.getName().getText() = name + } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll index 92c6f25fbeb4..f1450b175211 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll @@ -40,6 +40,18 @@ module Impl { */ pragma[nomagic] string getText() { result = this.getSegment().getIdentifier().getText() } + + /** + * Gets the full text of this path, including the qualifier. + * + * Should only be used for debugging purposes. + */ + string toStringDebug() { + not this.hasQualifier() and + result = this.getText() + or + result = this.getQualifier().toStringDebug() + "::" + this.getText() + } } /** A simple identifier path. */ diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll b/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll index 9fc0e70833bc..0ba90bc2e346 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll @@ -21,3 +21,48 @@ private class StartswithCall extends Path::SafeAccessCheck::Range, CfgNodes::Met branch = true } } + +/** + * The [`Option` enum][1]. + * + * [1]: https://doc.rust-lang.org/std/option/enum.Option.html + */ +class OptionEnum extends Enum { + OptionEnum() { + // todo: replace with canonical path, once calculated in QL + exists(Crate core, Module m | + core.getName() = "core" and + m = core.getModule().getItemList().getAnItem() and + m.getName().getText() = "option" and + this = m.getItemList().getAnItem() and + this.getName().getText() = "Option" + ) + } + + /** Gets the `Some` variant. */ + Variant getSome() { result = this.getVariant("Some") } +} + +/** + * The [`Result` enum][1]. + * + * [1]: https://doc.rust-lang.org/stable/std/result/enum.Result.html + */ +class ResultEnum extends Enum { + ResultEnum() { + // todo: replace with canonical path, once calculated in QL + exists(Crate core, Module m | + core.getName() = "core" and + m = core.getModule().getItemList().getAnItem() and + m.getName().getText() = "result" and + this = m.getItemList().getAnItem() and + this.getName().getText() = "Result" + ) + } + + /** Gets the `Ok` variant. */ + Variant getOk() { result = this.getVariant("Ok") } + + /** Gets the `Err` variant. */ + Variant getErr() { result = this.getVariant("Err") } +} diff --git a/rust/ql/lib/codeql/rust/internal/CachedStages.qll b/rust/ql/lib/codeql/rust/internal/CachedStages.qll index d9ad8e1fbc16..41e819195694 100644 --- a/rust/ql/lib/codeql/rust/internal/CachedStages.qll +++ b/rust/ql/lib/codeql/rust/internal/CachedStages.qll @@ -95,17 +95,48 @@ module Stages { } } + /** + * The path resolution stage. + */ + cached + module PathResolutionStage { + private import codeql.rust.internal.PathResolution + + /** + * Always holds. + * Ensures that a predicate is evaluated as part of the path resolution stage. + */ + cached + predicate ref() { 1 = 1 } + + /** + * DO NOT USE! + * + * Contains references to each predicate that use the above `ref` predicate. + */ + cached + predicate backref() { + 1 = 1 + or + exists(resolvePath(_)) + or + exists(any(ItemNode i).getASuccessor(_)) + or + exists(any(ItemNode i).getASuccessorRec(_)) + } + } + /** * The type inference stage. */ cached - module TypeInference { + module TypeInferenceStage { private import codeql.rust.internal.Type private import codeql.rust.internal.TypeInference /** * Always holds. - * Ensures that a predicate is evaluated as part of the CFG stage. + * Ensures that a predicate is evaluated as part of the type inference stage. */ cached predicate ref() { 1 = 1 } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 27fa622ff706..e5a6763525e8 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -4,6 +4,7 @@ private import rust private import codeql.rust.elements.internal.generated.ParentChild +private import codeql.rust.internal.CachedStages private newtype TNamespace = TTypeNamespace() or @@ -115,8 +116,9 @@ abstract class ItemNode extends Locatable { result = this.(SourceFileItemNode).getSuper() } - pragma[nomagic] + cached ItemNode getASuccessorRec(string name) { + Stages::PathResolutionStage::ref() and sourceFileEdge(this, name, result) or this = result.getImmediateParent() and @@ -171,10 +173,13 @@ abstract class ItemNode extends Locatable { } /** Gets a successor named `name` of this item, if any. */ - pragma[nomagic] + cached ItemNode getASuccessor(string name) { + Stages::PathResolutionStage::ref() and result = this.getASuccessorRec(name) or + preludeEdge(this, name, result) + or name = "super" and if this instanceof Module or this instanceof SourceFile then result = this.getImmediateParentModule() @@ -195,6 +200,16 @@ abstract class ItemNode extends Locatable { or this = crate.getModuleNode() ) + or + // todo: implement properly + name = "$crate" and + result = + any(CrateItemNode crate | + this = crate.getASourceFile() + or + this = crate.getModuleNode() + ).(Crate).getADependency*() and + result.(CrateItemNode).isPotentialDollarCrateTarget() } /** Gets the location of this item. */ @@ -214,6 +229,16 @@ abstract private class ModuleLikeNode extends ItemNode { not mid instanceof ModuleLikeNode ) } + + /** + * Holds if this is a root module, meaning either a source file or + * the entry module of a crate. + */ + predicate isRoot() { + this instanceof SourceFileItemNode + or + this = any(CrateItemNode c).getModuleNode() + } } private class SourceFileItemNode extends ModuleLikeNode, SourceFile { @@ -269,6 +294,14 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } + pragma[nomagic] + predicate isPotentialDollarCrateTarget() { + exists(string name, RelevantPath p | + p.isDollarCrateQualifiedPath(name) and + exists(this.getASuccessor(name)) + ) + } + override string getName() { result = Crate.super.getName() } override Namespace getNamespace() { @@ -488,6 +521,7 @@ class TraitItemNode extends ImplOrTraitItemNode instanceof Trait { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() } + pragma[nomagic] ItemNode resolveABound() { result = resolvePath(this.getABoundPath()) } override AssocItemNode getAnAssocItem() { result = super.getAssocItemList().getAnAssocItem() } @@ -549,6 +583,7 @@ private class TypeParamItemNode extends ItemNode instanceof TypeParam { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() } + pragma[nomagic] ItemNode resolveABound() { result = resolvePath(this.getABoundPath()) } /** @@ -769,7 +804,7 @@ private predicate declares(ItemNode item, Namespace ns, string name) { } /** A path that does not access a local variable. */ -private class RelevantPath extends Path { +class RelevantPath extends Path { RelevantPath() { not this = any(VariableAccess va).(PathExpr).getPath() } pragma[nomagic] @@ -778,6 +813,19 @@ private class RelevantPath extends Path { not this = any(UseTreeList list).getAUseTree().getPath() and name = this.getText() } + + pragma[nomagic] + predicate isCratePath(string name, ItemNode encl) { + name = ["crate", "$crate"] and + this.isUnqualified(name) and + encl.getADescendant() = this + } + + pragma[nomagic] + predicate isDollarCrateQualifiedPath(string name) { + this.getQualifier().(RelevantPath).isCratePath("$crate", _) and + this.getText() = name + } } /** @@ -790,7 +838,8 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n // lookup in the immediately enclosing item p.isUnqualified(name) and encl0.getADescendant() = p and - exists(ns) + exists(ns) and + not name = ["crate", "$crate"] or // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | @@ -800,16 +849,12 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n not ( name = "Self" and mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() - ) and - not ( - name = "crate" and - mid = any(CrateItemNode i).getASourceFile() ) | // nested modules do not have unqualified access to items from outer modules, - // except for items declared at top-level in the source file + // except for items declared at top-level in the root module if mid instanceof Module - then encl0.(SourceFileItemNode) = mid.getImmediateParent+() + then encl0 = mid.getImmediateParent+() and encl0.(ModuleLikeNode).isRoot() else encl0 = mid.getImmediateParent() ) | @@ -827,11 +872,29 @@ private ItemNode getASuccessor(ItemNode pred, string name, Namespace ns) { ns = result.getNamespace() } +private predicate isRoot(ItemNode root) { root.(ModuleLikeNode).isRoot() } + +private predicate hasCratePath(ItemNode i) { any(RelevantPath path).isCratePath(_, i) } + +private predicate hasChild(ItemNode parent, ItemNode child) { child.getImmediateParent() = parent } + +private predicate rootHasCratePathTc(ItemNode i1, ItemNode i2) = + doublyBoundedFastTC(hasChild/2, isRoot/1, hasCratePath/1)(i1, i2) + pragma[nomagic] private ItemNode unqualifiedPathLookup(RelevantPath path, Namespace ns) { exists(ItemNode encl, string name | - unqualifiedPathLookup(path, name, ns, encl) and - result = getASuccessor(encl, name, ns) + result = getASuccessor(encl, pragma[only_bind_into](name), ns) + | + unqualifiedPathLookup(path, name, ns, encl) + or + // For `($)crate`, jump directly to the root module + exists(ItemNode i | path.isCratePath(pragma[only_bind_into](name), i) | + encl.(ModuleLikeNode).isRoot() and + encl = i + or + rootHasCratePathTc(encl, i) + ) ) } @@ -1006,7 +1069,7 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { item = getASuccessor(used, name, ns) and // glob imports can be shadowed not declares(encl, ns, name) and - not name = ["super", "self", "Self", "crate"] + not name = ["super", "self", "Self", "$crate", "crate"] ) else ( item = used and @@ -1021,19 +1084,42 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { ) } +/** + * Holds if `i` is available inside `f` because it is reexported in [the prelude][1]. + * + * We don't yet have access to prelude information from the extractor, so for now + * we include all the preludes for Rust 2015, 2018, 2021, and 2024. + * + * [1]: https://doc.rust-lang.org/core/prelude/index.html + */ +private predicate preludeEdge(SourceFile f, string name, ItemNode i) { + exists(Crate core, ModuleItemNode mod, ModuleItemNode prelude, ModuleItemNode rust | + f = any(Crate c0 | core = c0.getDependency(_)).getASourceFile() and + core.getName() = "core" and + mod = core.getModule() and + prelude = mod.getASuccessorRec("prelude") and + rust = prelude.getASuccessorRec(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and + i = rust.getASuccessorRec(name) and + not i instanceof Use + ) +} + /** Provides predicates for debugging the path resolution implementation. */ private module Debug { private Locatable getRelevantLocatable() { exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and - filepath.matches("%/main.rs") and - startline = [1, 3] + filepath.matches("%/test_logging.rs") and + startline = 163 ) } - predicate debugUnqualifiedPathLookup(RelevantPath p, string name, Namespace ns, ItemNode encl) { + predicate debugUnqualifiedPathLookup( + RelevantPath p, string name, Namespace ns, ItemNode encl, string path + ) { p = getRelevantLocatable() and - unqualifiedPathLookup(p, name, ns, encl) + unqualifiedPathLookup(p, name, ns, encl) and + path = p.toStringDebug() } ItemNode debugResolvePath(RelevantPath path) { diff --git a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll index 75d4ac8a6e83..a8f581aabdf9 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll @@ -9,6 +9,8 @@ private import PathResolution query predicate multiplePathResolutions(Path p, ItemNode i) { p.fromSource() and i = resolvePath(p) and + // known limitation for `$crate` + not p.getQualifier*().(RelevantPath).isUnqualified("$crate") and // `use foo::bar` may use both a type `bar` and a value `bar` not p = any(UseTree use | @@ -19,7 +21,7 @@ query predicate multiplePathResolutions(Path p, ItemNode i) { } /** Holds if `call` has multiple static call targets including `target`. */ -query predicate multipleStaticCallTargets(CallExprBase call, Callable target) { +query predicate multipleMethodCallTargets(MethodCallExpr call, Callable target) { target = call.getStaticTarget() and strictcount(call.getStaticTarget()) > 1 } @@ -43,8 +45,8 @@ int getPathResolutionInconsistencyCounts(string type) { type = "Multiple path resolutions" and result = count(Path p | multiplePathResolutions(p, _) | p) or - type = "Multiple static call targets" and - result = count(CallExprBase call | multipleStaticCallTargets(call, _) | call) + type = "Multiple static method call targets" and + result = count(CallExprBase call | multipleMethodCallTargets(call, _) | call) or type = "Multiple record fields" and result = count(FieldExpr fe | multipleStructFields(fe, _) | fe) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index ef311fae6c8a..d6000c606be6 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -8,7 +8,7 @@ private import codeql.rust.internal.CachedStages cached newtype TType = - TStruct(Struct s) { Stages::TypeInference::ref() } or + TStruct(Struct s) { Stages::TypeInferenceStage::ref() } or TEnum(Enum e) or TTrait(Trait t) or TImpl(Impl i) or diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index ed6370f16381..48fd159fc2b9 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -993,7 +993,7 @@ private module Cached { */ cached Type inferType(AstNode n, TypePath path) { - Stages::TypeInference::backref() and + Stages::TypeInferenceStage::ref() and result = inferAnnotatedType(n, path) or result = inferTypeEquality(n, path) diff --git a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected index 2c09f55800f6..fbc771e88519 100644 --- a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ -multipleStaticCallTargets +multipleMethodCallTargets | regular.rs:29:5:29:9 | s.g() | anonymous.rs:15:9:15:22 | fn g | | regular.rs:29:5:29:9 | s.g() | regular.rs:13:5:13:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected index e66b1b5ee2e4..849d19acbf0e 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ -multipleStaticCallTargets +multipleMethodCallTargets | regular.rs:32:5:32:9 | s.g() | anonymous.rs:18:9:18:22 | fn g | | regular.rs:32:5:32:9 | s.g() | regular.rs:16:5:16:18 | fn g | diff --git a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected index fa8dd32840be..9d4e175192b4 100644 --- a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected @@ -1,6 +1,3 @@ multiplePathResolutions | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | -multipleStaticCallTargets -| main.rs:118:9:118:11 | f(...) | main.rs:104:5:106:5 | fn f | -| main.rs:118:9:118:11 | f(...) | main.rs:110:5:112:5 | fn f | diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.ql b/rust/ql/test/library-tests/path-resolution/path-resolution.ql index e8aebeaa0ef6..4fdcf39c6c62 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.ql +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.ql @@ -5,4 +5,6 @@ import TestUtils query predicate mod(Module m) { toBeTested(m) } -query predicate resolvePath(Path p, ItemNode i) { toBeTested(p) and i = resolvePath(p) } +query predicate resolvePath(Path p, ItemNode i) { + toBeTested(p) and not p.isInMacroExpansion() and i = resolvePath(p) +} diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index d34cd849069b..13cbcbdf4ef1 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | From ce19972aeff42c93b9594897831e1d7b99b4dc8c Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 3 Apr 2025 16:16:20 +0200 Subject: [PATCH 220/409] SSA: Reinstate consistency check. --- shared/ssa/codeql/ssa/Ssa.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index dab99df65b4d..5a18d128ab62 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1408,6 +1408,18 @@ module Make Input> { not uncertainWriteDefinitionInput(_, def) } + /** Holds if a read is not dominated by a definition. */ + query predicate notDominatedByDef(Definition def, SourceVariable v, BasicBlock bb, int i) { + exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef) | + SsaDefReachesNew::ssaDefReachesReadWithinBlock(v, def, bb, i) and + (bb != bbDef or i < iDef) + or + ssaDefReachesRead(v, def, bb, i) and + not SsaDefReachesNew::ssaDefReachesReadWithinBlock(v, def, bb, i) and + not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _) + ) + } + /** Holds if the end of a basic block can be reached by multiple definitions. */ query predicate nonUniqueDefReachesEndOfBlock(Definition def, SourceVariable v, BasicBlock bb) { ssaDefReachesEndOfBlock(bb, def, v) and From a572ac60d28c8a2ab1c843fcd2c2e4025e31d87c Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 3 Apr 2025 18:31:27 +0200 Subject: [PATCH 221/409] Added inline test expectations for `WebSocket` --- .../frameworks/WebSocket/browser.js | 18 +++++----- .../frameworks/WebSocket/client.js | 8 ++--- .../frameworks/WebSocket/server.js | 10 +++--- .../frameworks/WebSocket/sockjs.js | 8 ++--- .../frameworks/WebSocket/test.expected | 34 +++++++++---------- .../frameworks/WebSocket/test.qlref | 2 ++ 6 files changed, 41 insertions(+), 39 deletions(-) create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index e138d397c7f0..7e15bb532c50 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -1,32 +1,32 @@ (function () { - const socket = new WebSocket('ws://localhost:8080'); + const socket = new WebSocket('ws://localhost:8080'); // $clientSocket socket.addEventListener('open', function (event) { - socket.send('Hi from browser!'); + socket.send('Hi from browser!'); // $clientSend }); socket.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); + }); // $clientReceive socket.onmessage = function (event) { console.log("Message from server 2", event.data) - }; + }; // $clientReceive })(); (function () { - var sock = new SockJS('http://0.0.0.0:9999/echo'); + var sock = new SockJS('http://0.0.0.0:9999/echo'); // $clientSocket sock.onopen = function () { - sock.send('test'); + sock.send('test'); // $clientSend }; sock.onmessage = function (e) { console.log('message', e.data); sock.close(); - }; + }; // $clientReceive sock.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); -}) \ No newline at end of file + }); // $clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index c98c71973bf6..c49df5afc3c2 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -1,13 +1,13 @@ (function () { const WebSocket = require('ws'); - const ws = new WebSocket('ws://example.org'); + const ws = new WebSocket('ws://example.org'); // $clientSocket ws.on('open', function open() { - ws.send('Hi from client!'); + ws.send('Hi from client!'); // $clientSend }); ws.on('message', function incoming(data) { console.log(data); - }); -})(); \ No newline at end of file + }); // $clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index d135f652b459..2f9173ecfc9d 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -3,11 +3,11 @@ const wss = new WebSocket.Server({ port: 8080 }); - wss.on('connection', function connection(ws) { - ws.on('message', function incoming(message) { + wss.on('connection', function connection(ws) { // $serverSocket + ws.on('message', function incoming(message) { // $remoteFlow console.log('received: %s', message); - }); + }); // $serverReceive - ws.send('Hi from server!'); + ws.send('Hi from server!'); // $serverSend }); -})(); \ No newline at end of file +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js index 3616caf90fd9..4b599cf5fede 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js @@ -5,11 +5,11 @@ const sockjs = require('sockjs'); const app = express(); const server = http.createServer(app); const sockjs_echo = sockjs.createServer({}); -sockjs_echo.on('connection', function (conn) { - conn.on('data', function (message) { +sockjs_echo.on('connection', function (conn) { // $serverSocket + conn.on('data', function (message) { // $remoteFlow var data = JSON.parse(message); - conn.write(JSON.stringify(eval(data.test))); - }); + conn.write(JSON.stringify(eval(data.test))); // $serverSend + }); // $serverReceive }); sockjs_echo.installHandlers(server, { prefix: '/echo' }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 96c5aedb737a..0ea8e8b690be 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,26 +1,17 @@ -clientSocket -| browser.js:2:17:2:52 | new Web ... :8080') | -| browser.js:19:13:19:50 | new Soc ... /echo') | -| client.js:4:13:4:45 | new Web ... e.org') | -clientSend -| browser.js:5:3:5:33 | socket. ... wser!') | -| browser.js:21:3:21:19 | sock.send('test') | -| client.js:7:3:7:28 | ws.send ... ient!') | clientReceive | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | -serverSocket -| server.js:6:43:6:44 | ws | -| sockjs.js:8:40:8:43 | conn | -serverSend -| server.js:11:3:11:28 | ws.send ... rver!') | -| sockjs.js:11:9:11:51 | conn.wr ... test))) | -serverReceive -| server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | -| sockjs.js:9:5:12:6 | conn.on ... \\n }) | +clientSend +| browser.js:5:3:5:33 | socket. ... wser!') | +| browser.js:21:3:21:19 | sock.send('test') | +| client.js:7:3:7:28 | ws.send ... ient!') | +clientSocket +| browser.js:2:17:2:52 | new Web ... :8080') | +| browser.js:19:13:19:50 | new Soc ... /echo') | +| client.js:4:13:4:45 | new Web ... e.org') | flowSteps | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | @@ -33,3 +24,12 @@ flowSteps remoteFlow | server.js:7:38:7:44 | message | | sockjs.js:9:31:9:37 | message | +serverReceive +| server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | +| sockjs.js:9:5:12:6 | conn.on ... \\n }) | +serverSend +| server.js:11:3:11:28 | ws.send ... rver!') | +| sockjs.js:11:9:11:51 | conn.wr ... test))) | +serverSocket +| server.js:6:43:6:44 | ws | +| sockjs.js:8:40:8:43 | conn | diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref b/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref new file mode 100644 index 000000000000..ab6773f15f90 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref @@ -0,0 +1,2 @@ +query: test.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql From c7fad0966478a9ed43591bbde553e6f79c2f177f Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:33:26 +0200 Subject: [PATCH 222/409] Added test cases with custom exports/imports. --- .../frameworks/WebSocket/browser-custom.js | 34 +++++++++++++++++++ .../frameworks/WebSocket/browser.js | 3 ++ .../frameworks/WebSocket/client-custom.js | 13 +++++++ .../frameworks/WebSocket/client.js | 2 ++ .../frameworks/WebSocket/server-custom.js | 13 +++++++ .../frameworks/WebSocket/server.js | 2 ++ .../frameworks/WebSocket/test.expected | 3 ++ 7 files changed, 70 insertions(+) create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js new file mode 100644 index 000000000000..f14f1d19fa6c --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -0,0 +1,34 @@ +import { MyWebSocket, MySockJS } from './browser.js'; + +(function () { + const socket = new MyWebSocket('ws://localhost:9080'); // $ MISSING: clientSocket + + socket.addEventListener('open', function (event) { + socket.send('Hi from browser!'); // $ MISSING: clientSend + }); + + socket.addEventListener('message', function (event) { + console.log('Message from server ', event.data); + }); // $ MISSING: clientReceive + + socket.onmessage = function (event) { + console.log("Message from server 2", event.data) + }; // $ MISSING: clientReceive +})(); + + +(function () { + var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ MISSING: clientSocket + sock.onopen = function () { + sock.send('test'); // $ MISSING: clientSend + }; + + sock.onmessage = function (e) { + console.log('message', e.data); + sock.close(); + }; // $ MISSING: clientReceive + + sock.addEventListener('message', function (event) { + console.log('Using addEventListener ', event.data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index 7e15bb532c50..2540abaf3e7b 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -30,3 +30,6 @@ console.log('Using addEventListener ', event.data); }); // $clientReceive })(); + +export const MyWebSocket = WebSocket; +export const MySockJS = SockJS; diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js new file mode 100644 index 000000000000..92db7ac339cf --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -0,0 +1,13 @@ +const { MyWebSocketWS } = require('./client.js'); + +(function () { + const ws = new MyWebSocketWS('ws://example.org'); // $ MISSING: clientSocket + + ws.on('open', function open() { + ws.send('Hi from client!'); // $ MISSING: clientSend + }); + + ws.on('message', function incoming(data) { + console.log(data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index c49df5afc3c2..710bf0aa7da6 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -11,3 +11,5 @@ console.log(data); }); // $clientReceive })(); + +module.exports.MyWebSocketWS = require('ws'); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js new file mode 100644 index 000000000000..e01bd38d57b3 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -0,0 +1,13 @@ +const { MyWebSocketServer } = require('./client.js'); + +(function () { + const wss = new MyWebSocketServer({ port: 8080 }); + + wss.on('connection', function connection(ws) { // $ MISSING: serverSocket + ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + console.log('received: %s', message); + }); // $ MISSING: serverReceive + + ws.send('Hi from server!'); // $ MISSING: serverSend + }); +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index 2f9173ecfc9d..3e1a408a4a40 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -11,3 +11,5 @@ ws.send('Hi from server!'); // $serverSend }); })(); + +module.exports.MyWebSocketServer = require('ws').Server; diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 0ea8e8b690be..93068e683b48 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -13,9 +13,12 @@ clientSocket | browser.js:19:13:19:50 | new Soc ... /echo') | | client.js:4:13:4:45 | new Web ... e.org') | flowSteps +| browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | +| browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | From e16a20e69f4d9c59955de194da5cdeb925b5b860 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:41:47 +0200 Subject: [PATCH 223/409] Updated `SocketClass` to use API Graphs. --- .../javascript/frameworks/WebSocket.qll | 24 +++++++++++++++---- javascript/ql/src/Security/trest/test.ql | 10 ++++++++ .../frameworks/WebSocket/browser-custom.js | 16 ++++++------- .../frameworks/WebSocket/client-custom.js | 6 ++--- .../frameworks/WebSocket/server-custom.js | 2 +- .../frameworks/WebSocket/test.expected | 19 +++++++++++++++ 6 files changed, 60 insertions(+), 17 deletions(-) create mode 100644 javascript/ql/src/Security/trest/test.ql diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index d2fc69751d6c..7437e68bda8e 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -47,6 +47,20 @@ private predicate areLibrariesCompatible( (client = LibraryNames::ws() or client = LibraryNames::websocket()) } +/** Treats `WebSocket` as an entry point for API graphs. */ +private class WebSocketEntryPoint extends API::EntryPoint { + WebSocketEntryPoint() { this = "global.WebSocket" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("WebSocket") } +} + +/** Treats `SockJS` as an entry point for API graphs. */ +private class SockJSEntryPoint extends API::EntryPoint { + SockJSEntryPoint() { this = "global.SockJS" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("SockJS") } +} + /** * Provides classes that model WebSockets clients. */ @@ -56,19 +70,19 @@ module ClientWebSocket { /** * A class that can be used to instantiate a WebSocket instance. */ - class SocketClass extends DataFlow::SourceNode { + class SocketClass extends API::Node { LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. SocketClass() { - this = DataFlow::globalVarRef("WebSocket") and library = websocket() + this = any(WebSocketEntryPoint e).getANode() and library = websocket() or - this = DataFlow::moduleImport("ws") and library = ws() + this = API::moduleImport("ws") and library = ws() or // the sockjs-client library:https://www.npmjs.com/package/sockjs-client library = sockjs() and ( - this = DataFlow::moduleImport("sockjs-client") or - this = DataFlow::globalVarRef("SockJS") + this = API::moduleImport("sockjs-client") or + this = any(SockJSEntryPoint e).getANode() ) } diff --git a/javascript/ql/src/Security/trest/test.ql b/javascript/ql/src/Security/trest/test.ql new file mode 100644 index 000000000000..076271d9fb6a --- /dev/null +++ b/javascript/ql/src/Security/trest/test.ql @@ -0,0 +1,10 @@ +import javascript + +API::NewNode getAWebSocketInstance() { result instanceof ClientWebSocket::ClientSocket } + +from DataFlow::Node handler +where + handler = getAWebSocketInstance().getReturn().getMember("onmessage").asSource() + or + handler = getAWebSocketInstance().getAPropertyWrite("onmessage").getRhs() +select handler, "This is a WebSocket onmessage handler." diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index f14f1d19fa6c..d3a739697d14 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -1,34 +1,34 @@ import { MyWebSocket, MySockJS } from './browser.js'; (function () { - const socket = new MyWebSocket('ws://localhost:9080'); // $ MISSING: clientSocket + const socket = new MyWebSocket('ws://localhost:9080'); // $ clientSocket socket.addEventListener('open', function (event) { - socket.send('Hi from browser!'); // $ MISSING: clientSend + socket.send('Hi from browser!'); // $ clientSend }); socket.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive socket.onmessage = function (event) { console.log("Message from server 2", event.data) - }; // $ MISSING: clientReceive + }; // $ clientReceive })(); (function () { - var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ MISSING: clientSocket + var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ clientSocket sock.onopen = function () { - sock.send('test'); // $ MISSING: clientSend + sock.send('test'); // $ clientSend }; sock.onmessage = function (e) { console.log('message', e.data); sock.close(); - }; // $ MISSING: clientReceive + }; // $ clientReceive sock.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 92db7ac339cf..6aefeb3a07f5 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -1,13 +1,13 @@ const { MyWebSocketWS } = require('./client.js'); (function () { - const ws = new MyWebSocketWS('ws://example.org'); // $ MISSING: clientSocket + const ws = new MyWebSocketWS('ws://example.org'); // $ clientSocket ws.on('open', function open() { - ws.send('Hi from client!'); // $ MISSING: clientSend + ws.send('Hi from client!'); // $ clientSend }); ws.on('message', function incoming(data) { console.log(data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index e01bd38d57b3..6911d8f8523b 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketServer } = require('./client.js'); +const { MyWebSocketServer } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 93068e683b48..fb5fe14793cd 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,27 +1,46 @@ clientReceive +| browser-custom.js:10:37:12:2 | functio ... ta);\\n\\t} | +| browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | +| browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | +| browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | +| client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | clientSend +| browser-custom.js:7:3:7:33 | socket. ... wser!') | +| browser-custom.js:23:3:23:19 | sock.send('test') | | browser.js:5:3:5:33 | socket. ... wser!') | | browser.js:21:3:21:19 | sock.send('test') | +| client-custom.js:7:3:7:28 | ws.send ... ient!') | | client.js:7:3:7:28 | ws.send ... ient!') | clientSocket +| browser-custom.js:4:17:4:54 | new MyW ... :9080') | +| browser-custom.js:21:13:21:52 | new MyS ... /echo') | | browser.js:2:17:2:52 | new Web ... :8080') | | browser.js:19:13:19:50 | new Soc ... /echo') | +| client-custom.js:4:13:4:49 | new MyW ... e.org') | | client.js:4:13:4:45 | new Web ... e.org') | flowSteps | browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | +| browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow From 455ce595835c963165d090956574322f5bf6d88b Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:59:19 +0200 Subject: [PATCH 224/409] Added test cases with export of an instance. --- .../frameworks/WebSocket/browser-custom.js | 33 ++++++++++++++++++- .../frameworks/WebSocket/browser.js | 2 ++ .../frameworks/WebSocket/client-custom.js | 12 ++++++- .../frameworks/WebSocket/client.js | 5 +-- .../frameworks/WebSocket/server-custom.js | 12 ++++++- .../frameworks/WebSocket/server.js | 5 +-- .../frameworks/WebSocket/test.expected | 8 +++++ 7 files changed, 70 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index d3a739697d14..c411a90f35a5 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -1,4 +1,4 @@ -import { MyWebSocket, MySockJS } from './browser.js'; +import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './browser.js'; (function () { const socket = new MyWebSocket('ws://localhost:9080'); // $ clientSocket @@ -32,3 +32,34 @@ import { MyWebSocket, MySockJS } from './browser.js'; console.log('Using addEventListener ', event.data); }); // $ clientReceive })(); + + +(function () { + myWebSocketInstance.addEventListener('open', function (event) { + myWebSocketInstance.send('Hi from browser!'); // $ MISSING: clientSend + }); + + myWebSocketInstance.addEventListener('message', function (event) { + console.log('Message from server ', event.data); + }); // $ MISSING: clientReceive + + myWebSocketInstance.onmessage = function (event) { + console.log("Message from server 2", event.data) + }; // $ MISSING: clientReceive +})(); + + +(function () { + mySockJSInstance.onopen = function () { + mySockJSInstance.send('test'); // $ MISSING: clientSend + }; + + mySockJSInstance.onmessage = function (e) { + console.log('message', e.data); + mySockJSInstance.close(); + }; // $ MISSING: clientReceive + + mySockJSInstance.addEventListener('message', function (event) { + console.log('Using addEventListener ', event.data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index 2540abaf3e7b..f966879f9f25 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -33,3 +33,5 @@ export const MyWebSocket = WebSocket; export const MySockJS = SockJS; +export const myWebSocketInstance = new WebSocket('ws://localhost:8080'); // $ clientSocket +export const mySockJSInstance = new SockJS('http://0.0.0.0:9999/echo'); // $ clientSocket diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 6aefeb3a07f5..9718bd6185cf 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketWS } = require('./client.js'); +const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); (function () { const ws = new MyWebSocketWS('ws://example.org'); // $ clientSocket @@ -11,3 +11,13 @@ const { MyWebSocketWS } = require('./client.js'); console.log(data); }); // $ clientReceive })(); + +(function () { + myWebSocketWSInstance.on('open', function open() { + myWebSocketWSInstance.send('Hi from client!'); // $ MISSING: clientSend + }); + + myWebSocketWSInstance.on('message', function incoming(data) { + console.log(data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index 710bf0aa7da6..54a200f33793 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -1,6 +1,6 @@ -(function () { - const WebSocket = require('ws'); +const WebSocket = require('ws'); +(function () { const ws = new WebSocket('ws://example.org'); // $clientSocket ws.on('open', function open() { @@ -13,3 +13,4 @@ })(); module.exports.MyWebSocketWS = require('ws'); +module.exports.myWebSocketWSInstance = new WebSocket('ws://example.org'); // $ clientSocket diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index 6911d8f8523b..63893ba2f5ca 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketServer } = require('./server.js'); +const { MyWebSocketServer, myWebSocketServerInstance } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); @@ -11,3 +11,13 @@ const { MyWebSocketServer } = require('./server.js'); ws.send('Hi from server!'); // $ MISSING: serverSend }); })(); + +(function () { + myWebSocketServerInstance.on('connection', function connection(ws) { // $ MISSING: serverSocket + ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + console.log('received: %s', message); + }); // $ MISSING: serverReceive + + ws.send('Hi from server!'); // $ MISSING: serverSend + }); +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index 3e1a408a4a40..a1fd536501ea 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -1,6 +1,6 @@ -(function () { - const WebSocket = require('ws'); +const WebSocket = require('ws'); +(function () { const wss = new WebSocket.Server({ port: 8080 }); wss.on('connection', function connection(ws) { // $serverSocket @@ -13,3 +13,4 @@ })(); module.exports.MyWebSocketServer = require('ws').Server; +module.exports.myWebSocketServerInstance = new WebSocket.Server({ port: 8080 }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index fb5fe14793cd..21e9f1aae64c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -21,11 +21,16 @@ clientSocket | browser-custom.js:21:13:21:52 | new MyS ... /echo') | | browser.js:2:17:2:52 | new Web ... :8080') | | browser.js:19:13:19:50 | new Soc ... /echo') | +| browser.js:36:36:36:71 | new Web ... :8080') | +| browser.js:37:33:37:70 | new Soc ... /echo') | | client-custom.js:4:13:4:49 | new MyW ... e.org') | | client.js:4:13:4:45 | new Web ... e.org') | +| client.js:16:40:16:72 | new Web ... e.org') | flowSteps | browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | +| browser-custom.js:1:33:1:51 | myWebSocketInstance | browser-custom.js:1:33:1:51 | myWebSocketInstance | +| browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | @@ -33,12 +38,15 @@ flowSteps | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | +| client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| server.js:15:36:15:55 | require('ws').Server | server-custom.js:1:9:1:25 | MyWebSocketServer | +| server.js:16:44:16:79 | new Web ... 8080 }) | server-custom.js:1:28:1:52 | myWebSo ... nstance | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | From 0dbf9512911f4299050816a5894d25742bb7b48e Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:12:42 +0200 Subject: [PATCH 225/409] Updated `ClientSocket` and `SendNode` with API graphs. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 8 ++++---- .../library-tests/frameworks/WebSocket/browser-custom.js | 4 ++-- .../library-tests/frameworks/WebSocket/client-custom.js | 2 +- .../test/library-tests/frameworks/WebSocket/test.expected | 6 ++++++ 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 7437e68bda8e..09c9f98e3f02 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -95,10 +95,10 @@ module ClientWebSocket { /** * A client WebSocket instance. */ - class ClientSocket extends EventEmitter::Range, DataFlow::NewNode, ClientRequest::Range { + class ClientSocket extends EventEmitter::Range, API::NewNode, ClientRequest::Range { SocketClass socketClass; - ClientSocket() { this = socketClass.getAnInstantiation() } + ClientSocket() { this = socketClass.getAnInvocation() } /** * Gets the WebSocket library name. @@ -129,10 +129,10 @@ module ClientWebSocket { /** * A message sent from a WebSocket client. */ - class SendNode extends EventDispatch::Range, DataFlow::CallNode { + class SendNode extends EventDispatch::Range, API::CallNode { override ClientSocket emitter; - SendNode() { this = emitter.getAMemberCall("send") } + SendNode() { this = emitter.getReturn().getMember("send").getACall() } override string getChannel() { result = channelName() } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index c411a90f35a5..11765138f55c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -36,7 +36,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ (function () { myWebSocketInstance.addEventListener('open', function (event) { - myWebSocketInstance.send('Hi from browser!'); // $ MISSING: clientSend + myWebSocketInstance.send('Hi from browser!'); // $ clientSend }); myWebSocketInstance.addEventListener('message', function (event) { @@ -51,7 +51,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ (function () { mySockJSInstance.onopen = function () { - mySockJSInstance.send('test'); // $ MISSING: clientSend + mySockJSInstance.send('test'); // $ clientSend }; mySockJSInstance.onmessage = function (e) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 9718bd6185cf..5d7ac4b564d8 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -14,7 +14,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); (function () { myWebSocketWSInstance.on('open', function open() { - myWebSocketWSInstance.send('Hi from client!'); // $ MISSING: clientSend + myWebSocketWSInstance.send('Hi from client!'); // $ clientSend }); myWebSocketWSInstance.on('message', function incoming(data) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 21e9f1aae64c..4d7e33f54022 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -12,9 +12,12 @@ clientReceive clientSend | browser-custom.js:7:3:7:33 | socket. ... wser!') | | browser-custom.js:23:3:23:19 | sock.send('test') | +| browser-custom.js:39:9:39:52 | myWebSo ... wser!') | +| browser-custom.js:54:9:54:37 | mySockJ ... 'test') | | browser.js:5:3:5:33 | socket. ... wser!') | | browser.js:21:3:21:19 | sock.send('test') | | client-custom.js:7:3:7:28 | ws.send ... ient!') | +| client-custom.js:17:3:17:47 | myWebSo ... ient!') | | client.js:7:3:7:28 | ws.send ... ient!') | clientSocket | browser-custom.js:4:17:4:54 | new MyW ... :9080') | @@ -33,9 +36,12 @@ flowSteps | browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server.js:7:38:7:44 | message | +| browser-custom.js:54:31:54:36 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | From 15bfeab65267eb6637e7536880a4ef33d80dfd7b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 26 Mar 2025 09:36:15 +0100 Subject: [PATCH 226/409] Ruby: Make `getPreUpdateNode` Unique Again --- .../DataFlowConsistency.ql | 24 ++----- .../dataflow/internal/DataFlowPrivate.qll | 40 ++++++----- .../dataflow/global/Flow.expected | 66 ++++++++----------- .../dataflow/local/DataflowStep.expected | 2 + .../dataflow/local/TaintStep.expected | 2 + 5 files changed, 62 insertions(+), 72 deletions(-) diff --git a/ruby/ql/consistency-queries/DataFlowConsistency.ql b/ruby/ql/consistency-queries/DataFlowConsistency.ql index 86350eba192f..24766016cbb6 100644 --- a/ruby/ql/consistency-queries/DataFlowConsistency.ql +++ b/ruby/ql/consistency-queries/DataFlowConsistency.ql @@ -8,30 +8,18 @@ private import codeql.dataflow.internal.DataFlowImplConsistency private module Input implements InputSig { private import RubyDataFlow - predicate postWithInFlowExclude(Node n) { n instanceof FlowSummaryNode } + predicate postWithInFlowExclude(Node n) { + n instanceof FlowSummaryNode + or + n.(PostUpdateNode).getPreUpdateNode().asExpr() = getPostUpdateReverseStep(_) + } predicate argHasPostUpdateExclude(ArgumentNode n) { n instanceof FlowSummaryNode or n instanceof SynthHashSplatArgumentNode or - not isNonConstantExpr(getAPostUpdateNodeForArg(n.asExpr())) - } - - predicate postHasUniquePreExclude(PostUpdateNode n) { - exists(CfgNodes::ExprCfgNode e, CfgNodes::ExprCfgNode arg | - e = getAPostUpdateNodeForArg(arg) and - e != arg and - n = TExprPostUpdateNode(e) - ) - } - - predicate uniquePostUpdateExclude(Node n) { - exists(CfgNodes::ExprCfgNode e, CfgNodes::ExprCfgNode arg | - e = getAPostUpdateNodeForArg(arg) and - e != arg and - n.asExpr() = arg - ) + not isNonConstantExpr(n.asExpr()) } predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) { diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index da0c03797172..bd1b0c4b8c83 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -66,10 +66,22 @@ private CfgNodes::ExprCfgNode getALastEvalNode(CfgNodes::ExprCfgNode n) { ) } -/** Gets a node for which to construct a post-update node for argument `arg`. */ -CfgNodes::ExprCfgNode getAPostUpdateNodeForArg(Argument arg) { - result = getALastEvalNode*(arg) and - not exists(getALastEvalNode(result)) +/** + * Holds if a reverse local flow step should be added from the post-update node + * for `e` to the post-update node for the result. + * + * This is needed to allow for side-effects on compound expressions to propagate + * to sub components. For example, in + * + * ```ruby + * (foo1; foo2).set_field(taint) + * ``` + * + * we add a reverse flow step from `[post] (foo1; foo2)` to `[post] foo2`, + * in order for the side-effect of `set_field` to reach `foo2`. + */ +CfgNodes::ExprCfgNode getPostUpdateReverseStep(CfgNodes::ExprCfgNode e) { + result = getALastEvalNode(e) } /** Gets the SSA definition node corresponding to parameter `p`. */ @@ -170,6 +182,9 @@ module LocalFlow { ) or nodeTo.(ImplicitBlockArgumentNode).getParameterNode(true) = nodeFrom + or + nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() = + getPostUpdateReverseStep(nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr()) } predicate flowSummaryLocalStep( @@ -486,7 +501,9 @@ private module Cached { // filter out nodes that clearly don't need post-update nodes isNonConstantExpr(n) and ( - n = getAPostUpdateNodeForArg(_) + n instanceof Argument + or + n = getPostUpdateReverseStep(any(PostUpdateNode p).getPreUpdateNode().asExpr()) or n = any(CfgNodes::ExprNodes::InstanceVariableAccessCfgNode v).getReceiver() ) @@ -2018,18 +2035,7 @@ private module PostUpdateNodes { ExprPostUpdateNode() { this = TExprPostUpdateNode(e) } - override ExprNode getPreUpdateNode() { - // For compound arguments, such as `m(if b then x else y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, - // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, - // respectively. - // - // This ensures that we get flow out of the call into both leafs (1), while still - // maintaining the invariant that the underlying expression is a pre-update node (2). - e = getAPostUpdateNodeForArg(result.getExprNode()) - or - e = result.getExprNode() - } + override ExprNode getPreUpdateNode() { e = result.getExprNode() } override CfgScope getCfgScope() { result = e.getExpr().getCfgScope() } diff --git a/ruby/ql/test/library-tests/dataflow/global/Flow.expected b/ruby/ql/test/library-tests/dataflow/global/Flow.expected index 4ef28f2728a2..f320bf8f5e94 100644 --- a/ruby/ql/test/library-tests/dataflow/global/Flow.expected +++ b/ruby/ql/test/library-tests/dataflow/global/Flow.expected @@ -197,18 +197,18 @@ edges | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | provenance | | | instance_variables.rb:71:6:71:9 | foo3 : Foo [@field] | instance_variables.rb:71:6:71:15 | call to field | provenance | | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | provenance | | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | provenance | | | instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:79:6:79:19 | call to get_field | provenance | | -| instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | provenance | | +| instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | provenance | | | instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | provenance | | +| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:83:6:83:19 | call to get_field | provenance | | @@ -218,24 +218,22 @@ edges | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:85:6:85:19 | call to get_field | provenance | | -| instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | provenance | | -| instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | provenance | | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | provenance | | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | provenance | | | instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | provenance | | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | provenance | | +| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:90:6:90:19 | call to get_field | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:91:6:91:19 | call to get_field | provenance | | -| instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | provenance | | -| instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | provenance | | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | provenance | | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | provenance | | | instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | provenance | | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | provenance | | +| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:96:6:96:19 | call to get_field | provenance | | @@ -243,8 +241,8 @@ edges | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | instance_variables.rb:97:6:97:20 | call to get_field | provenance | | | instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:104:14:104:18 | [post] foo11 : Foo [@field] | provenance | | -| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | provenance | | -| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | provenance | | +| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | provenance | | +| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | provenance | | | instance_variables.rb:100:5:100:5 | [post] x : Foo [@field] | instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | provenance | | | instance_variables.rb:100:17:100:25 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:100:17:100:25 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | @@ -253,11 +251,11 @@ edges | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | instance_variables.rb:105:6:105:20 | call to get_field | provenance | | -| instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | provenance | | +| instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | instance_variables.rb:109:6:109:20 | call to get_field | provenance | | -| instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | provenance | | +| instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | instance_variables.rb:114:6:114:20 | call to get_field | provenance | | @@ -475,11 +473,11 @@ nodes | instance_variables.rb:70:16:70:24 | call to taint | semmle.label | call to taint | | instance_variables.rb:71:6:71:9 | foo3 : Foo [@field] | semmle.label | foo3 : Foo [@field] | | instance_variables.rb:71:6:71:15 | call to field | semmle.label | call to field | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | semmle.label | [post] foo5 : Foo [@field] | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:78:18:78:26 | call to taint | semmle.label | call to taint | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | semmle.label | foo5 : Foo [@field] | | instance_variables.rb:79:6:79:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | semmle.label | [post] foo6 : Foo [@field] | +| instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:82:32:82:40 | call to taint | semmle.label | call to taint | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | semmle.label | foo3 : Foo [@field] | | instance_variables.rb:83:6:83:19 | call to get_field | semmle.label | call to get_field | @@ -487,15 +485,13 @@ nodes | instance_variables.rb:84:6:84:19 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | semmle.label | foo6 : Foo [@field] | | instance_variables.rb:85:6:85:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | semmle.label | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | semmle.label | [post] foo8 : Foo [@field] | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:89:45:89:53 | call to taint | semmle.label | call to taint | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | semmle.label | foo7 : Foo [@field] | | instance_variables.rb:90:6:90:19 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | semmle.label | foo8 : Foo [@field] | | instance_variables.rb:91:6:91:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | semmle.label | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | semmle.label | [post] foo10 : Foo [@field] | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:95:53:95:61 | call to taint | semmle.label | call to taint | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | semmle.label | foo9 : Foo [@field] | | instance_variables.rb:96:6:96:19 | call to get_field | semmle.label | call to get_field | @@ -507,10 +503,10 @@ nodes | instance_variables.rb:104:14:104:18 | [post] foo11 : Foo [@field] | semmle.label | [post] foo11 : Foo [@field] | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | semmle.label | foo11 : Foo [@field] | | instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | semmle.label | [post] foo12 : Foo [@field] | +| instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | semmle.label | foo12 : Foo [@field] | | instance_variables.rb:109:6:109:20 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | semmle.label | [post] foo13 : Foo [@field] | +| instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | semmle.label | [post] ... = ... : Foo [@field] | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | semmle.label | foo13 : Foo [@field] | | instance_variables.rb:114:6:114:20 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:116:1:116:5 | foo15 : Foo [@field] | semmle.label | foo15 : Foo [@field] | @@ -565,30 +561,26 @@ subpaths | instance_variables.rb:67:6:67:9 | foo2 [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:67:6:67:19 | call to get_field | | instance_variables.rb:70:16:70:24 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | -| instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | -| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | +| instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:79:6:79:19 | call to get_field | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:79:6:79:19 | call to get_field | -| instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | -| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | +| instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:83:6:83:19 | call to get_field | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:83:6:83:19 | call to get_field | | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:84:6:84:19 | call to get_field | | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:84:6:84:19 | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:85:6:85:19 | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:85:6:85:19 | call to get_field | -| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | +| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:90:6:90:19 | call to get_field | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:90:6:90:19 | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:91:6:91:19 | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:91:6:91:19 | call to get_field | -| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | +| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:96:6:96:19 | call to get_field | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:96:6:96:19 | call to get_field | | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:97:6:97:20 | call to get_field | diff --git a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected index 488f51a3d51c..7122b4c0ae2f 100644 --- a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected @@ -2910,6 +2910,8 @@ | local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(self) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(self) | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(x) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(x) | +| local_dataflow.rb:141:19:141:37 | [post] [false] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [false] ... && ... | +| local_dataflow.rb:141:19:141:37 | [post] [true] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [true] ... && ... | | local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x | diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 208a012ff65b..4fa46d163b4c 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -3405,6 +3405,8 @@ | local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(self) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(self) | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(x) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(x) | +| local_dataflow.rb:141:19:141:37 | [post] [false] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [false] ... && ... | +| local_dataflow.rb:141:19:141:37 | [post] [true] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [true] ... && ... | | local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x | From 49ecff3292c9cad2ffc6101f721942d8907cc2be Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 13 Mar 2025 16:32:37 +0100 Subject: [PATCH 227/409] C#: Add cs/useless-assignment-to-local to the CCR suite. --- csharp/ql/src/codeql-suites/csharp-code-quality.qls | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/src/codeql-suites/csharp-code-quality.qls b/csharp/ql/src/codeql-suites/csharp-code-quality.qls index b7b533773810..a7cfd44d7348 100644 --- a/csharp/ql/src/codeql-suites/csharp-code-quality.qls +++ b/csharp/ql/src/codeql-suites/csharp-code-quality.qls @@ -12,3 +12,4 @@ - cs/constant-condition - cs/useless-gethashcode-call - cs/non-short-circuit + - cs/useless-assignment-to-local From 2b88600f0fb6680d7f8e3f0d82c825753f49d0fa Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 14 Mar 2025 15:19:09 +0100 Subject: [PATCH 228/409] C#: Re-factor cs/useless-assignment-to-local tests to use inline test framework. --- .../DeadStoreOfLocal/DeadStoreOfLocal.cs | 50 +++++++++---------- .../DeadStoreOfLocal/DeadStoreOfLocal.qlref | 3 +- .../DeadStoreOfLocal/DeadStoreOfLocalBad.cs | 10 ++-- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 941981f6d6c2..1b40bf9c3d77 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -9,14 +9,14 @@ public class DeadStoreOfLocal public int M1() { - int x = M2(); // BAD + int x = M2(); // $ Alert return (x = 1) + x; // GOOD } public int M2() { int x = 1; // GOOD - return x + (x = 1); // BAD + return x + (x = 1); // $ Alert } public int M3() @@ -41,19 +41,19 @@ public int M4() public void M5() { - int x = M3(); // BAD + int x = M3(); // $ Alert } public void M6() { int x = 42; - x += 1; // BAD + x += 1; // $ Alert } public void M7() { int x = 42; - x++; // BAD + x++; // $ Alert } public IEnumerable M8(IEnumerable source) @@ -79,8 +79,8 @@ public IEnumerable M9(IEnumerable source) public void M10(IEnumerable source) { - foreach (var val in source) - { // BAD + foreach (var val in source) // $ Alert + { } } } @@ -98,10 +98,10 @@ public void F() message = "Unsuccessful completion"; // GOOD: Used in finally Process(); info2 = "Finishing"; // GOOD: Used in exception handler - extra = "Dead store here"; // BAD: Dead store + extra = "Dead store here"; // $ Alert Dead store Process(); message = "Successful completion"; // GOOD: Used in finally - info1 = "Used in handler"; // BAD: Used in handler, but not a reachable handler + info1 = "Used in handler"; // $ Alert Used in handler, but not a reachable handler } catch (SystemException ex) { @@ -139,7 +139,7 @@ public void FinallyFlow2() { Process(); } - catch (Exception ex) // BAD + catch (Exception ex) // $ Alert { Console.WriteLine("Stage " + stage); stage = 3; // GOOD: Used in finally @@ -157,7 +157,7 @@ public class OutParam public void Test() { int x; - Fn(out x); // BAD + Fn(out x); // Missing Alert Fn(out _); // GOOD } @@ -194,7 +194,7 @@ void M1() void M2() { - var x = M6(); // BAD [FALSE NEGATIVE] + var x = M6(); // Missing Alert Action a = () => { x = 1; // GOOD @@ -208,7 +208,7 @@ void M3() int x; Action a = () => { - x = 1; // BAD [FALSE NEGATIVE] + x = 1; // Missing Alert }; a(); } @@ -230,7 +230,7 @@ void M4() void M5() { - int x = 0; // BAD: NOT DETECTED + int x = 0; // Missing Alert. Action a = () => { x = 1; // GOOD @@ -243,14 +243,14 @@ int M6() { fn(() => { - int y = M6(); // BAD + int y = M6(); // $ Alert return (y = 1) + y; // GOOD }); int captured = 0; // GOOD: Variable captured variable fn(() => { return captured; }); - return captured = 1; // BAD: NOT DETECTED + return captured = 1; // Missing Alert. } void M7() @@ -258,7 +258,7 @@ void M7() var y = 12; // GOOD: Not a dead store (used in delegate) fn(() => { - var x = y; // BAD: Dead store in lambda + var x = y; // $ Alert Dead store in lambda return 0; }); } @@ -297,8 +297,8 @@ void Test() { // GOOD Console.WriteLine($"int {i1}"); } - else if (o is var v1) - { // BAD + else if (o is var v1) // $ Alert + { } switch (o) @@ -311,7 +311,7 @@ void Test() case int i3: // GOOD Console.WriteLine($"int {i3}"); break; - case var v2: // BAD + case var v2: // $ Alert break; default: Console.WriteLine("Something else"); @@ -328,7 +328,7 @@ void M() Use(x); Use(b); Use(s); - (x, (b, s)) = GetTuple(); // BAD: `b` + (x, (b, s)) = GetTuple(); // $ Alert on `b` Use(x); Use(s); (x, (_, s)) = GetTuple(); // GOOD @@ -369,7 +369,7 @@ string M3() string M4() { - var s = M3(); // BAD + var s = M3(); // $ Alert s = ""; return s; } @@ -395,7 +395,7 @@ string M7(bool b) { var s = ""; if (b) - s = "abc"; // BAD + s = "abc"; // $ Alert if (!b) return s; return null; @@ -469,8 +469,8 @@ public static void M() using var x = new System.IO.FileStream("", System.IO.FileMode.Open); // GOOD using var _ = new System.IO.FileStream("", System.IO.FileMode.Open); // GOOD - using (var y = new System.IO.FileStream("", System.IO.FileMode.Open)) // BAD + using (var y = new System.IO.FileStream("", System.IO.FileMode.Open)) // $ Alert { } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref index 51cf4454da28..cfc0aaa4eef7 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref @@ -1 +1,2 @@ -Dead Code/DeadStoreOfLocal.ql +query: Dead Code/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs index c1b7918e62bd..059fe30b7725 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs @@ -4,7 +4,7 @@ class Bad { double ParseInt(string s) { - var success = int.TryParse(s, out int i); + var success = int.TryParse(s, out int i); // $ Alert return i; } @@ -20,7 +20,7 @@ double ParseDouble(string s) { return double.Parse(s); } - catch (FormatException e) + catch (FormatException e) // $ Alert { return double.NaN; } @@ -29,14 +29,14 @@ double ParseDouble(string s) int Count(string[] ss) { int count = 0; - foreach (var s in ss) + foreach (var s in ss) // $ Alert count++; return count; } string IsInt(object o) { - if (o is int i) + if (o is int i) // $ Alert return "yes"; else return "no"; @@ -46,7 +46,7 @@ string IsString(object o) { switch (o) { - case string s: + case string s: // $ Alert return "yes"; default: return "no"; From dd1fbd28beab41658693c6356181a975c7c890e2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 11:42:11 +0100 Subject: [PATCH 229/409] C#: Add string interpolation examples to cs/useless-assignment-to-local. --- .../Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 1b40bf9c3d77..3e4e5fbeeb2e 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -474,3 +474,13 @@ public static void M() } } } + +class StringInterpolation +{ + void Pi() + { + float pi = 3.14159f; // GOOD + const int align = 6; // GOOD + Console.WriteLine($"Pi, {pi,align:F3}"); + } +} From f9ff92a705307e9b4ed76bb0ac774b9ab117c496 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 4 Apr 2025 10:13:10 +0200 Subject: [PATCH 230/409] Rust: Expand on type inference tests for associated types --- .../test/library-tests/type-inference/main.rs | 92 +- .../type-inference/type-inference.expected | 1128 +++++++++-------- 2 files changed, 677 insertions(+), 543 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2a432d50b8d9..1a4462d54c4f 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -329,9 +329,21 @@ mod function_trait_bounds { } mod trait_associated_type { + #[derive(Debug)] + struct Wrapper { + field: A, + } + + impl Wrapper { + fn unwrap(self) -> A { + self.field // $ fieldof=Wrapper + } + } + trait MyTrait { type AssociatedType; + // MyTrait::m1 fn m1(self) -> Self::AssociatedType; fn m2(self) -> Self::AssociatedType @@ -339,28 +351,96 @@ mod trait_associated_type { Self::AssociatedType: Default, Self: Sized, { + self.m1(); // $ method=MyTrait::m1 Self::AssociatedType::default() } } + trait MyTraitAssoc2 { + type GenericAssociatedType; + + // MyTrait::put + fn put(&self, a: A) -> Self::GenericAssociatedType; + + fn putTwo(&self, a: A, b: A) -> Self::GenericAssociatedType { + self.put(a); // $ method=MyTrait::put + self.put(b) // $ method=MyTrait::put + } + } + #[derive(Debug, Default)] struct S; + #[derive(Debug, Default)] + struct S2; + + #[derive(Debug, Default)] + struct AT; + impl MyTrait for S { - type AssociatedType = S; + type AssociatedType = AT; // S::m1 fn m1(self) -> Self::AssociatedType { - S + AT + } + } + + impl MyTraitAssoc2 for S { + // Associated type with a type parameter + type GenericAssociatedType = Wrapper; + + // S::put + fn put(&self, a: A) -> Wrapper { + Wrapper { field: a } + } + } + + impl MyTrait for S2 { + // Associated type definition with a type argument + type AssociatedType = Wrapper; + + fn m1(self) -> Self::AssociatedType { + Wrapper { field: self } + } + } + + // NOTE: This implementation is just to make it possible to call `m2` on `S2.` + impl Default for Wrapper { + fn default() -> Self { + Wrapper { field: S2 } } } + // Function that returns an associated type from a trait bound + fn g(thing: T) -> ::AssociatedType { + thing.m1() // $ method=MyTrait::m1 + } + pub fn f() { - let x = S; - println!("{:?}", x.m1()); // $ method=S::m1 + let x1 = S; + // Call to method in `impl` block + println!("{:?}", x1.m1()); // $ method=S::m1 type=x1.m1():AT - let x = S; - println!("{:?}", x.m2()); // $ method=m2 + let x2 = S; + // Call to default method in `trait` block + let y = x2.m2(); // $ method=m2 MISSING: type=y:AT + println!("{:?}", y); + + let x3 = S; + // Call to the method in `impl` block + println!("{:?}", x3.put(1).unwrap()); // $ method=S::put method=unwrap + + // Call to default implementation in `trait` block + println!("{:?}", x3.putTwo(2, 3).unwrap()); // $ method=putTwo MISSING: method=unwrap + + let x4 = g(S); // $ MISSING: type=x4:AT + println!("{:?}", x4); + + let x5 = S2; + println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 + let x6 = S2; + println!("{:?}", x6.m2()); // $ method=m2 MISSING: type=x6.m2():A.S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index d8164f4be81b..94cc8c42a0b4 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -328,540 +328,594 @@ inferType | main.rs:327:46:327:47 | y3 | | main.rs:263:5:266:5 | MyThing | | main.rs:327:46:327:47 | y3 | T | main.rs:263:5:266:5 | MyThing | | main.rs:327:46:327:47 | y3 | T.T | main.rs:270:5:271:14 | S2 | -| main.rs:335:15:335:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | -| main.rs:337:15:337:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | -| main.rs:353:15:353:18 | SelfParam | | main.rs:346:5:347:13 | S | -| main.rs:353:45:355:9 | { ... } | | main.rs:346:5:347:13 | S | -| main.rs:354:13:354:13 | S | | main.rs:346:5:347:13 | S | -| main.rs:359:13:359:13 | x | | main.rs:346:5:347:13 | S | -| main.rs:359:17:359:17 | S | | main.rs:346:5:347:13 | S | -| main.rs:360:26:360:26 | x | | main.rs:346:5:347:13 | S | -| main.rs:360:26:360:31 | x.m1() | | main.rs:346:5:347:13 | S | -| main.rs:362:13:362:13 | x | | main.rs:346:5:347:13 | S | -| main.rs:362:17:362:17 | S | | main.rs:346:5:347:13 | S | -| main.rs:363:26:363:26 | x | | main.rs:346:5:347:13 | S | -| main.rs:380:15:380:18 | SelfParam | | main.rs:368:5:372:5 | MyEnum | -| main.rs:380:15:380:18 | SelfParam | A | main.rs:379:10:379:10 | T | -| main.rs:380:26:385:9 | { ... } | | main.rs:379:10:379:10 | T | -| main.rs:381:13:384:13 | match self { ... } | | main.rs:379:10:379:10 | T | -| main.rs:381:19:381:22 | self | | main.rs:368:5:372:5 | MyEnum | -| main.rs:381:19:381:22 | self | A | main.rs:379:10:379:10 | T | -| main.rs:382:28:382:28 | a | | main.rs:379:10:379:10 | T | -| main.rs:382:34:382:34 | a | | main.rs:379:10:379:10 | T | -| main.rs:383:30:383:30 | a | | main.rs:379:10:379:10 | T | -| main.rs:383:37:383:37 | a | | main.rs:379:10:379:10 | T | -| main.rs:389:13:389:13 | x | | main.rs:368:5:372:5 | MyEnum | -| main.rs:389:13:389:13 | x | A | main.rs:374:5:375:14 | S1 | -| main.rs:389:17:389:30 | ...::C1(...) | | main.rs:368:5:372:5 | MyEnum | -| main.rs:389:17:389:30 | ...::C1(...) | A | main.rs:374:5:375:14 | S1 | -| main.rs:389:28:389:29 | S1 | | main.rs:374:5:375:14 | S1 | -| main.rs:390:13:390:13 | y | | main.rs:368:5:372:5 | MyEnum | -| main.rs:390:13:390:13 | y | A | main.rs:376:5:377:14 | S2 | -| main.rs:390:17:390:36 | ...::C2 {...} | | main.rs:368:5:372:5 | MyEnum | -| main.rs:390:17:390:36 | ...::C2 {...} | A | main.rs:376:5:377:14 | S2 | -| main.rs:390:33:390:34 | S2 | | main.rs:376:5:377:14 | S2 | -| main.rs:392:26:392:26 | x | | main.rs:368:5:372:5 | MyEnum | -| main.rs:392:26:392:26 | x | A | main.rs:374:5:375:14 | S1 | -| main.rs:392:26:392:31 | x.m1() | | main.rs:374:5:375:14 | S1 | -| main.rs:393:26:393:26 | y | | main.rs:368:5:372:5 | MyEnum | -| main.rs:393:26:393:26 | y | A | main.rs:376:5:377:14 | S2 | -| main.rs:393:26:393:31 | y.m1() | | main.rs:376:5:377:14 | S2 | -| main.rs:415:15:415:18 | SelfParam | | main.rs:413:5:416:5 | Self [trait MyTrait1] | -| main.rs:419:15:419:18 | SelfParam | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:422:9:428:9 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:423:13:427:13 | if ... {...} else {...} | | main.rs:418:20:418:22 | Tr2 | -| main.rs:423:26:425:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:424:17:424:20 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:424:17:424:25 | self.m1() | | main.rs:418:20:418:22 | Tr2 | -| main.rs:425:20:427:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:426:17:426:30 | ...::m1(...) | | main.rs:418:20:418:22 | Tr2 | -| main.rs:426:26:426:29 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:432:15:432:18 | SelfParam | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:435:9:441:9 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:436:13:440:13 | if ... {...} else {...} | | main.rs:431:20:431:22 | Tr3 | -| main.rs:436:26:438:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:437:17:437:20 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:437:17:437:25 | self.m2() | | main.rs:398:5:401:5 | MyThing | -| main.rs:437:17:437:25 | self.m2() | A | main.rs:431:20:431:22 | Tr3 | -| main.rs:437:17:437:27 | ... .a | | main.rs:431:20:431:22 | Tr3 | -| main.rs:438:20:440:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:17:439:30 | ...::m2(...) | | main.rs:398:5:401:5 | MyThing | -| main.rs:439:17:439:30 | ...::m2(...) | A | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:17:439:32 | ... .a | | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:26:439:29 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:446:15:446:18 | SelfParam | | main.rs:398:5:401:5 | MyThing | -| main.rs:446:15:446:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:448:9 | { ... } | | main.rs:444:10:444:10 | T | -| main.rs:447:13:447:16 | self | | main.rs:398:5:401:5 | MyThing | -| main.rs:447:13:447:16 | self | A | main.rs:444:10:444:10 | T | -| main.rs:447:13:447:18 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:15:455:18 | SelfParam | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:455:15:455:18 | SelfParam | A | main.rs:453:10:453:10 | T | -| main.rs:455:35:457:9 | { ... } | | main.rs:398:5:401:5 | MyThing | -| main.rs:455:35:457:9 | { ... } | A | main.rs:453:10:453:10 | T | -| main.rs:456:13:456:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:456:13:456:33 | MyThing {...} | A | main.rs:453:10:453:10 | T | -| main.rs:456:26:456:29 | self | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:456:26:456:29 | self | A | main.rs:453:10:453:10 | T | -| main.rs:456:26:456:31 | self.a | | main.rs:453:10:453:10 | T | -| main.rs:465:13:465:13 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:465:13:465:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:465:17:465:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:465:17:465:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:465:30:465:31 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:466:13:466:13 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:466:13:466:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:466:17:466:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:466:17:466:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:466:30:466:31 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:468:26:468:26 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:468:26:468:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:468:26:468:31 | x.m1() | | main.rs:408:5:409:14 | S1 | -| main.rs:469:26:469:26 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:469:26:469:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:469:26:469:31 | y.m1() | | main.rs:410:5:411:14 | S2 | -| main.rs:471:13:471:13 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:471:13:471:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:471:17:471:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:471:17:471:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:471:30:471:31 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:472:13:472:13 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:472:13:472:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:472:17:472:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:472:17:472:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:472:30:472:31 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:474:26:474:26 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:474:26:474:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:474:26:474:31 | x.m2() | | main.rs:408:5:409:14 | S1 | -| main.rs:475:26:475:26 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:475:26:475:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:475:26:475:31 | y.m2() | | main.rs:410:5:411:14 | S2 | -| main.rs:477:13:477:13 | x | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:477:13:477:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:477:17:477:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:477:17:477:34 | MyThing2 {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:477:31:477:32 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:478:13:478:13 | y | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:478:13:478:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:478:17:478:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:478:17:478:34 | MyThing2 {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:478:31:478:32 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:480:26:480:26 | x | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:480:26:480:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:480:26:480:31 | x.m3() | | main.rs:408:5:409:14 | S1 | -| main.rs:481:26:481:26 | y | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:481:26:481:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:481:26:481:31 | y.m3() | | main.rs:410:5:411:14 | S2 | -| main.rs:499:22:499:22 | x | | file://:0:0:0:0 | & | -| main.rs:499:22:499:22 | x | &T | main.rs:499:11:499:19 | T | -| main.rs:499:35:501:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:499:35:501:5 | { ... } | &T | main.rs:499:11:499:19 | T | -| main.rs:500:9:500:9 | x | | file://:0:0:0:0 | & | -| main.rs:500:9:500:9 | x | &T | main.rs:499:11:499:19 | T | -| main.rs:504:17:504:20 | SelfParam | | main.rs:489:5:490:14 | S1 | -| main.rs:504:29:506:9 | { ... } | | main.rs:492:5:493:14 | S2 | -| main.rs:505:13:505:14 | S2 | | main.rs:492:5:493:14 | S2 | -| main.rs:509:21:509:21 | x | | main.rs:509:13:509:14 | T1 | -| main.rs:512:5:514:5 | { ... } | | main.rs:509:17:509:18 | T2 | -| main.rs:513:9:513:9 | x | | main.rs:509:13:509:14 | T1 | -| main.rs:513:9:513:16 | x.into() | | main.rs:509:17:509:18 | T2 | -| main.rs:517:13:517:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:517:17:517:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:518:26:518:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:518:26:518:31 | id(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:518:29:518:30 | &x | | file://:0:0:0:0 | & | -| main.rs:518:29:518:30 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:518:30:518:30 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:520:13:520:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:520:17:520:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:521:26:521:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:521:26:521:37 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:521:35:521:36 | &x | | file://:0:0:0:0 | & | -| main.rs:521:35:521:36 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:521:36:521:36 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:523:13:523:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:523:17:523:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:524:26:524:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:524:26:524:44 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:524:42:524:43 | &x | | file://:0:0:0:0 | & | -| main.rs:524:42:524:43 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:524:43:524:43 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:526:13:526:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:526:17:526:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:527:9:527:25 | into::<...>(...) | | main.rs:492:5:493:14 | S2 | -| main.rs:527:24:527:24 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:529:13:529:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:529:17:529:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | -| main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | -| main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | -| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | -| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | -| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | -| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | -| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | -| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | -| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | -| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | -| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | -| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | -| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | -| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | -| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | -| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | -| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | -| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | -| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | -| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | -| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | -| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | -| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | -| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | -| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | -| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | -| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | -| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | -| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | -| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | -| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | -| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | -| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | -| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | -| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | -| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | -| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | -| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | -| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | -| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | -| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | -| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | -| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | -| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | -| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | -| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | -| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | -| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | -| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | -| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | -| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | -| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | -| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | -| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | -| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | -| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | -| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | -| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | -| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | -| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | -| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | -| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | -| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | -| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:338:19:338:22 | SelfParam | | main.rs:332:5:335:5 | Wrapper | +| main.rs:338:19:338:22 | SelfParam | A | main.rs:337:10:337:10 | A | +| main.rs:338:30:340:9 | { ... } | | main.rs:337:10:337:10 | A | +| main.rs:339:13:339:16 | self | | main.rs:332:5:335:5 | Wrapper | +| main.rs:339:13:339:16 | self | A | main.rs:337:10:337:10 | A | +| main.rs:339:13:339:22 | self.field | | main.rs:337:10:337:10 | A | +| main.rs:347:15:347:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:349:15:349:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:354:13:354:16 | self | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:363:19:363:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:363:19:363:23 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:363:26:363:26 | a | | main.rs:363:16:363:16 | A | +| main.rs:365:22:365:26 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:365:22:365:26 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:365:29:365:29 | a | | main.rs:365:19:365:19 | A | +| main.rs:365:35:365:35 | b | | main.rs:365:19:365:19 | A | +| main.rs:366:13:366:16 | self | | file://:0:0:0:0 | & | +| main.rs:366:13:366:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:366:22:366:22 | a | | main.rs:365:19:365:19 | A | +| main.rs:367:13:367:16 | self | | file://:0:0:0:0 | & | +| main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | +| main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | +| main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | +| main.rs:385:13:385:14 | AT | | main.rs:377:5:378:14 | AT | +| main.rs:394:19:394:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:394:19:394:23 | SelfParam | &T | main.rs:371:5:372:13 | S | +| main.rs:394:26:394:26 | a | | main.rs:394:16:394:16 | A | +| main.rs:394:46:396:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:394:46:396:9 | { ... } | A | main.rs:394:16:394:16 | A | +| main.rs:395:13:395:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:395:13:395:32 | Wrapper {...} | A | main.rs:394:16:394:16 | A | +| main.rs:395:30:395:30 | a | | main.rs:394:16:394:16 | A | +| main.rs:403:15:403:18 | SelfParam | | main.rs:374:5:375:14 | S2 | +| main.rs:403:45:405:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:403:45:405:9 | { ... } | A | main.rs:374:5:375:14 | S2 | +| main.rs:404:13:404:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:404:13:404:35 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | +| main.rs:404:30:404:33 | self | | main.rs:374:5:375:14 | S2 | +| main.rs:410:30:412:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:410:30:412:9 | { ... } | A | main.rs:374:5:375:14 | S2 | +| main.rs:411:13:411:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:411:13:411:33 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | +| main.rs:411:30:411:31 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:416:22:416:26 | thing | | main.rs:416:10:416:19 | T | +| main.rs:417:9:417:13 | thing | | main.rs:416:10:416:19 | T | +| main.rs:421:13:421:14 | x1 | | main.rs:371:5:372:13 | S | +| main.rs:421:18:421:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:423:26:423:27 | x1 | | main.rs:371:5:372:13 | S | +| main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | +| main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:432:26:432:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | +| main.rs:435:26:435:27 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:437:20:437:20 | S | | main.rs:371:5:372:13 | S | +| main.rs:440:13:440:14 | x5 | | main.rs:374:5:375:14 | S2 | +| main.rs:440:18:440:19 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:441:26:441:27 | x5 | | main.rs:374:5:375:14 | S2 | +| main.rs:441:26:441:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | +| main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | +| main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | +| main.rs:461:13:464:13 | match self { ... } | | main.rs:459:10:459:10 | T | +| main.rs:461:19:461:22 | self | | main.rs:448:5:452:5 | MyEnum | +| main.rs:461:19:461:22 | self | A | main.rs:459:10:459:10 | T | +| main.rs:462:28:462:28 | a | | main.rs:459:10:459:10 | T | +| main.rs:462:34:462:34 | a | | main.rs:459:10:459:10 | T | +| main.rs:463:30:463:30 | a | | main.rs:459:10:459:10 | T | +| main.rs:463:37:463:37 | a | | main.rs:459:10:459:10 | T | +| main.rs:469:13:469:13 | x | | main.rs:448:5:452:5 | MyEnum | +| main.rs:469:13:469:13 | x | A | main.rs:454:5:455:14 | S1 | +| main.rs:469:17:469:30 | ...::C1(...) | | main.rs:448:5:452:5 | MyEnum | +| main.rs:469:17:469:30 | ...::C1(...) | A | main.rs:454:5:455:14 | S1 | +| main.rs:469:28:469:29 | S1 | | main.rs:454:5:455:14 | S1 | +| main.rs:470:13:470:13 | y | | main.rs:448:5:452:5 | MyEnum | +| main.rs:470:13:470:13 | y | A | main.rs:456:5:457:14 | S2 | +| main.rs:470:17:470:36 | ...::C2 {...} | | main.rs:448:5:452:5 | MyEnum | +| main.rs:470:17:470:36 | ...::C2 {...} | A | main.rs:456:5:457:14 | S2 | +| main.rs:470:33:470:34 | S2 | | main.rs:456:5:457:14 | S2 | +| main.rs:472:26:472:26 | x | | main.rs:448:5:452:5 | MyEnum | +| main.rs:472:26:472:26 | x | A | main.rs:454:5:455:14 | S1 | +| main.rs:472:26:472:31 | x.m1() | | main.rs:454:5:455:14 | S1 | +| main.rs:473:26:473:26 | y | | main.rs:448:5:452:5 | MyEnum | +| main.rs:473:26:473:26 | y | A | main.rs:456:5:457:14 | S2 | +| main.rs:473:26:473:31 | y.m1() | | main.rs:456:5:457:14 | S2 | +| main.rs:495:15:495:18 | SelfParam | | main.rs:493:5:496:5 | Self [trait MyTrait1] | +| main.rs:499:15:499:18 | SelfParam | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:502:9:508:9 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:503:13:507:13 | if ... {...} else {...} | | main.rs:498:20:498:22 | Tr2 | +| main.rs:503:26:505:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:504:17:504:20 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:504:17:504:25 | self.m1() | | main.rs:498:20:498:22 | Tr2 | +| main.rs:505:20:507:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:506:17:506:30 | ...::m1(...) | | main.rs:498:20:498:22 | Tr2 | +| main.rs:506:26:506:29 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:512:15:512:18 | SelfParam | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:515:9:521:9 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:516:13:520:13 | if ... {...} else {...} | | main.rs:511:20:511:22 | Tr3 | +| main.rs:516:26:518:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:517:17:517:20 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:517:17:517:25 | self.m2() | | main.rs:478:5:481:5 | MyThing | +| main.rs:517:17:517:25 | self.m2() | A | main.rs:511:20:511:22 | Tr3 | +| main.rs:517:17:517:27 | ... .a | | main.rs:511:20:511:22 | Tr3 | +| main.rs:518:20:520:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:17:519:30 | ...::m2(...) | | main.rs:478:5:481:5 | MyThing | +| main.rs:519:17:519:30 | ...::m2(...) | A | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:17:519:32 | ... .a | | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:26:519:29 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:526:15:526:18 | SelfParam | | main.rs:478:5:481:5 | MyThing | +| main.rs:526:15:526:18 | SelfParam | A | main.rs:524:10:524:10 | T | +| main.rs:526:26:528:9 | { ... } | | main.rs:524:10:524:10 | T | +| main.rs:527:13:527:16 | self | | main.rs:478:5:481:5 | MyThing | +| main.rs:527:13:527:16 | self | A | main.rs:524:10:524:10 | T | +| main.rs:527:13:527:18 | self.a | | main.rs:524:10:524:10 | T | +| main.rs:535:15:535:18 | SelfParam | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:535:15:535:18 | SelfParam | A | main.rs:533:10:533:10 | T | +| main.rs:535:35:537:9 | { ... } | | main.rs:478:5:481:5 | MyThing | +| main.rs:535:35:537:9 | { ... } | A | main.rs:533:10:533:10 | T | +| main.rs:536:13:536:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:536:13:536:33 | MyThing {...} | A | main.rs:533:10:533:10 | T | +| main.rs:536:26:536:29 | self | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:536:26:536:29 | self | A | main.rs:533:10:533:10 | T | +| main.rs:536:26:536:31 | self.a | | main.rs:533:10:533:10 | T | +| main.rs:545:13:545:13 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:545:13:545:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:545:17:545:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:545:17:545:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:545:30:545:31 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:546:13:546:13 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:546:13:546:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:546:17:546:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:546:17:546:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:546:30:546:31 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:548:26:548:26 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:548:26:548:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:548:26:548:31 | x.m1() | | main.rs:488:5:489:14 | S1 | +| main.rs:549:26:549:26 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:549:26:549:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:549:26:549:31 | y.m1() | | main.rs:490:5:491:14 | S2 | +| main.rs:551:13:551:13 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:551:13:551:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:551:17:551:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:551:17:551:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:551:30:551:31 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:552:13:552:13 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:552:13:552:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:552:17:552:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:552:17:552:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:552:30:552:31 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:554:26:554:26 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:554:26:554:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:554:26:554:31 | x.m2() | | main.rs:488:5:489:14 | S1 | +| main.rs:555:26:555:26 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:555:26:555:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:555:26:555:31 | y.m2() | | main.rs:490:5:491:14 | S2 | +| main.rs:557:13:557:13 | x | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:557:13:557:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:557:17:557:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:557:17:557:34 | MyThing2 {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:557:31:557:32 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:558:13:558:13 | y | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:558:13:558:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:558:17:558:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:558:17:558:34 | MyThing2 {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:558:31:558:32 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:560:26:560:26 | x | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:560:26:560:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:560:26:560:31 | x.m3() | | main.rs:488:5:489:14 | S1 | +| main.rs:561:26:561:26 | y | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:561:26:561:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:561:26:561:31 | y.m3() | | main.rs:490:5:491:14 | S2 | +| main.rs:579:22:579:22 | x | | file://:0:0:0:0 | & | +| main.rs:579:22:579:22 | x | &T | main.rs:579:11:579:19 | T | +| main.rs:579:35:581:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:579:35:581:5 | { ... } | &T | main.rs:579:11:579:19 | T | +| main.rs:580:9:580:9 | x | | file://:0:0:0:0 | & | +| main.rs:580:9:580:9 | x | &T | main.rs:579:11:579:19 | T | +| main.rs:584:17:584:20 | SelfParam | | main.rs:569:5:570:14 | S1 | +| main.rs:584:29:586:9 | { ... } | | main.rs:572:5:573:14 | S2 | +| main.rs:585:13:585:14 | S2 | | main.rs:572:5:573:14 | S2 | +| main.rs:589:21:589:21 | x | | main.rs:589:13:589:14 | T1 | +| main.rs:592:5:594:5 | { ... } | | main.rs:589:17:589:18 | T2 | +| main.rs:593:9:593:9 | x | | main.rs:589:13:589:14 | T1 | +| main.rs:593:9:593:16 | x.into() | | main.rs:589:17:589:18 | T2 | +| main.rs:597:13:597:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:597:17:597:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:598:26:598:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:598:26:598:31 | id(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:598:29:598:30 | &x | | file://:0:0:0:0 | & | +| main.rs:598:29:598:30 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:598:30:598:30 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:600:13:600:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:600:17:600:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:601:26:601:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:601:26:601:37 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:601:35:601:36 | &x | | file://:0:0:0:0 | & | +| main.rs:601:35:601:36 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:601:36:601:36 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:603:13:603:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:603:17:603:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:604:26:604:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:604:26:604:44 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:604:42:604:43 | &x | | file://:0:0:0:0 | & | +| main.rs:604:42:604:43 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:604:43:604:43 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:606:13:606:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:606:17:606:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:607:9:607:25 | into::<...>(...) | | main.rs:572:5:573:14 | S2 | +| main.rs:607:24:607:24 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:609:13:609:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:609:17:609:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:610:13:610:13 | y | | main.rs:572:5:573:14 | S2 | +| main.rs:610:21:610:27 | into(...) | | main.rs:572:5:573:14 | S2 | +| main.rs:610:26:610:26 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:640:13:640:14 | p1 | | main.rs:615:5:621:5 | PairOption | +| main.rs:640:13:640:14 | p1 | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:640:13:640:14 | p1 | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:640:26:640:53 | ...::PairBoth(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:640:26:640:53 | ...::PairBoth(...) | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:640:26:640:53 | ...::PairBoth(...) | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:640:47:640:48 | S1 | | main.rs:623:5:624:14 | S1 | +| main.rs:640:51:640:52 | S2 | | main.rs:626:5:627:14 | S2 | +| main.rs:641:26:641:27 | p1 | | main.rs:615:5:621:5 | PairOption | +| main.rs:641:26:641:27 | p1 | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:641:26:641:27 | p1 | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:644:13:644:14 | p2 | | main.rs:615:5:621:5 | PairOption | +| main.rs:644:26:644:47 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:645:26:645:27 | p2 | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:13:648:14 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:13:648:14 | p3 | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:648:34:648:56 | ...::PairSnd(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:34:648:56 | ...::PairSnd(...) | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:648:54:648:55 | S3 | | main.rs:629:5:630:14 | S3 | +| main.rs:649:26:649:27 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:649:26:649:27 | p3 | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:652:13:652:14 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:652:13:652:14 | p3 | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:652:35:652:56 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:652:35:652:56 | ...::PairNone(...) | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:653:26:653:27 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:653:26:653:27 | p3 | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:666:16:666:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:666:16:666:24 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:666:27:666:31 | value | | main.rs:664:19:664:19 | S | +| main.rs:668:21:668:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:668:21:668:29 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:668:32:668:36 | value | | main.rs:664:19:664:19 | S | +| main.rs:669:13:669:16 | self | | file://:0:0:0:0 | & | +| main.rs:669:13:669:16 | self | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:669:22:669:26 | value | | main.rs:664:19:664:19 | S | +| main.rs:675:16:675:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:675:16:675:24 | SelfParam | &T | main.rs:658:5:662:5 | MyOption | +| main.rs:675:16:675:24 | SelfParam | &T.T | main.rs:673:10:673:10 | T | +| main.rs:675:27:675:31 | value | | main.rs:673:10:673:10 | T | +| main.rs:679:26:681:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:679:26:681:9 | { ... } | T | main.rs:678:10:678:10 | T | +| main.rs:680:13:680:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:680:13:680:30 | ...::MyNone(...) | T | main.rs:678:10:678:10 | T | +| main.rs:685:20:685:23 | SelfParam | | main.rs:658:5:662:5 | MyOption | +| main.rs:685:20:685:23 | SelfParam | T | main.rs:658:5:662:5 | MyOption | +| main.rs:685:20:685:23 | SelfParam | T.T | main.rs:684:10:684:10 | T | +| main.rs:685:41:690:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:685:41:690:9 | { ... } | T | main.rs:684:10:684:10 | T | +| main.rs:686:13:689:13 | match self { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:686:13:689:13 | match self { ... } | T | main.rs:684:10:684:10 | T | +| main.rs:686:19:686:22 | self | | main.rs:658:5:662:5 | MyOption | +| main.rs:686:19:686:22 | self | T | main.rs:658:5:662:5 | MyOption | +| main.rs:686:19:686:22 | self | T.T | main.rs:684:10:684:10 | T | +| main.rs:687:39:687:56 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:687:39:687:56 | ...::MyNone(...) | T | main.rs:684:10:684:10 | T | +| main.rs:688:34:688:34 | x | | main.rs:658:5:662:5 | MyOption | +| main.rs:688:34:688:34 | x | T | main.rs:684:10:684:10 | T | +| main.rs:688:40:688:40 | x | | main.rs:658:5:662:5 | MyOption | +| main.rs:688:40:688:40 | x | T | main.rs:684:10:684:10 | T | +| main.rs:697:13:697:14 | x1 | | main.rs:658:5:662:5 | MyOption | +| main.rs:697:18:697:37 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:698:26:698:27 | x1 | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:13:700:18 | mut x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:13:700:18 | mut x2 | T | main.rs:693:5:694:13 | S | +| main.rs:700:22:700:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:22:700:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | +| main.rs:701:9:701:10 | x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:701:9:701:10 | x2 | T | main.rs:693:5:694:13 | S | +| main.rs:701:16:701:16 | S | | main.rs:693:5:694:13 | S | +| main.rs:702:26:702:27 | x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:702:26:702:27 | x2 | T | main.rs:693:5:694:13 | S | +| main.rs:704:13:704:18 | mut x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:704:22:704:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:705:9:705:10 | x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:705:21:705:21 | S | | main.rs:693:5:694:13 | S | +| main.rs:706:26:706:27 | x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:13:708:18 | mut x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:13:708:18 | mut x4 | T | main.rs:693:5:694:13 | S | +| main.rs:708:22:708:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:22:708:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | +| main.rs:709:23:709:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:709:23:709:29 | &mut x4 | &T | main.rs:658:5:662:5 | MyOption | +| main.rs:709:23:709:29 | &mut x4 | &T.T | main.rs:693:5:694:13 | S | +| main.rs:709:28:709:29 | x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:709:28:709:29 | x4 | T | main.rs:693:5:694:13 | S | +| main.rs:709:32:709:32 | S | | main.rs:693:5:694:13 | S | +| main.rs:710:26:710:27 | x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:710:26:710:27 | x4 | T | main.rs:693:5:694:13 | S | +| main.rs:712:13:712:14 | x5 | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:13:712:14 | x5 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:712:13:712:14 | x5 | T.T | main.rs:693:5:694:13 | S | +| main.rs:712:18:712:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:18:712:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | +| main.rs:712:18:712:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | +| main.rs:712:35:712:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:35:712:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:713:26:713:27 | x5 | | main.rs:658:5:662:5 | MyOption | +| main.rs:713:26:713:27 | x5 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:713:26:713:27 | x5 | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:13:715:14 | x6 | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:13:715:14 | x6 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:715:13:715:14 | x6 | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:18:715:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:18:715:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | +| main.rs:715:18:715:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:35:715:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:35:715:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:716:26:716:61 | ...::flatten(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:716:26:716:61 | ...::flatten(...) | T | main.rs:693:5:694:13 | S | +| main.rs:716:59:716:60 | x6 | | main.rs:658:5:662:5 | MyOption | +| main.rs:716:59:716:60 | x6 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:716:59:716:60 | x6 | T.T | main.rs:693:5:694:13 | S | +| main.rs:718:13:718:19 | from_if | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:13:718:19 | from_if | T | main.rs:693:5:694:13 | S | +| main.rs:718:23:722:9 | if ... {...} else {...} | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:23:722:9 | if ... {...} else {...} | T | main.rs:693:5:694:13 | S | +| main.rs:718:36:720:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:36:720:9 | { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:719:13:719:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:719:13:719:30 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:720:16:722:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:720:16:722:9 | { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:721:13:721:31 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:721:13:721:31 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:721:30:721:30 | S | | main.rs:693:5:694:13 | S | +| main.rs:723:26:723:32 | from_if | | main.rs:658:5:662:5 | MyOption | +| main.rs:723:26:723:32 | from_if | T | main.rs:693:5:694:13 | S | +| main.rs:725:13:725:22 | from_match | | main.rs:658:5:662:5 | MyOption | +| main.rs:725:13:725:22 | from_match | T | main.rs:693:5:694:13 | S | +| main.rs:725:26:728:9 | match ... { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:725:26:728:9 | match ... { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:726:21:726:38 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:726:21:726:38 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:727:22:727:40 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:727:22:727:40 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:727:39:727:39 | S | | main.rs:693:5:694:13 | S | +| main.rs:729:26:729:35 | from_match | | main.rs:658:5:662:5 | MyOption | +| main.rs:729:26:729:35 | from_match | T | main.rs:693:5:694:13 | S | +| main.rs:731:13:731:21 | from_loop | | main.rs:658:5:662:5 | MyOption | +| main.rs:731:13:731:21 | from_loop | T | main.rs:693:5:694:13 | S | +| main.rs:731:25:736:9 | loop { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:731:25:736:9 | loop { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:733:23:733:40 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:733:23:733:40 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:735:19:735:37 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:735:19:735:37 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:735:36:735:36 | S | | main.rs:693:5:694:13 | S | +| main.rs:737:26:737:34 | from_loop | | main.rs:658:5:662:5 | MyOption | +| main.rs:737:26:737:34 | from_loop | T | main.rs:693:5:694:13 | S | +| main.rs:750:15:750:18 | SelfParam | | main.rs:743:5:744:19 | S | +| main.rs:750:15:750:18 | SelfParam | T | main.rs:749:10:749:10 | T | +| main.rs:750:26:752:9 | { ... } | | main.rs:749:10:749:10 | T | +| main.rs:751:13:751:16 | self | | main.rs:743:5:744:19 | S | +| main.rs:751:13:751:16 | self | T | main.rs:749:10:749:10 | T | +| main.rs:751:13:751:18 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:754:15:754:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:754:15:754:19 | SelfParam | &T | main.rs:743:5:744:19 | S | +| main.rs:754:15:754:19 | SelfParam | &T.T | main.rs:749:10:749:10 | T | +| main.rs:754:28:756:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:754:28:756:9 | { ... } | &T | main.rs:749:10:749:10 | T | +| main.rs:755:13:755:19 | &... | | file://:0:0:0:0 | & | +| main.rs:755:13:755:19 | &... | &T | main.rs:749:10:749:10 | T | +| main.rs:755:14:755:17 | self | | file://:0:0:0:0 | & | +| main.rs:755:14:755:17 | self | &T | main.rs:743:5:744:19 | S | +| main.rs:755:14:755:17 | self | &T.T | main.rs:749:10:749:10 | T | +| main.rs:755:14:755:19 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:758:15:758:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:758:15:758:25 | SelfParam | &T | main.rs:743:5:744:19 | S | +| main.rs:758:15:758:25 | SelfParam | &T.T | main.rs:749:10:749:10 | T | +| main.rs:758:34:760:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:758:34:760:9 | { ... } | &T | main.rs:749:10:749:10 | T | +| main.rs:759:13:759:19 | &... | | file://:0:0:0:0 | & | +| main.rs:759:13:759:19 | &... | &T | main.rs:749:10:749:10 | T | +| main.rs:759:14:759:17 | self | | file://:0:0:0:0 | & | +| main.rs:759:14:759:17 | self | &T | main.rs:743:5:744:19 | S | +| main.rs:759:14:759:17 | self | &T.T | main.rs:749:10:749:10 | T | +| main.rs:759:14:759:19 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:764:13:764:14 | x1 | | main.rs:743:5:744:19 | S | +| main.rs:764:13:764:14 | x1 | T | main.rs:746:5:747:14 | S2 | +| main.rs:764:18:764:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:764:18:764:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:764:20:764:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:765:26:765:27 | x1 | | main.rs:743:5:744:19 | S | +| main.rs:765:26:765:27 | x1 | T | main.rs:746:5:747:14 | S2 | +| main.rs:765:26:765:32 | x1.m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:767:13:767:14 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:767:13:767:14 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:767:18:767:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:767:18:767:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:767:20:767:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:769:26:769:27 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:769:26:769:27 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:769:26:769:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:769:26:769:32 | x2.m2() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:770:26:770:27 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:770:26:770:27 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:770:26:770:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:770:26:770:32 | x2.m3() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:772:13:772:14 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:772:13:772:14 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:772:18:772:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:772:18:772:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:772:20:772:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:774:26:774:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:774:26:774:41 | ...::m2(...) | &T | main.rs:746:5:747:14 | S2 | +| main.rs:774:38:774:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:774:38:774:40 | &x3 | &T | main.rs:743:5:744:19 | S | +| main.rs:774:38:774:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:774:39:774:40 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:774:39:774:40 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:775:26:775:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:775:26:775:41 | ...::m3(...) | &T | main.rs:746:5:747:14 | S2 | +| main.rs:775:38:775:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:775:38:775:40 | &x3 | &T | main.rs:743:5:744:19 | S | +| main.rs:775:38:775:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:775:39:775:40 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:775:39:775:40 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:777:13:777:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:777:13:777:14 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:777:13:777:14 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:777:18:777:23 | &... | | file://:0:0:0:0 | & | +| main.rs:777:18:777:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:777:18:777:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:777:19:777:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:777:19:777:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:777:21:777:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:779:26:779:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:779:26:779:27 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:779:26:779:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:779:26:779:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:779:26:779:32 | x4.m2() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:780:26:780:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:780:26:780:27 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:780:26:780:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:780:26:780:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:780:26:780:32 | x4.m3() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:782:13:782:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:782:13:782:14 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:782:13:782:14 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:782:18:782:23 | &... | | file://:0:0:0:0 | & | +| main.rs:782:18:782:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:782:18:782:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:782:19:782:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:782:19:782:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:782:21:782:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:784:26:784:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:784:26:784:27 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:784:26:784:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:784:26:784:32 | x5.m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:785:26:785:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:785:26:785:27 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:785:26:785:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:785:26:785:29 | x5.0 | | main.rs:746:5:747:14 | S2 | +| main.rs:787:13:787:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:787:13:787:14 | x6 | &T | main.rs:743:5:744:19 | S | +| main.rs:787:13:787:14 | x6 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:787:18:787:23 | &... | | file://:0:0:0:0 | & | +| main.rs:787:18:787:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:787:18:787:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:787:19:787:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:787:19:787:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:787:21:787:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:789:26:789:30 | (...) | | main.rs:743:5:744:19 | S | +| main.rs:789:26:789:30 | (...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:789:26:789:35 | ... .m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:789:27:789:29 | * ... | | main.rs:743:5:744:19 | S | +| main.rs:789:27:789:29 | * ... | T | main.rs:746:5:747:14 | S2 | +| main.rs:789:28:789:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:789:28:789:29 | x6 | &T | main.rs:743:5:744:19 | S | +| main.rs:789:28:789:29 | x6 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:796:16:796:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:796:16:796:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:799:16:799:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:799:16:799:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:799:32:801:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:799:32:801:9 | { ... } | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:800:13:800:16 | self | | file://:0:0:0:0 | & | +| main.rs:800:13:800:16 | self | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:800:13:800:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:800:13:800:22 | self.foo() | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:808:16:808:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:808:16:808:20 | SelfParam | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:808:36:810:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:808:36:810:9 | { ... } | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:809:13:809:16 | self | | file://:0:0:0:0 | & | +| main.rs:809:13:809:16 | self | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:814:13:814:13 | x | | main.rs:804:5:804:20 | MyStruct | +| main.rs:814:17:814:24 | MyStruct | | main.rs:804:5:804:20 | MyStruct | +| main.rs:815:9:815:9 | x | | main.rs:804:5:804:20 | MyStruct | +| main.rs:815:9:815:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:815:9:815:15 | x.bar() | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:825:16:825:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:825:16:825:20 | SelfParam | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:825:16:825:20 | SelfParam | &T.T | main.rs:824:10:824:10 | T | +| main.rs:825:32:827:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:825:32:827:9 | { ... } | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:825:32:827:9 | { ... } | &T.T | main.rs:824:10:824:10 | T | +| main.rs:826:13:826:16 | self | | file://:0:0:0:0 | & | +| main.rs:826:13:826:16 | self | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:826:13:826:16 | self | &T.T | main.rs:824:10:824:10 | T | +| main.rs:831:13:831:13 | x | | main.rs:822:5:822:26 | MyStruct | +| main.rs:831:13:831:13 | x | T | main.rs:820:5:820:13 | S | +| main.rs:831:17:831:27 | MyStruct(...) | | main.rs:822:5:822:26 | MyStruct | +| main.rs:831:17:831:27 | MyStruct(...) | T | main.rs:820:5:820:13 | S | +| main.rs:831:26:831:26 | S | | main.rs:820:5:820:13 | S | +| main.rs:832:9:832:9 | x | | main.rs:822:5:822:26 | MyStruct | +| main.rs:832:9:832:9 | x | T | main.rs:820:5:820:13 | S | +| main.rs:832:9:832:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:832:9:832:15 | x.foo() | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:832:9:832:15 | x.foo() | &T.T | main.rs:820:5:820:13 | S | +| main.rs:840:15:840:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:840:15:840:19 | SelfParam | &T | main.rs:837:5:837:13 | S | +| main.rs:840:31:842:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:840:31:842:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:841:13:841:19 | &... | | file://:0:0:0:0 | & | +| main.rs:841:13:841:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:841:14:841:19 | &... | | file://:0:0:0:0 | & | +| main.rs:841:14:841:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:841:15:841:19 | &self | | file://:0:0:0:0 | & | +| main.rs:841:15:841:19 | &self | &T | main.rs:837:5:837:13 | S | +| main.rs:841:16:841:19 | self | | file://:0:0:0:0 | & | +| main.rs:841:16:841:19 | self | &T | main.rs:837:5:837:13 | S | +| main.rs:844:15:844:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:844:15:844:25 | SelfParam | &T | main.rs:837:5:837:13 | S | +| main.rs:844:37:846:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:844:37:846:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:845:13:845:19 | &... | | file://:0:0:0:0 | & | +| main.rs:845:13:845:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:845:14:845:19 | &... | | file://:0:0:0:0 | & | +| main.rs:845:14:845:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:845:15:845:19 | &self | | file://:0:0:0:0 | & | +| main.rs:845:15:845:19 | &self | &T | main.rs:837:5:837:13 | S | +| main.rs:845:16:845:19 | self | | file://:0:0:0:0 | & | +| main.rs:845:16:845:19 | self | &T | main.rs:837:5:837:13 | S | +| main.rs:848:15:848:15 | x | | file://:0:0:0:0 | & | +| main.rs:848:15:848:15 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:848:34:850:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:848:34:850:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:849:13:849:13 | x | | file://:0:0:0:0 | & | +| main.rs:849:13:849:13 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:852:15:852:15 | x | | file://:0:0:0:0 | & | +| main.rs:852:15:852:15 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:852:34:854:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:852:34:854:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:853:13:853:16 | &... | | file://:0:0:0:0 | & | +| main.rs:853:13:853:16 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:853:14:853:16 | &... | | file://:0:0:0:0 | & | +| main.rs:853:14:853:16 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:853:15:853:16 | &x | | file://:0:0:0:0 | & | +| main.rs:853:15:853:16 | &x | &T | main.rs:837:5:837:13 | S | +| main.rs:853:16:853:16 | x | | file://:0:0:0:0 | & | +| main.rs:853:16:853:16 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:858:13:858:13 | x | | main.rs:837:5:837:13 | S | +| main.rs:858:17:858:20 | S {...} | | main.rs:837:5:837:13 | S | +| main.rs:859:9:859:9 | x | | main.rs:837:5:837:13 | S | +| main.rs:859:9:859:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:859:9:859:14 | x.f1() | &T | main.rs:837:5:837:13 | S | +| main.rs:860:9:860:9 | x | | main.rs:837:5:837:13 | S | +| main.rs:860:9:860:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:860:9:860:14 | x.f2() | &T | main.rs:837:5:837:13 | S | +| main.rs:861:9:861:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:861:9:861:17 | ...::f3(...) | &T | main.rs:837:5:837:13 | S | +| main.rs:861:15:861:16 | &x | | file://:0:0:0:0 | & | +| main.rs:861:15:861:16 | &x | &T | main.rs:837:5:837:13 | S | +| main.rs:861:16:861:16 | x | | main.rs:837:5:837:13 | S | +| main.rs:867:5:867:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:868:5:868:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:868:20:868:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:868:41:868:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From 77e1b231a6410cca1c8912ce7fe79bd31e925c10 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 4 Apr 2025 10:12:23 +0200 Subject: [PATCH 231/409] Rust: Handle associated types in trait methods --- .../rust/elements/internal/TraitImpl.qll | 10 +++ rust/ql/lib/codeql/rust/internal/Type.qll | 64 ++++++++++++++++++- .../codeql/rust/internal/TypeInference.qll | 27 ++++---- .../lib/codeql/rust/internal/TypeMention.qll | 40 +++++++++++- .../test/library-tests/type-inference/main.rs | 6 +- .../type-inference/type-inference.expected | 11 ++++ 6 files changed, 138 insertions(+), 20 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll index 63a136734652..0926db57c97e 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll @@ -26,5 +26,15 @@ module Impl { */ class Trait extends Generated::Trait { override string toStringImpl() { result = "trait " + this.getName().getText() } + + /** + * Gets the number of generic parameters of this trait. + */ + int getNumberOfGenericParams() { + result = this.getGenericParamList().getNumberOfGenericParams() + or + not this.hasGenericParamList() and + result = 0 + } } } diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index ef311fae6c8a..c3eb83c8dfaa 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -2,9 +2,10 @@ private import rust private import PathResolution -private import TypeInference private import TypeMention private import codeql.rust.internal.CachedStages +private import codeql.rust.elements.internal.generated.Raw +private import codeql.rust.elements.internal.generated.Synth cached newtype TType = @@ -15,6 +16,7 @@ newtype TType = TArrayType() or // todo: add size? TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or + TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getADescendant() = t } or TRefTypeParameter() or TSelfTypeParameter(Trait t) @@ -144,6 +146,9 @@ class TraitType extends Type, TTrait { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) + or + result = + any(AssociatedTypeTypeParameter param | param.getTrait() = trait and param.getIndex() = i) } pragma[nomagic] @@ -297,6 +302,14 @@ abstract class TypeParameter extends Type { override TypeParameter getTypeParameter(int i) { none() } } +private class RawTypeParameter = @type_param or @trait or @type_alias; + +private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } + +private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) + +int idOfTypeParameterAstNode(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } + /** A type parameter from source code. */ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { private TypeParam typeParam; @@ -320,6 +333,55 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { } } +/** Gets type alias that is the `i`th type parameter of `trait`. */ +predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { + typeAlias = + rank[i + 1 - trait.getNumberOfGenericParams()](TypeAlias alias | + trait.(TraitItemNode).getADescendant() = alias + | + alias order by idOfTypeParameterAstNode(alias) + ) +} + +/** + * A type parameter corresponding to an associated type in a trait. + * + * We treat associated type declarations in traits as type parameters. E.g., a + * trait such as + * ```rust + * trait ATrait { + * type AssociatedType; + * // ... + * } + * ``` + * is treated as if it where + * ```rust + * trait ATrait { + * // ... + * } + * ``` + */ +class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypeParameter { + private TypeAlias typeAlias; + + AssociatedTypeTypeParameter() { this = TAssociatedTypeTypeParameter(typeAlias) } + + TypeAlias getTypeAlias() { result = typeAlias } + + /** Gets the trait that contains this associated type declaration. */ + TraitItemNode getTrait() { result.getADescendant() = typeAlias } + + int getIndex() { traitAliasIndex(this.getTrait(), result, typeAlias) } + + override Function getMethod(string name) { none() } + + override string toString() { result = typeAlias.getName().getText() } + + override Location getLocation() { result = typeAlias.getLocation() } + + override TypeMention getABaseTypeMention() { none() } +} + /** An implicit reference type parameter. */ class RefTypeParameter extends TypeParameter, TRefTypeParameter { override Function getMethod(string name) { none() } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index ed6370f16381..9e38c41cf350 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -40,17 +40,21 @@ private module Input1 implements InputSig1 { private newtype TTypeParameterPosition = TTypeParamTypeParameterPosition(TypeParam tp) or - TSelfTypeParameterPosition() + TImplicitTypeParameterPosition() class TypeParameterPosition extends TTypeParameterPosition { TypeParam asTypeParam() { this = TTypeParamTypeParameterPosition(result) } - predicate isSelf() { this = TSelfTypeParameterPosition() } + /** + * Holds if this is the implicit type parameter position used to represent + * parameters that are never passed explicitly as arguments. + */ + predicate isImplicit() { this = TImplicitTypeParameterPosition() } string toString() { result = this.asTypeParam().toString() or - result = "Self" and this.isSelf() + result = "Implicit" and this.isImplicit() } } @@ -69,15 +73,6 @@ private module Input1 implements InputSig1 { apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - /** A raw AST node that might correspond to a type parameter. */ - private class RawTypeParameter = @type_param or @trait; - - private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } - - private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) - - private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } - int getTypeParameterId(TypeParameter tp) { tp = rank[result](TypeParameter tp0, int kind, int id | @@ -86,8 +81,9 @@ private module Input1 implements InputSig1 { id = 0 or kind = 1 and - exists(AstNode node | id = idOf(node) | + exists(AstNode node | id = idOfTypeParameterAstNode(node) | node = tp0.(TypeParamTypeParameter).getTypeParam() or + node = tp0.(AssociatedTypeTypeParameter).getTypeAlias() or node = tp0.(SelfTypeParameter).getTrait() ) | @@ -500,7 +496,10 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { exists(TraitItemNode trait | this = trait.getAnAssocItem() | typeParamMatchPosition(trait.getTypeParam(_), result, ppos) or - ppos.isSelf() and result = TSelfTypeParameter(trait) + ppos.isImplicit() and result = TSelfTypeParameter(trait) + or + ppos.isImplicit() and + result.(AssociatedTypeTypeParameter).getTrait() = trait ) } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index a5e696313a3c..b049d9b71774 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -75,6 +75,27 @@ class PathMention extends TypeMention, Path { this = node.getASelfPath() and result = node.(ImplItemNode).getSelfPath().getSegment().getGenericArgList().getTypeArg(i) ) + or + // If `this` is the trait of an `impl` block then any associated types + // defined in the `impl` block are type arguments to the trait. + // + // For instance, for a trait implementation like this + // ```rust + // impl MyTrait for MyType { + // ^^^^^^^ this + // type AssociatedType = i64 + // ^^^ result + // // ... + // } + // ``` + // the rhs. of the type alias is a type argument to the trait. + exists(ImplItemNode impl, AssociatedTypeTypeParameter param, TypeAlias alias | + this = impl.getTraitPath() and + param.getTrait() = resolvePath(this) and + alias = impl.getASuccessor(param.getTypeAlias().getName().getText()) and + result = alias.getTypeRepr() and + param.getIndex() = i + ) } override Type resolveType() { @@ -93,7 +114,11 @@ class PathMention extends TypeMention, Path { or result = TTypeParamTypeParameter(i) or - result = i.(TypeAlias).getTypeRepr().(TypeReprMention).resolveType() + exists(TypeAlias alias | alias = i | + result.(AssociatedTypeTypeParameter).getTypeAlias() = alias + or + result = alias.getTypeRepr().(TypeReprMention).resolveType() + ) ) } } @@ -106,6 +131,13 @@ class TypeParamMention extends TypeMention, TypeParam { override Type resolveType() { result = TTypeParamTypeParameter(this) } } +// Used to represent implicit associated type type arguments in traits. +class TypeAliasMention extends TypeMention, TypeAlias { + override TypeReprMention getTypeArgument(int i) { none() } + + override Type resolveType() { result = TAssociatedTypeTypeParameter(this) } +} + /** * Holds if the `i`th type argument of `selfPath`, belonging to `impl`, resolves * to type parameter `tp`. @@ -157,7 +189,11 @@ class ImplMention extends TypeMention, ImplItemNode { } class TraitMention extends TypeMention, TraitItemNode { - override TypeMention getTypeArgument(int i) { result = this.getTypeParam(i) } + override TypeMention getTypeArgument(int i) { + result = this.getTypeParam(i) + or + traitAliasIndex(this, i, result) + } override Type resolveType() { result = TTrait(this) } } diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 1a4462d54c4f..efe1a3444e0c 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -351,7 +351,7 @@ mod trait_associated_type { Self::AssociatedType: Default, Self: Sized, { - self.m1(); // $ method=MyTrait::m1 + self.m1(); // $ method=MyTrait::m1 type=self.m1():AssociatedType Self::AssociatedType::default() } } @@ -424,7 +424,7 @@ mod trait_associated_type { let x2 = S; // Call to default method in `trait` block - let y = x2.m2(); // $ method=m2 MISSING: type=y:AT + let y = x2.m2(); // $ method=m2 type=y:AT println!("{:?}", y); let x3 = S; @@ -440,7 +440,7 @@ mod trait_associated_type { let x5 = S2; println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 let x6 = S2; - println!("{:?}", x6.m2()); // $ method=m2 MISSING: type=x6.m2():A.S2 + println!("{:?}", x6.m2()); // $ method=m2 type=x6.m2():A.S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 94cc8c42a0b4..907ea9fcc533 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -336,7 +336,10 @@ inferType | main.rs:339:13:339:22 | self.field | | main.rs:337:10:337:10 | A | | main.rs:347:15:347:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | | main.rs:349:15:349:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:353:9:356:9 | { ... } | | main.rs:344:9:344:28 | AssociatedType | | main.rs:354:13:354:16 | self | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:354:13:354:21 | self.m1() | | main.rs:344:9:344:28 | AssociatedType | +| main.rs:355:13:355:43 | ...::default(...) | | main.rs:344:9:344:28 | AssociatedType | | main.rs:363:19:363:23 | SelfParam | | file://:0:0:0:0 | & | | main.rs:363:19:363:23 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:363:26:363:26 | a | | main.rs:363:16:363:16 | A | @@ -344,11 +347,14 @@ inferType | main.rs:365:22:365:26 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:365:29:365:29 | a | | main.rs:365:19:365:19 | A | | main.rs:365:35:365:35 | b | | main.rs:365:19:365:19 | A | +| main.rs:365:75:368:9 | { ... } | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:366:13:366:16 | self | | file://:0:0:0:0 | & | | main.rs:366:13:366:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:366:13:366:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:366:22:366:22 | a | | main.rs:365:19:365:19 | A | | main.rs:367:13:367:16 | self | | file://:0:0:0:0 | & | | main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:367:13:367:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | | main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | | main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | @@ -380,7 +386,10 @@ inferType | main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | | main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | | main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:427:13:427:13 | y | | main.rs:377:5:378:14 | AT | | main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:427:17:427:23 | x2.m2() | | main.rs:377:5:378:14 | AT | +| main.rs:428:26:428:26 | y | | main.rs:377:5:378:14 | AT | | main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | | main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | | main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | @@ -394,6 +403,8 @@ inferType | main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | | main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | | main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:443:26:443:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:443:26:443:32 | x6.m2() | A | main.rs:374:5:375:14 | S2 | | main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | | main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | | main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | From adfe89fadc4b2f83a9d5c34ab8cd3e4cd3746ccc Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 09:47:21 +0100 Subject: [PATCH 232/409] Update test output --- .../capture/LoopVariableCapture.expected | 34 ++++++++++++++----- .../capture/LoopVariableCapture.qlref | 2 +- .../query-tests/Variables/capture/test.py | 19 ++++++----- 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected index 8fd40c120a62..d7e15f44e6c2 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected @@ -1,8 +1,26 @@ -| test.py:5:9:5:20 | FunctionExpr | Capture of loop variable $@. | test.py:4:5:4:23 | For | x | -| test.py:10:6:10:14 | Lambda | Capture of loop variable $@. | test.py:10:5:10:36 | ListComp | i | -| test.py:42:6:42:14 | Lambda | Capture of loop variable $@. | test.py:42:5:42:56 | ListComp | i | -| test.py:43:6:43:14 | Lambda | Capture of loop variable $@. | test.py:43:5:43:56 | ListComp | j | -| test.py:45:6:45:14 | Lambda | Capture of loop variable $@. | test.py:45:5:45:36 | SetComp | i | -| test.py:49:8:49:16 | Lambda | Capture of loop variable $@. | test.py:49:5:49:38 | DictComp | i | -| test.py:57:6:57:14 | Lambda | Capture of loop variable $@. | test.py:57:6:57:35 | GeneratorExp | i | -| test.py:62:10:62:18 | Lambda | Capture of loop variable $@. | test.py:62:10:62:39 | GeneratorExp | i | +edges +| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:5:13:5:17 | ControlFlowNode for inner | provenance | | +| test.py:5:13:5:17 | ControlFlowNode for inner | test.py:7:20:7:24 | ControlFlowNode for inner | provenance | | +| test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | provenance | | +nodes +| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | semmle.label | ControlFlowNode for FunctionExpr | +| test.py:5:13:5:17 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | +| test.py:7:20:7:24 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | +| test.py:10:6:10:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:42:6:42:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:43:6:43:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:45:6:45:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:49:6:49:16 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple | +| test.py:49:8:49:16 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:57:6:57:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:62:10:62:18 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +subpaths +#select +| test.py:5:9:5:20 | FunctionExpr | test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:7:20:7:24 | ControlFlowNode for inner | This function captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:4:5:4:23 | For | x | test.py:7:20:7:24 | ControlFlowNode for inner | this location | +| test.py:10:6:10:14 | Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:10:5:10:36 | For | i | test.py:10:6:10:14 | ControlFlowNode for Lambda | this location | +| test.py:42:6:42:14 | Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:42:5:42:56 | For | i | test.py:42:6:42:14 | ControlFlowNode for Lambda | this location | +| test.py:43:6:43:14 | Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:43:5:43:56 | For | j | test.py:43:6:43:14 | ControlFlowNode for Lambda | this location | +| test.py:45:6:45:14 | Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:45:5:45:36 | For | i | test.py:45:6:45:14 | ControlFlowNode for Lambda | this location | +| test.py:49:8:49:16 | Lambda | test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:49:5:49:38 | For | i | test.py:49:6:49:16 | ControlFlowNode for Tuple | this location | +| test.py:57:6:57:14 | Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:57:6:57:35 | For | i | test.py:57:6:57:14 | ControlFlowNode for Lambda | this location | +| test.py:62:10:62:18 | Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:62:10:62:39 | For | i | test.py:62:10:62:18 | ControlFlowNode for Lambda | this location | diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref index 1e2a71cd6a71..05bfcbd94204 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref @@ -1 +1 @@ -Variables/LoopVariableCapture.ql +Variables/LoopVariableCapture/LoopVariableCapture.ql diff --git a/python/ql/test/query-tests/Variables/capture/test.py b/python/ql/test/query-tests/Variables/capture/test.py index 480bc58862e0..5ffccc7a9e4d 100644 --- a/python/ql/test/query-tests/Variables/capture/test.py +++ b/python/ql/test/query-tests/Variables/capture/test.py @@ -2,12 +2,12 @@ def bad1(): results = [] for x in range(10): - def inner(): + def inner(): # $capturedVar=x return x results.append(inner) return results -a = [lambda: i for i in range(1, 4)] +a = [lambda: i for i in range(1, 4)] # $capturedVar=a for f in a: print(f()) @@ -39,14 +39,14 @@ def inner(): result += inner() return result -b = [lambda: i for i in range(1, 4) for j in range(1,5)] -c = [lambda: j for i in range(1, 4) for j in range(1,5)] +b = [lambda: i for i in range(1, 4) for j in range(1,5)] # $capturedVar=i +c = [lambda: j for i in range(1, 4) for j in range(1,5)] # $capturedVar=j -s = {lambda: i for i in range(1, 4)} +s = {lambda: i for i in range(1, 4)} # $capturedVar=i for f in s: print(f()) -d = {i:lambda: i for i in range(1, 4)} +d = {i:lambda: i for i in range(1, 4)} # $capturedVar=d for k, f in d.items(): print(k, f()) @@ -54,14 +54,15 @@ def inner(): #When the captured variable is used. #So technically this is a false positive, but it is extremely fragile #code, so I (Mark) think it is fine to report it as a violation. -g = (lambda: i for i in range(1, 4)) +g = (lambda: i for i in range(1, 4)) # $capturedVar=i for f in g: print(f()) #But not if evaluated eagerly -l = list(lambda: i for i in range(1, 4)) +l = list(lambda: i for i in range(1, 4)) # $capturedVar=i for f in l: print(f()) +# This result is MISSING since the lambda is not detected to escape the loop def odasa4860(asset_ids): - return dict((asset_id, filter(lambda c : c.asset_id == asset_id, xxx)) for asset_id in asset_ids) + return dict((asset_id, filter(lambda c : c.asset_id == asset_id, xxx)) for asset_id in asset_ids) # $MISSING: capturedVar=asset_id From f96b00a62ab667bea496948718cdf59dd510311d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 09:53:13 +0100 Subject: [PATCH 233/409] Update rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs Co-authored-by: Simon Friis Vindum --- .../queries/security/CWE-770/UncontrolledAllocationSizeGood.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs index c07584312890..92c9a5b291b5 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs @@ -3,7 +3,7 @@ const BUFFER_LIMIT: usize = 10 * 1024; fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { let size = user_input.parse::()?; - if (size > BUFFER_LIMIT) { + if size > BUFFER_LIMIT { return Err("Size exceeds limit".into()); } let num_bytes = size * std::mem::size_of::(); From 44b26e5ae6a8912a34ac9e776b3f39220277a0b1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 09:54:41 +0100 Subject: [PATCH 234/409] Rust: Change the test copy of the example as well. --- rust/ql/test/query-tests/security/CWE-770/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 37533e746ed9..6d786dd0323e 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -291,7 +291,7 @@ const BUFFER_LIMIT: usize = 10 * 1024; fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { let size = user_input.parse::()?; - if (size > BUFFER_LIMIT) { + if size > BUFFER_LIMIT { return Err("Size exceeds limit".into()); } let num_bytes = size * std::mem::size_of::(); From 9fb1c312067e50c29010947d0b19de7178c08a3d Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 10:13:39 +0100 Subject: [PATCH 235/409] Update tests to inline expectations --- .../LoopVariableCapture.ql | 72 +---------------- .../LoopVariableCaptureQuery.qll | 81 +++++++++++++++++++ .../capture/LoopVariableCapture.expected | 26 ------ .../capture/LoopVariableCapture.qlref | 1 - .../capture/LoopVariableCaptureTest.expected | 0 .../capture/LoopVariableCaptureTest.ql | 19 +++++ .../query-tests/Variables/capture/test.py | 15 +++- 7 files changed, 112 insertions(+), 102 deletions(-) create mode 100644 python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll delete mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected delete mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref create mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected create mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 49392e3d01e7..9c8822a3f6b2 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -10,80 +10,10 @@ */ import python +import LoopVariableCaptureQuery import semmle.python.dataflow.new.DataFlow - -abstract class Loop extends AstNode { - abstract Variable getALoopVariable(); -} - -class ForLoop extends Loop, For { - override Variable getALoopVariable() { - this.getTarget() = result.getAnAccess().getParentNode*() and - result.getScope() = this.getScope() - } -} - -predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { - var.getAnAccess().getScope() = capturing.getInnerScope() and - capturing.getParentNode+() = loop and - var = loop.getALoopVariable() -} - -module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } - - predicate isSink(DataFlow::Node node) { - // Stored in a field. - // This appeared to lead to FPs through wrapper classes. - // exists(DataFlow::AttrWrite aw | aw.getObject() = node) - // or - // Stored in a dict/list. - exists(Assign assign, Subscript sub | - sub = assign.getATarget() and node.asExpr() = assign.getValue() - ) - or - // Stored in a list. - exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) - or - // Used in a yield statement, likely included in a collection. - // The element of comprehension expressions desugar to involve a yield statement internally. - exists(Yield y | node.asExpr() = y.getValue()) - } - - predicate isBarrierOut(DataFlow::Node node) { isSink(node) } - - predicate isBarrier(DataFlow::Node node) { - // Incorrect virtual dispatch to __call__ methods is a source of FPs. - exists(Function call | - call.getName() = "__call__" and - call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() - ) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { - isSink(node) and - ( - cs instanceof DataFlow::TupleElementContent or - cs instanceof DataFlow::ListElementContent or - cs instanceof DataFlow::SetElementContent or - cs instanceof DataFlow::DictionaryElementAnyContent - ) - } -} - -module EscapingCaptureFlow = DataFlow::Global; - import EscapingCaptureFlow::PathGraph -predicate escapingCapture( - CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, - EscapingCaptureFlow::PathNode sink -) { - capturesLoopVariable(capturing, loop, var) and - capturing = source.getNode().asExpr() and - EscapingCaptureFlow::flowPath(source, sink) -} - from CallableExpr capturing, AstNode loop, Variable var, string descr, EscapingCaptureFlow::PathNode source, EscapingCaptureFlow::PathNode sink diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll new file mode 100644 index 000000000000..ed0c64961413 --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll @@ -0,0 +1,81 @@ +/** Definitions for reasoning about loop variable capture issues. */ + +import python +import semmle.python.dataflow.new.DataFlow + +/** A looping construct. */ +abstract class Loop extends AstNode { + /** + * Gets a loop variable of this loop. + * For example, `x` and `y` in `for x,y in pairs: print(x+y)` + */ + abstract Variable getALoopVariable(); +} + +/** A `for` loop. */ +private class ForLoop extends Loop, For { + override Variable getALoopVariable() { + this.getTarget() = result.getAnAccess().getParentNode*() and + result.getScope() = this.getScope() + } +} + +/** Holds if the callable `capturing` captures the variable `var` from the loop `loop`. */ +predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { + var.getAnAccess().getScope() = capturing.getInnerScope() and + capturing.getParentNode+() = loop and + var = loop.getALoopVariable() +} + +/** Dataflow configuration for reasoning about callables that capture a loop variable and then may escape from the loop. */ +module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } + + predicate isSink(DataFlow::Node node) { + // Stored in a dict/list. + exists(Assign assign, Subscript sub | + sub = assign.getATarget() and node.asExpr() = assign.getValue() + ) + or + // Stored in a list. + exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) + or + // Used in a yield statement, likely included in a collection. + // The element of comprehension expressions desugar to involve a yield statement internally. + exists(Yield y | node.asExpr() = y.getValue()) + // Checks for storing in a field leads to false positives, so are omitted. + } + + predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + + predicate isBarrier(DataFlow::Node node) { + // Incorrect virtual dispatch to __call__ methods is a source of FPs. + exists(Function call | + call.getName() = "__call__" and + call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() + ) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { + isSink(node) and + ( + cs instanceof DataFlow::TupleElementContent or + cs instanceof DataFlow::ListElementContent or + cs instanceof DataFlow::SetElementContent or + cs instanceof DataFlow::DictionaryElementAnyContent + ) + } +} + +/** Dataflow for reasoning about callables that capture a loop variable and then escape from the loop. */ +module EscapingCaptureFlow = DataFlow::Global; + +/** Holds if `capturing` is a callable that captures the variable `var` of the loop `loop`, and then may escape the loop via a flow path from `source` to `sink`. */ +predicate escapingCapture( + CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, + EscapingCaptureFlow::PathNode sink +) { + capturesLoopVariable(capturing, loop, var) and + capturing = source.getNode().asExpr() and + EscapingCaptureFlow::flowPath(source, sink) +} diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected deleted file mode 100644 index d7e15f44e6c2..000000000000 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected +++ /dev/null @@ -1,26 +0,0 @@ -edges -| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:5:13:5:17 | ControlFlowNode for inner | provenance | | -| test.py:5:13:5:17 | ControlFlowNode for inner | test.py:7:20:7:24 | ControlFlowNode for inner | provenance | | -| test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | provenance | | -nodes -| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | semmle.label | ControlFlowNode for FunctionExpr | -| test.py:5:13:5:17 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | -| test.py:7:20:7:24 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | -| test.py:10:6:10:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:42:6:42:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:43:6:43:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:45:6:45:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:49:6:49:16 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple | -| test.py:49:8:49:16 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:57:6:57:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:62:10:62:18 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -subpaths -#select -| test.py:5:9:5:20 | FunctionExpr | test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:7:20:7:24 | ControlFlowNode for inner | This function captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:4:5:4:23 | For | x | test.py:7:20:7:24 | ControlFlowNode for inner | this location | -| test.py:10:6:10:14 | Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:10:5:10:36 | For | i | test.py:10:6:10:14 | ControlFlowNode for Lambda | this location | -| test.py:42:6:42:14 | Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:42:5:42:56 | For | i | test.py:42:6:42:14 | ControlFlowNode for Lambda | this location | -| test.py:43:6:43:14 | Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:43:5:43:56 | For | j | test.py:43:6:43:14 | ControlFlowNode for Lambda | this location | -| test.py:45:6:45:14 | Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:45:5:45:36 | For | i | test.py:45:6:45:14 | ControlFlowNode for Lambda | this location | -| test.py:49:8:49:16 | Lambda | test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:49:5:49:38 | For | i | test.py:49:6:49:16 | ControlFlowNode for Tuple | this location | -| test.py:57:6:57:14 | Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:57:6:57:35 | For | i | test.py:57:6:57:14 | ControlFlowNode for Lambda | this location | -| test.py:62:10:62:18 | Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:62:10:62:39 | For | i | test.py:62:10:62:18 | ControlFlowNode for Lambda | this location | diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref deleted file mode 100644 index 05bfcbd94204..000000000000 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref +++ /dev/null @@ -1 +0,0 @@ -Variables/LoopVariableCapture/LoopVariableCapture.ql diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql new file mode 100644 index 000000000000..792fa2159cbe --- /dev/null +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql @@ -0,0 +1,19 @@ +import python +import Variables.LoopVariableCapture.LoopVariableCaptureQuery +import utils.test.InlineExpectationsTest + +module MethodArgTest implements TestSig { + string getARelevantTag() { result = ["capturedVar"] } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(CallableExpr capturing, AstNode loop, Variable var | + escapingCapture(capturing, loop, var, _, _) and + element = capturing.toString() and + location = capturing.getLocation() and + tag = "capturedVar" and + value = var.getId() + ) + } +} + +import MakeTest diff --git a/python/ql/test/query-tests/Variables/capture/test.py b/python/ql/test/query-tests/Variables/capture/test.py index 5ffccc7a9e4d..186a19b75705 100644 --- a/python/ql/test/query-tests/Variables/capture/test.py +++ b/python/ql/test/query-tests/Variables/capture/test.py @@ -4,10 +4,10 @@ def bad1(): for x in range(10): def inner(): # $capturedVar=x return x - results.append(inner) + results.append(inner) return results -a = [lambda: i for i in range(1, 4)] # $capturedVar=a +a = [lambda: i for i in range(1, 4)] # $capturedVar=i for f in a: print(f()) @@ -18,7 +18,14 @@ def good1(): for y in range(10): def inner(y=y): return y - results.append(inner) + results.append(inner) + return results + +# OK: Using default argument. +def good2(): + results = [] + for y in range(10): + results.append(lambda y=y: y) return results #Factory function @@ -46,7 +53,7 @@ def inner(): for f in s: print(f()) -d = {i:lambda: i for i in range(1, 4)} # $capturedVar=d +d = {i:lambda: i for i in range(1, 4)} # $capturedVar=i for k, f in d.items(): print(k, f()) From 5731fa91f3e11c881b9bd5c22da4ac8df2605885 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 11:21:19 +0200 Subject: [PATCH 236/409] Rust: Use macro call location as fall back in macro expansions --- .../rust/elements/internal/LocatableImpl.qll | 22 ++++++++-- .../codeql/rust/internal/AstConsistency.qll | 3 +- .../CONSISTENCY/AstConsistency.expected | 41 ------------------- .../MacroItems/MacroItems_getItem.expected | 4 +- 4 files changed, 22 insertions(+), 48 deletions(-) delete mode 100644 rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected diff --git a/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll index 5aeec330a37d..ed349df48681 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll @@ -46,11 +46,25 @@ module Impl { predicate fromSource() { exists(this.getFile().getRelativePath()) } } + private @location_default getDbLocation(Locatable l) { + locatable_locations(Synth::convertLocatableToRaw(l), result) + } + + private MacroCall getImmediatelyEnclosingMacroCall(AstNode n) { + result = n.getParentNode() + or + exists(AstNode mid | + result = getImmediatelyEnclosingMacroCall(mid) and + n.getParentNode() = mid and + not mid instanceof MacroCall + ) + } + /** Gets the non-synthesized location of `l`, if any. */ LocationImpl::LocationDefault getLocationDefault(Locatable l) { - exists(@location_default location | - result = LocationImpl::TLocationDefault(location) and - locatable_locations(Synth::convertLocatableToRaw(l), location) - ) + result = LocationImpl::TLocationDefault(getDbLocation(l)) + or + not exists(getDbLocation(l)) and + result = getLocationDefault(getImmediatelyEnclosingMacroCall(l)) } } diff --git a/rust/ql/lib/codeql/rust/internal/AstConsistency.qll b/rust/ql/lib/codeql/rust/internal/AstConsistency.qll index b86ebc9a0f90..d812bfd2ef77 100644 --- a/rust/ql/lib/codeql/rust/internal/AstConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/AstConsistency.qll @@ -25,7 +25,8 @@ query predicate multipleLocations(Locatable e) { strictcount(e.getLocation()) > * Holds if `e` does not have a `Location`. */ query predicate noLocation(Locatable e) { - not exists(e.getLocation()) and not e.(AstNode).getParentNode*() = any(Crate c).getModule() + not exists(e.getLocation()) and + not e.(AstNode).getParentNode*() = any(Crate c).getModule() } private predicate multiplePrimaryQlClasses(Element e) { diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected deleted file mode 100644 index 807f782967d6..000000000000 --- a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected +++ /dev/null @@ -1,41 +0,0 @@ -noLocation -| file://:0:0:0:0 | ... .unwrap() | -| file://:0:0:0:0 | ...: ... | -| file://:0:0:0:0 | ...::Path | -| file://:0:0:0:0 | ...::Path | -| file://:0:0:0:0 | ...::path | -| file://:0:0:0:0 | ArgList | -| file://:0:0:0:0 | ArgList | -| file://:0:0:0:0 | ParamList | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | RefTypeRepr | -| file://:0:0:0:0 | RefTypeRepr | -| file://:0:0:0:0 | RetTypeRepr | -| file://:0:0:0:0 | StmtList | -| file://:0:0:0:0 | fn get_parent | -| file://:0:0:0:0 | get_parent | -| file://:0:0:0:0 | parent | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path.parent() | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | unwrap | -| file://:0:0:0:0 | use ...::Path | -| file://:0:0:0:0 | { ... } | diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected b/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected index 08f3925f5a47..e86dfee101a5 100644 --- a/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected +++ b/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected @@ -1,2 +1,2 @@ -| gen_macro_items.rs:5:5:5:38 | MacroItems | 0 | file://:0:0:0:0 | use ...::Path | -| gen_macro_items.rs:5:5:5:38 | MacroItems | 1 | file://:0:0:0:0 | fn get_parent | +| gen_macro_items.rs:5:5:5:38 | MacroItems | 0 | gen_macro_items.rs:5:5:5:38 | use ...::Path | +| gen_macro_items.rs:5:5:5:38 | MacroItems | 1 | gen_macro_items.rs:5:5:5:38 | fn get_parent | From b115f3f5e9c3da8c7df3d3115550685bb960d807 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 11:39:06 +0200 Subject: [PATCH 237/409] Update rust/ql/lib/codeql/rust/internal/PathResolution.qll Co-authored-by: Simon Friis Vindum --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index e5a6763525e8..c70ab0049d56 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -1088,7 +1088,7 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { * Holds if `i` is available inside `f` because it is reexported in [the prelude][1]. * * We don't yet have access to prelude information from the extractor, so for now - * we include all the preludes for Rust 2015, 2018, 2021, and 2024. + * we include all the preludes for Rust: 2015, 2018, 2021, and 2024. * * [1]: https://doc.rust-lang.org/core/prelude/index.html */ From 70a174ad5a4de2fe6ddc4a8ea3d5970afa7d5f15 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 4 Apr 2025 11:47:46 +0200 Subject: [PATCH 238/409] C#: Address review comments. --- .../Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 3e4e5fbeeb2e..04d8e20c09e5 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -157,7 +157,7 @@ public class OutParam public void Test() { int x; - Fn(out x); // Missing Alert + Fn(out x); // $ MISSING: Alert Fn(out _); // GOOD } @@ -194,7 +194,7 @@ void M1() void M2() { - var x = M6(); // Missing Alert + var x = M6(); // $ MISSING: Alert Action a = () => { x = 1; // GOOD @@ -208,7 +208,7 @@ void M3() int x; Action a = () => { - x = 1; // Missing Alert + x = 1; // $ MISSING: Alert }; a(); } @@ -230,7 +230,7 @@ void M4() void M5() { - int x = 0; // Missing Alert. + int x = 0; // $ MISSING: Alert Action a = () => { x = 1; // GOOD @@ -250,7 +250,7 @@ int M6() int captured = 0; // GOOD: Variable captured variable fn(() => { return captured; }); - return captured = 1; // Missing Alert. + return captured = 1; // $ MISSING: Alert } void M7() From 49194b03400ad8f940e80bef5940f88e12afc575 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:20:40 +0200 Subject: [PATCH 239/409] Updated `WebSocketReceiveNode` with API graphs. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 6 +++--- .../frameworks/WebSocket/browser-custom.js | 8 ++++---- .../frameworks/WebSocket/client-custom.js | 2 +- .../library-tests/frameworks/WebSocket/test.expected | 10 ++++++++++ 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 09c9f98e3f02..0455bb691724 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -159,8 +159,8 @@ module ClientWebSocket { private DataFlow::FunctionNode getAMessageHandler( ClientWebSocket::ClientSocket emitter, string methodName ) { - exists(DataFlow::CallNode call | - call = emitter.getAMemberCall(methodName) and + exists(API::CallNode call | + call = emitter.getReturn().getMember(methodName).getACall() and call.getArgument(0).mayHaveStringValue("message") and result = call.getCallback(1) ) @@ -175,7 +175,7 @@ module ClientWebSocket { WebSocketReceiveNode() { this = getAMessageHandler(emitter, "addEventListener") or - this = emitter.getAPropertyWrite("onmessage").getRhs() + this = emitter.getReturn().getMember("onmessage").getAValueReachingSink() } override DataFlow::Node getReceivedItem(int i) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index 11765138f55c..95c931f5cee3 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -41,11 +41,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ myWebSocketInstance.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive myWebSocketInstance.onmessage = function (event) { console.log("Message from server 2", event.data) - }; // $ MISSING: clientReceive + }; // $ clientReceive })(); @@ -57,9 +57,9 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ mySockJSInstance.onmessage = function (e) { console.log('message', e.data); mySockJSInstance.close(); - }; // $ MISSING: clientReceive + }; // $ clientReceive mySockJSInstance.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 5d7ac4b564d8..dd8c84e87c0d 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -19,5 +19,5 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); myWebSocketWSInstance.on('message', function incoming(data) { console.log(data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 4d7e33f54022..a5c55cf63631 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -3,11 +3,16 @@ clientReceive | browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | | browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | | browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | +| browser-custom.js:42:53:44:5 | functio ... ;\\n } | +| browser-custom.js:46:37:48:5 | functio ... )\\n } | +| browser-custom.js:57:34:60:5 | functio ... ;\\n } | +| browser-custom.js:62:50:64:5 | functio ... ;\\n } | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | | client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | +| client-custom.js:20:38:22:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | clientSend | browser-custom.js:7:3:7:33 | socket. ... wser!') | @@ -47,14 +52,19 @@ flowSteps | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | | server.js:15:36:15:55 | require('ws').Server | server-custom.js:1:9:1:25 | MyWebSocketServer | | server.js:16:44:16:79 | new Web ... 8080 }) | server-custom.js:1:28:1:52 | myWebSo ... nstance | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:58:32:58:37 | e.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:63:48:63:57 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow From 4b7a9cd399d68ac8bb1b06f05f07bd5d84142b63 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:25:50 +0200 Subject: [PATCH 240/409] Added test case with `bind`. --- .../library-tests/frameworks/WebSocket/browser-custom.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index 95c931f5cee3..a426b6768a66 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -63,3 +63,12 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ console.log('Using addEventListener ', event.data); }); // $ clientReceive })(); + + +const recv_message = function (e) { + console.log('Received message:', e.data); +}; // $ MISSING: clientReceive + +(function () { + myWebSocketInstance.onmessage = recv_message.bind(this); +})(); From c5860e92ec84b3d681175b83ab534a80501c6418 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:26:45 +0200 Subject: [PATCH 241/409] Updated `WebSocketReceiveNode` to match bind functions. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 6 ++++++ .../library-tests/frameworks/WebSocket/browser-custom.js | 2 +- .../test/library-tests/frameworks/WebSocket/test.expected | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 0455bb691724..98aef6ed0961 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -176,6 +176,12 @@ module ClientWebSocket { this = getAMessageHandler(emitter, "addEventListener") or this = emitter.getReturn().getMember("onmessage").getAValueReachingSink() + or + exists(DataFlow::MethodCallNode bindCall | + bindCall = emitter.getReturn().getMember("onmessage").getAValueReachingSink() and + bindCall.getMethodName() = "bind" and + this = bindCall.getReceiver().getAFunctionValue() + ) } override DataFlow::Node getReceivedItem(int i) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index a426b6768a66..ad0d30fb01ea 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -67,7 +67,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ const recv_message = function (e) { console.log('Received message:', e.data); -}; // $ MISSING: clientReceive +}; // $ clientReceive (function () { myWebSocketInstance.onmessage = recv_message.bind(this); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index a5c55cf63631..16fc0f0d267f 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -7,6 +7,7 @@ clientReceive | browser-custom.js:46:37:48:5 | functio ... )\\n } | | browser-custom.js:57:34:60:5 | functio ... ;\\n } | | browser-custom.js:62:50:64:5 | functio ... ;\\n } | +| browser-custom.js:68:22:70:1 | functio ... ata);\\n} | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | @@ -54,6 +55,7 @@ flowSteps | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | From 6bcfd8c91ded71561d6a58ead3aca5c053465e54 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:31:16 +0200 Subject: [PATCH 242/409] Updated `getAServer` with API graphs. --- .../javascript/frameworks/WebSocket.qll | 8 ++-- .../frameworks/WebSocket/server-custom.js | 16 ++++---- .../frameworks/WebSocket/test.expected | 40 +++++++++++++++++++ 3 files changed, 52 insertions(+), 12 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 98aef6ed0961..da110c6562c0 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -212,19 +212,19 @@ module ServerWebSocket { /** * Gets a server created by a library named `library`. */ - DataFlow::SourceNode getAServer(LibraryName library) { + API::InvokeNode getAServer(LibraryName library) { library = ws() and - result = DataFlow::moduleImport("ws").getAConstructorInvocation("Server") + result = API::moduleImport("ws").getMember("Server").getAnInvocation() or library = sockjs() and - result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer") + result = API::moduleImport("sockjs").getMember("createServer").getAnInvocation() } /** * Gets a `socket.on("connection", (msg, req) => {})` call. */ private DataFlow::CallNode getAConnectionCall(LibraryName library) { - result = getAServer(library).getAMemberCall(EventEmitter::on()) and + result = getAServer(library).getReturn().getMember(EventEmitter::on()).getACall() and result.getArgument(0).mayHaveStringValue("connection") } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index 63893ba2f5ca..65d49c0d73ee 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -3,21 +3,21 @@ const { MyWebSocketServer, myWebSocketServerInstance } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); - wss.on('connection', function connection(ws) { // $ MISSING: serverSocket - ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + wss.on('connection', function connection(ws) { // $ serverSocket + ws.on('message', function incoming(message) { // $ remoteFlow console.log('received: %s', message); - }); // $ MISSING: serverReceive + }); // $ serverReceive - ws.send('Hi from server!'); // $ MISSING: serverSend + ws.send('Hi from server!'); // $ serverSend }); })(); (function () { - myWebSocketServerInstance.on('connection', function connection(ws) { // $ MISSING: serverSocket - ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + myWebSocketServerInstance.on('connection', function connection(ws) { // $ serverSocket + ws.on('message', function incoming(message) { // $ remoteFlow console.log('received: %s', message); - }); // $ MISSING: serverReceive + }); // $ serverReceive - ws.send('Hi from server!'); // $ MISSING: serverSend + ws.send('Hi from server!'); // $ serverSend }); })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 16fc0f0d267f..7480e0668766 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -40,17 +40,49 @@ flowSteps | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | | browser-custom.js:1:33:1:51 | myWebSocketInstance | browser-custom.js:1:33:1:51 | myWebSocketInstance | | browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser-custom.js:39:34:39:51 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:54:31:54:36 | 'test' | sockjs.js:9:31:9:37 | message | +| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client-custom.js:17:30:17:46 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | @@ -70,14 +102,22 @@ flowSteps | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow +| server-custom.js:7:38:7:44 | message | +| server-custom.js:17:38:17:44 | message | | server.js:7:38:7:44 | message | | sockjs.js:9:31:9:37 | message | serverReceive +| server-custom.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | +| server-custom.js:17:3:19:4 | ws.on(' ... );\\n\\t\\t}) | | server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | | sockjs.js:9:5:12:6 | conn.on ... \\n }) | serverSend +| server-custom.js:11:3:11:28 | ws.send ... rver!') | +| server-custom.js:21:3:21:28 | ws.send ... rver!') | | server.js:11:3:11:28 | ws.send ... rver!') | | sockjs.js:11:9:11:51 | conn.wr ... test))) | serverSocket +| server-custom.js:6:43:6:44 | ws | +| server-custom.js:16:65:16:66 | ws | | server.js:6:43:6:44 | ws | | sockjs.js:8:40:8:43 | conn | From b5805503fe34f76a6e31ec0fd7ad53d437488ad1 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 11:56:07 +0100 Subject: [PATCH 243/409] Cleanups --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 1 - .../Variables/capture/LoopVariableCaptureTest.ql | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 9c8822a3f6b2..9c41e52cc45c 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -11,7 +11,6 @@ import python import LoopVariableCaptureQuery -import semmle.python.dataflow.new.DataFlow import EscapingCaptureFlow::PathGraph from diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql index 792fa2159cbe..dc9fbed27dce 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql @@ -3,11 +3,11 @@ import Variables.LoopVariableCapture.LoopVariableCaptureQuery import utils.test.InlineExpectationsTest module MethodArgTest implements TestSig { - string getARelevantTag() { result = ["capturedVar"] } + string getARelevantTag() { result = "capturedVar" } predicate hasActualResult(Location location, string element, string tag, string value) { - exists(CallableExpr capturing, AstNode loop, Variable var | - escapingCapture(capturing, loop, var, _, _) and + exists(CallableExpr capturing, Variable var | + escapingCapture(capturing, _, var, _, _) and element = capturing.toString() and location = capturing.getLocation() and tag = "capturedVar" and From 24a4aad1204d58dab00d94210732d3bffae2f5f6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 12:11:25 +0100 Subject: [PATCH 244/409] Rust: Accept consistency check fixes following merge with main. --- .../CWE-696/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../CWE-825/CONSISTENCY/DataFlowConsistency.expected | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected index ad26ad761aa1..e69de29bb2d1 100644 --- a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected @@ -1,2 +0,0 @@ -postWithInFlow -| test.rs:118:17:118:19 | [post] ptr | PostUpdateNode should not be the target of local flow. | diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected index f518ed81ffab..e69de29bb2d1 100644 --- a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected @@ -1,10 +0,0 @@ -postWithInFlow -| deallocation.rs:20:23:20:24 | [post] m1 | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:70:23:70:35 | [post] m2 as ... | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:176:27:176:28 | [post] p1 | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:189:27:189:44 | [post] ... .as_mut_ptr(...) | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:217:24:217:31 | [post] self.ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:236:27:236:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:242:27:242:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:267:23:267:25 | [post] ptr | PostUpdateNode should not be the target of local flow. | From de7e6119624c99e6e1c990904162a3b3c78c2619 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 12:36:13 +0100 Subject: [PATCH 245/409] Rewrite documentation --- .../LoopVariableCapture.py | 18 -------- .../LoopVariableCapture.qhelp | 46 ++++++------------- .../LoopVariableCapture.ql | 1 + .../LoopVariableCapture/examples/bad.py | 8 ++++ .../LoopVariableCapture/examples/good.py | 8 ++++ .../LoopVariableCapture/examples/good2.py | 9 ++++ 6 files changed, 41 insertions(+), 49 deletions(-) delete mode 100644 python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/bad.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/good.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/good2.py diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py deleted file mode 100644 index 4a6abcb88946..000000000000 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py +++ /dev/null @@ -1,18 +0,0 @@ - -#Make a list of functions to increment their arguments by 0 to 9. -def make_incrementers(): - result = [] - for i in range(10): - def incrementer(x): - return x + i - result.append(incrementer) - return result - -#This will fail -def test(): - incs = make_incrementers() - for x in range(10): - for y in range(10): - assert incs[x](y) == x+y - -test() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index 15f2b185eb9d..ae23584344c8 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -5,56 +5,40 @@

    -Nested functions are a useful feature of Python as it allows a function to access the variables of its enclosing function. -However, the programmer needs to be aware that when an inner function accesses a variable in an outer scope, -it is the variable that is captured, not the value of that variable. +In Python, a nested function or lambda expression that captures a variable from its surrounding scope is a late-binding closure, +meaning that the value of the variable is determined when the closure is called, not when it is created.

    -Therefore, care must be taken when the captured variable is a loop variable, since it is the loop variable and -not the value of that variable that is captured. -This will mean that by the time that the inner function executes, -the loop variable will have its final value, not the value when the inner function was created. +Care must be taken when the captured variable is a loop variable. If the closure is called after the loop ends, it will use the value of the variable on the last iteration of the loop, rather than the value at the iteration at which it was created.

    -The simplest way to fix this problem is to add a local variable of the same name as the outer variable and initialize that -using the outer variable as a default. - -for var in seq: - ... - def inner_func(arg): - ... - use(var) - -becomes - -for var in seq: - ... - def inner_func(arg, var=var): - ... - use(var) - +Ensure that closures that capture loop variables aren't used outside of a single iteration of the loop. +To capture the value of a loop variable at the time the closure is created, use a default parameter, or functools.partial.

    -In this example, a list of functions is created which should each increment its argument by its index in the list. -However, since i will be 9 when the functions execute, they will each increment their argument by 9. +In the following (BAD) example, a `tasks` list is created, but each task captures the loop variable i, and reads the same value when run.

    - +

    -This can be fixed by adding the default value as shown below. The default value is computed when the function is created, so the desired effect is achieved. +In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. + +In the following (GOOD) example, functools.partial is used to partially evaluate the lambda expression with the value of i. +

    -     -
  • The Hitchhiker’s Guide to Python: Late Binding Closures
    • -
  • Python Language Reference: Naming and binding
    • +
  • The Hitchhiker's Guide to Python: Late Binding Closures.
    • +
  • Python Language Reference: Naming and binding.
    • +
  • Stack Overflow: Creating functions (or lambdas) in a loop (or comprehension).
    • +
  • Python Language Reference: functools.partial.
    • diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 9c41e52cc45c..514a6790ea08 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -3,6 +3,7 @@ * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. * @kind path-problem * @tags correctness + * quality * @problem.severity error * @sub-severity low * @precision high diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/bad.py b/python/ql/src/Variables/LoopVariableCapture/examples/bad.py new file mode 100644 index 000000000000..1e70d20fd1db --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/bad.py @@ -0,0 +1,8 @@ +# BAD: The loop variable `i` is captured. +tasks = [] +for i in range(5): + tasks.append(lambda: print(i)) + +# This will print `4,4,4,4,4`, rather than `0,1,2,3,4` as likely intended. +for t in tasks: + t() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good.py b/python/ql/src/Variables/LoopVariableCapture/examples/good.py new file mode 100644 index 000000000000..67ed2624f0a8 --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good.py @@ -0,0 +1,8 @@ +# GOOD: A default parameter is used, so the variable `i` is not being captured. +tasks = [] +for i in range(5): + tasks.append(lambda i=i: print(i)) + +# This will print `0,1,2,3,4``. +for t in tasks: + t() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py new file mode 100644 index 000000000000..1a2469b42202 --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py @@ -0,0 +1,9 @@ +import functools +# GOOD: A default parameter is used, so the variable `i` is not being captured. +tasks = [] +for i in range(5): + tasks.append(functools.partial(lambda i: print(i), i)) + +# This will print `0,1,2,3,4``. +for t in tasks: + t() \ No newline at end of file From 5c1581d080fb90573a490c2da8c9d06995f97eae Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Fri, 4 Apr 2025 12:37:37 +0100 Subject: [PATCH 246/409] Add changelog entries for CodeQL CLI versions 2.20.7 and 2.21.0 --- .../codeql-changelog/codeql-cli-2.20.7.rst | 22 ++ .../codeql-changelog/codeql-cli-2.21.0.rst | 211 ++++++++++++++++++ .../codeql-changelog/index.rst | 2 + 3 files changed, 235 insertions(+) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst new file mode 100644 index 000000000000..fd6885b025e6 --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst @@ -0,0 +1,22 @@ +.. _codeql-cli-2.20.7: + +========================== +CodeQL 2.20.7 (2025-03-18) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.20.7 runs a total of 450 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 137 queries (covering 35 more CWE). + +CodeQL CLI +---------- + +There are no user-facing CLI changes in this release. diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst new file mode 100644 index 000000000000..7d62123a49a7 --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst @@ -0,0 +1,211 @@ +.. _codeql-cli-2.21.0: + +========================== +CodeQL 2.21.0 (2025-04-03) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.21.0 runs a total of 452 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 136 queries (covering 35 more CWE). 1 security query has been added with this release. + +CodeQL CLI +---------- + +Miscellaneous +~~~~~~~~~~~~~ + +* On macOS the :code:`CODEQL_TRACER_RELOCATION_EXCLUDE` environment variable can now be used to exclude certain paths from the tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries to be excluded. + +Query Packs +----------- + +Bug Fixes +~~~~~~~~~ + +JavaScript/TypeScript +""""""""""""""""""""" + +* Fixed a bug, first introduced in :code:`2.20.3`, that would prevent :code:`v-html` attributes in Vue files from being flagged by the :code:`js/xss` query. The original behaviour has been restored and the :code:`v-html` attribute is once again functioning as a sink for the :code:`js/xss` query. +* Fixed a bug that would in rare cases cause some regexp-based checks to be seen as generic taint sanitisers, even though the underlying regexp is not restrictive enough. The regexps are now analysed more precisely, + and unrestrictive regexp checks will no longer block taint flow. +* Fixed a recently-introduced bug that caused :code:`js/server-side-unvalidated-url-redirection` to ignore valid hostname checks and report spurious alerts after such a check. The original behaviour has been restored. + +Python +"""""" + +* The :code:`py/unused-global-variable` now no longer flags variables that are only used in forward references (e.g. the :code:`Foo` in :code:`def bar(x: "Foo"): ...`). + +GitHub Actions +"""""""""""""" + +* Fixed typos in the query and alert titles for the queries + :code:`actions/envpath-injection/critical`, :code:`actions/envpath-injection/medium`, + :code:`actions/envvar-injection/critical`, and :code:`actions/envvar-injection/medium`. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* Updated the :code:`java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C/C++ +""""" + +* Fixed a bug in the models for Microsoft's Active Template Library (ATL). +* The query "Use of basic integral type" (:code:`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (:code:`int8_t`, :code:`uint8_t`, etc.), and the :code:`_Bool` and :code:`bool` types. + +C# +"" + +* Improved dependency resolution in :code:`build-mode: none` extraction to handle failing :code:`dotnet restore` processes that managed to download a subset of the dependencies before the failure. +* Increase query precision for :code:`cs/useless-gethashcode-call` by not flagging calls to :code:`GetHashCode` on :code:`uint`, :code:`long` and :code:`ulong`. +* Increase query precision for :code:`cs/constant-condition` and allow the use of discards in switch/case statements and also take the condition (if any) into account. +* The :code:`cs/local-not-disposed` query no longer flags un-disposed tasks as this is often not needed (explained `here `__). +* Increase query precision for :code:`cs/useless-assignment-to-local` and :code:`cs/constant-condition` when *unknown* types are involved (mostly relevant for :code:`build-mode: none` databases). +* Don't consider an if-statement to be *useless* in :code:`cs/useless-if-statement` if there is at least a comment. + +Golang +"""""" + +* False positives in "Log entries created from user input" (:code:`go/log-injection`) and "Clear-text logging of sensitive information" (:code:`go/clear-text-logging`) which involved the verb :code:`%T` in a format specifier have been fixed. As a result, some users may also see more alerts from the "Use of constant :code:`state` value in OAuth 2.0 URL" (:code:`go/constant-oauth2-state`) query. + +Java/Kotlin +""""""""""" + +* Fixed a false positive in "Time-of-check time-of-use race condition" (:code:`java/toctou-race-condition`) where a field of a non-static class was not considered always-locked if it was accessed in a constructor. +* Overrides of :code:`BroadcastReceiver::onReceive` with no statements in their body are no longer considered unverified by the :code:`java/improper-intent-verification` query. This will reduce false positives from :code:`onReceive` methods which do not perform any actions. + +Python +"""""" + +* The :code:`py/special-method-wrong-signature` has been modernized and rewritten to no longer rely on outdated APIs. Moreover, the query no longer flags cases where a default value is never used, as these alerts were rarely useful. + +New Queries +~~~~~~~~~~~ + +C# +"" + +* Added a new query, :code:`csharp/path-combine`, to recommend against the :code:`Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted. + +Java/Kotlin +""""""""""" + +* Added a new quality query, :code:`java/empty-method`, to detect empty methods. +* The query :code:`java/spring-boot-exposed-actuators` has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the `CodeQL Community Packs `__. This query was originally submitted as an experimental query `by @ggolawski `__. + +Swift +""""" + +* Added a new summary query counting the total number of extracted AST nodes. + +Language Libraries +------------------ + +Bug Fixes +~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* In :code:`build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings. +* Java extraction no longer freezes for a long time or times out when using libraries that feature expanding cyclic generic types. For example, this was known to occur when using some classes from the Blazebit Persistence library. +* Java build-mode :code:`none` no longer fails when a required version of Gradle cannot be downloaded using the :code:`gradle wrapper` command, such as due to a firewall. It will now attempt to use the system version of Gradle if present, or otherwise proceed without detailed dependency information. +* Java build-mode :code:`none` no longer fails when a required version of Maven cannot be downloaded, such as due to a firewall. It will now attempt to use the system version of Maven if present, or otherwise proceed without detailed dependency information. +* Java build-mode :code:`none` now correctly uses Maven dependency information on Windows platforms. + +Python +"""""" + +* :code:`MatchLiteralPattern`\ s such as :code:`case None: ...` are now never pruned from the extracted source code. This fixes some situations where code was wrongly identified as unreachable. + +GitHub Actions +"""""""""""""" + +* The query :code:`actions/code-injection/medium` now produces alerts for injection vulnerabilities on :code:`pull_request` events. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +JavaScript/TypeScript +""""""""""""""""""""" + +* Added support for TypeScript 5.8. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* The models for :code:`System.Uri` have been modified to better model the flow of tainted URIs. +* Modeled parameter passing between Blazor parent and child components. + +Golang +"""""" + +* We no longer track taint into a :code:`sync.Map` via the key of a key-value pair, since we do not model any way in which keys can be read from a :code:`sync.Map`. +* :code:`database` source models have been added for v1 and v2 of the :code:`github.com/couchbase/gocb` package. +* Added :code:`database` source models for the :code:`github.com/Masterminds/squirrel` ORM package. + +Java/Kotlin +""""""""""" + +* Java extraction is now able to download Maven 3.9.x if a Maven Enforcer Plugin configuration indicates it is necessary. Maven 3.8.x is still preferred if the enforcer-plugin configuration (if any) permits it. +* Added a path injection sanitizer for calls to :code:`java.lang.String.matches`, :code:`java.lang.String.replace`, and :code:`java.lang.String.replaceAll` that make sure '/', '\', '..' are not in the path. + +JavaScript/TypeScript +""""""""""""""""""""" + +* Added support for additional :code:`fs-extra` methods as sinks in path-injection queries. +* Added support for the newer version of :code:`Hapi` with the :code:`@hapi/hapi` import and :code:`server` function. +* Improved modeling of the :code:`node:fs` module: :code:`await`\ -ed calls to :code:`read` and :code:`readFile` are now supported. +* Added support for the :code:`@sap/hana-client`, :code:`@sap/hdbext` and :code:`hdb` packages. +* Enhanced :code:`axios` support with new methods (:code:`postForm`, :code:`putForm`, :code:`patchForm`, :code:`getUri`, :code:`create`) and added support for :code:`interceptors.request` and :code:`interceptors.response`. +* Improved support for :code:`got` package with :code:`Options`, :code:`paginate()` and :code:`extend()` +* Added support for the :code:`ApolloServer` class from :code:`@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input. +* Improved support for :code:`superagent` to handle the case where the package is directly called as a function, or via the :code:`.del()` or :code:`.agent()` method. +* Added support for the :code:`underscore.string` package. +* Added additional flow step for :code:`unescape()` and :code:`escape()`. +* Added support for the :code:`@tanstack/vue-query` package. +* Added taint-steps for :code:`unescape()`. +* Added support for the :code:`@tanstack/angular-query-experimental` package. +* Improved support for the :code:`@angular/common/http` package, detecting outgoing HTTP requests in more cases. +* Improved the modeling of the :code:`markdown-table` package to ensure it handles nested arrays properly. +* Added support for the :code:`react-relay` library. + +Python +"""""" + +* Added the methods :code:`getMinArguments` and :code:`getMaxArguments` to the :code:`Function` class. These return the minimum and maximum positional arguments that the given function accepts. + +New Features +~~~~~~~~~~~~ + +C/C++ +""""" + +* Added :code:`Node.asUncertainDefinition` and :code:`Node.asCertainDefinition` to the :code:`DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer. + +JavaScript/TypeScript +""""""""""""""""""""" + +* Extraction now supports regular expressions with the :code:`v` flag, using the new operators: + + * Intersection :code:`&&` + * Subtraction :code:`--` + * :code:`\q` quoted string + diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index e53d669f3a31..08c8502ad1ad 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -11,6 +11,8 @@ A list of queries for each suite and language `is available here Date: Fri, 4 Apr 2025 12:43:23 +0100 Subject: [PATCH 247/409] Fix qhelp formatting --- .../Variables/LoopVariableCapture/LoopVariableCapture.qhelp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index ae23584344c8..b902f976a537 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -27,10 +27,13 @@ In the following (BAD) example, a `tasks` list is created, but each task capture

    In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. +

    +

    In the following (GOOD) example, functools.partial is used to partially evaluate the lambda expression with the value of i. -

    + + From dc31da82d05c810056593cc92cf5620b03389a4f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 13:42:29 +0100 Subject: [PATCH 248/409] Rust: Fix file name typo. --- ...SummaryStatsReeduced.expected => SummaryStatsReduced.expected} | 0 .../{SummaryStatsReeduced.qlref => SummaryStatsReduced.qlref} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsReeduced.expected => SummaryStatsReduced.expected} (100%) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsReeduced.qlref => SummaryStatsReduced.qlref} (100%) diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref From 8b6c8d7174e489f0ade284c953486c78cdb0b396 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 14:44:39 +0200 Subject: [PATCH 249/409] Rust: Minor path resolution fix for `($)crate` paths --- .../codeql/rust/internal/PathResolution.qll | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index c70ab0049d56..c6ab2135d973 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -194,21 +194,11 @@ abstract class ItemNode extends Locatable { this = result.(ImplOrTraitItemNode).getAnItemInSelfScope() or name = "crate" and - result = - any(CrateItemNode crate | - this = crate.getASourceFile() - or - this = crate.getModuleNode() - ) + this = result.(CrateItemNode).getARootModuleNode() or // todo: implement properly name = "$crate" and - result = - any(CrateItemNode crate | - this = crate.getASourceFile() - or - this = crate.getModuleNode() - ).(Crate).getADependency*() and + result = any(CrateItemNode crate | this = crate.getARootModuleNode()).(Crate).getADependency*() and result.(CrateItemNode).isPotentialDollarCrateTarget() } @@ -237,7 +227,7 @@ abstract private class ModuleLikeNode extends ItemNode { predicate isRoot() { this instanceof SourceFileItemNode or - this = any(CrateItemNode c).getModuleNode() + this = any(Crate c).getModule() } } @@ -294,6 +284,15 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } + /** + * Gets a root module node belonging to this crate. + */ + ModuleLikeNode getARootModuleNode() { + result = this.getASourceFile() + or + result = super.getModule() + } + pragma[nomagic] predicate isPotentialDollarCrateTarget() { exists(string name, RelevantPath p | From e9971ffb9412962dfacf2fbc30d18c82bdb41c31 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 11:59:39 +0100 Subject: [PATCH 250/409] Rust: Change the ID of the new query. --- rust/ql/src/queries/summary/SummaryStatsReduced.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/summary/SummaryStatsReduced.ql b/rust/ql/src/queries/summary/SummaryStatsReduced.ql index 75358064bba7..47669f9da589 100644 --- a/rust/ql/src/queries/summary/SummaryStatsReduced.ql +++ b/rust/ql/src/queries/summary/SummaryStatsReduced.ql @@ -3,7 +3,7 @@ * @description A table of summary statistics about a database, with data that * has been found to be noisy on tests removed. * @kind metric - * @id rust/summary/summary-statistics-reduced + * @id rust/summary/reduced-summary-statistics * @tags summary */ From d47e925e8570a3cdf86a3e6d0b0b26c96ee45955 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 14:43:24 +0100 Subject: [PATCH 251/409] Rust: Delete empty .expected files. --- .../security/CWE-696/CONSISTENCY/DataFlowConsistency.expected | 0 .../security/CWE-825/CONSISTENCY/DataFlowConsistency.expected | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d1..000000000000 diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d1..000000000000 From 1acbdbaaa2ab211ae6f1d921836facefbf70809e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Apr 2025 09:29:51 +0100 Subject: [PATCH 252/409] Rust: Make all query sinks extend QuerySink::Range and import them into Stats.qll (this ensures that sink statistics are complete). --- .../codeql/rust/security/CleartextTransmissionExtensions.qll | 5 ++++- rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll | 4 +++- .../rust/security/WeakSensitiveDataHashingExtensions.qll | 4 ++-- rust/ql/src/queries/summary/Stats.qll | 4 +++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 73495cd1c0d3..8a3892f23474 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -7,12 +7,15 @@ private import codeql.util.Unit private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts /** * A data flow sink for cleartext transmission vulnerabilities. That is, * a `DataFlow::Node` of something that is transmitted over a network. */ -abstract class CleartextTransmissionSink extends DataFlow::Node { } +abstract class CleartextTransmissionSink extends QuerySink::Range { + override string getSinkType() { result = "CleartextTransmission" } +} /** * A barrier for cleartext transmission vulnerabilities. diff --git a/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll b/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll index df8c43212b34..5f8d8b77ee82 100644 --- a/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll @@ -23,7 +23,9 @@ module TaintedPath { /** * A data flow sink for path injection vulnerabilities. */ - abstract class Sink extends DataFlow::Node { } + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "TaintedPath" } + } /** * A barrier for path injection vulnerabilities. diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll index b22e5153ce3a..7b6b6c801d75 100644 --- a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll @@ -44,6 +44,8 @@ module NormalHashFunction { * hashing. That is, a broken or weak hashing algorithm. */ abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "WeakSensitiveDataHashing" } + /** * Gets the name of the weak hashing algorithm. */ @@ -76,8 +78,6 @@ module NormalHashFunction { class WeakHashingOperationInputAsSink extends Sink { Cryptography::HashingAlgorithm algorithm; - override string getSinkType() { result = "WeakSensitiveDataHashing" } - WeakHashingOperationInputAsSink() { exists(Cryptography::CryptographicOperation operation | algorithm.isWeak() and diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a24a4eac9c96..45b5bffa8d1d 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -15,10 +15,12 @@ private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData private import TaintReach // import all query extensions files, so that all extensions of `QuerySink` are found +private import codeql.rust.security.regex.RegexInjectionExtensions private import codeql.rust.security.CleartextLoggingExtensions +private import codeql.rust.security.CleartextTransmissionExtensions private import codeql.rust.security.SqlInjectionExtensions +private import codeql.rust.security.TaintedPathExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions -private import codeql.rust.security.regex.RegexInjectionExtensions /** * Gets a count of the total number of lines of code in the database. From 784ccb740b75092c8cbd0eed902cbec1857d5909 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:02:21 +0100 Subject: [PATCH 253/409] Rust: Define Rust queries and extensions more consistently. --- .../security/CleartextLoggingExtensions.qll | 8 +- .../CleartextTransmissionExtensions.qll | 60 ++++++---- .../rust/security/SqlInjectionExtensions.qll | 8 +- .../regex/RegexInjectionExtensions.qll | 103 ++++++++++-------- .../security/CWE-020/RegexInjection.ql | 8 +- .../queries/security/CWE-089/SqlInjection.ql | 8 +- .../security/CWE-311/CleartextTransmission.ql | 10 +- .../security/CWE-020/RegexInjectionSink.ql | 2 +- 8 files changed, 122 insertions(+), 85 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll index e6bbc0d2a2be..559509ad9f8e 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll @@ -36,8 +36,10 @@ module CleartextLogging { */ private class SensitiveDataAsSource extends Source instanceof SensitiveData { } - /** A sink for logging from model data. */ - private class ModelsAsDataSinks extends Sink { - ModelsAsDataSinks() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) } + /** + * A sink for logging from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) } } } diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 8a3892f23474..2c528dddd9e4 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -10,32 +10,48 @@ private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts /** - * A data flow sink for cleartext transmission vulnerabilities. That is, - * a `DataFlow::Node` of something that is transmitted over a network. + * Provides default sources, sinks and barriers for detecting cleartext transmission + * vulnerabilities, as well as extension points for adding your own. */ -abstract class CleartextTransmissionSink extends QuerySink::Range { - override string getSinkType() { result = "CleartextTransmission" } -} +module CleartextTransmission { + /** + * A data flow source for cleartext transmission vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } -/** - * A barrier for cleartext transmission vulnerabilities. - */ -abstract class CleartextTransmissionBarrier extends DataFlow::Node { } + /** + * A data flow sink for cleartext transmission vulnerabilities. That is, + * a `DataFlow::Node` of something that is transmitted over a network. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "CleartextTransmission" } + } -/** - * A unit class for adding additional flow steps. - */ -class CleartextTransmissionAdditionalFlowStep extends Unit { /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to cleartext transmission vulnerabilities. + * A barrier for cleartext transmission vulnerabilities. */ - abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo); -} + abstract class Barrier extends DataFlow::Node { } -/** - * A sink defined through MaD. - */ -private class MadCleartextTransmissionSink extends CleartextTransmissionSink { - MadCleartextTransmissionSink() { sinkNode(this, "transmission") } + /** + * A unit class for adding additional flow steps. + */ + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to cleartext transmission vulnerabilities. + */ + abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo); + } + + /** + * Sensitive data, considered as a flow source. + */ + private class SensitiveDataAsSource extends Source instanceof SensitiveData { } + + /** + * A sink defined through MaD. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "transmission") } + } } diff --git a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll index 9c61fe4aa52d..8ead5ac684ac 100644 --- a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll @@ -51,8 +51,10 @@ module SqlInjection { SqlExecutionAsSink() { this = any(SqlExecution e).getSql() } } - /** A sink for sql-injection from model data. */ - private class ModelsAsDataSinks extends Sink { - ModelsAsDataSinks() { sinkNode(this, "sql-injection") } + /** + * A sink for sql-injection from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "sql-injection") } } } diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index f1e4060a5cf4..5c0f8b616b6d 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -11,60 +11,71 @@ private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts /** - * A data flow sink for regular expression injection vulnerabilities. + * Provides default sources, sinks and barriers for detecting regular expression + * injection vulnerabilities, as well as extension points for adding your own. */ -abstract class RegexInjectionSink extends QuerySink::Range { - override string getSinkType() { result = "RegexInjection" } -} +module RegexInjection { + /** + * A data flow sink for regular expression injection vulnerabilities. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "RegexInjection" } + } -/** - * A barrier for regular expression injection vulnerabilities. - */ -abstract class RegexInjectionBarrier extends DataFlow::Node { } + /** + * A barrier for regular expression injection vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } -/** A sink for `a` in `Regex::new(a)` when `a` is not a literal. */ -private class NewRegexInjectionSink extends RegexInjectionSink { - NewRegexInjectionSink() { - exists(CallExprCfgNode call, PathExpr path | - path = call.getFunction().getExpr() and - path.getResolvedCrateOrigin() = "repo:https://github.com/rust-lang/regex:regex" and - path.getResolvedPath() = "::new" and - this.asExpr() = call.getArgument(0) and - not this.asExpr() instanceof LiteralExprCfgNode - ) + /** + * A sink for `a` in `Regex::new(a)` when `a` is not a literal. + */ + private class NewSink extends Sink { + NewSink() { + exists(CallExprCfgNode call, PathExpr path | + path = call.getFunction().getExpr() and + path.getResolvedCrateOrigin() = "repo:https://github.com/rust-lang/regex:regex" and + path.getResolvedPath() = "::new" and + this.asExpr() = call.getArgument(0) and + not this.asExpr() instanceof LiteralExprCfgNode + ) + } } -} -private class MadRegexInjectionSink extends RegexInjectionSink { - MadRegexInjectionSink() { sinkNode(this, "regex-use") } -} + /** + * A sink for regular expression injection from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "regex-use") } + } -/** - * A unit class for adding additional flow steps. - */ -class RegexInjectionAdditionalFlowStep extends Unit { /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to regular expression injection vulnerabilities. + * A unit class for adding additional flow steps. */ - abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); -} + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to regular expression injection vulnerabilities. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); + } -/** - * An escape barrier for regular expression injection vulnerabilities. - */ -private class RegexInjectionDefaultBarrier extends RegexInjectionBarrier { - RegexInjectionDefaultBarrier() { - // A barrier is any call to a function named `escape`, in particular this - // makes calls to `regex::escape` a barrier. - this.asExpr() - .getExpr() - .(CallExpr) - .getFunction() - .(PathExpr) - .getPath() - .getSegment() - .getIdentifier() - .getText() = "escape" + /** + * An escape barrier for regular expression injection vulnerabilities. + */ + private class DefaultBarrier extends Barrier { + DefaultBarrier() { + // A barrier is any call to a function named `escape`, in particular this + // makes calls to `regex::escape` a barrier. + this.asExpr() + .getExpr() + .(CallExpr) + .getFunction() + .(PathExpr) + .getPath() + .getSegment() + .getIdentifier() + .getText() = "escape" + } } } diff --git a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql index b49d08969f62..075f6e99d11a 100644 --- a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql +++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql @@ -24,14 +24,16 @@ private import codeql.rust.security.regex.RegexInjectionExtensions * A taint configuration for detecting regular expression injection vulnerabilities. */ module RegexInjectionConfig implements DataFlow::ConfigSig { + import RegexInjection + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } - predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof RegexInjectionBarrier } + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - any(RegexInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo) + any(AdditionalFlowStep s).step(nodeFrom, nodeTo) } } diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql index ee2a3d144868..803cb67e33e8 100644 --- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql +++ b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql @@ -20,11 +20,13 @@ import SqlInjectionFlow::PathGraph * A taint configuration for tainted data that reaches a SQL sink. */ module SqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof SqlInjection::Source } + import SqlInjection - predicate isSink(DataFlow::Node node) { node instanceof SqlInjection::Sink } + predicate isSource(DataFlow::Node node) { node instanceof Source } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier } + predicate isSink(DataFlow::Node node) { node instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } } module SqlInjectionFlow = TaintTracking::Global; diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql index ccf01f6fddad..84b88c3f145d 100644 --- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql +++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql @@ -22,14 +22,16 @@ import codeql.rust.security.CleartextTransmissionExtensions * transmitted over a network. */ module CleartextTransmissionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof SensitiveData } + import CleartextTransmission - predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink } + predicate isSource(DataFlow::Node node) { node instanceof Source } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier } + predicate isSink(DataFlow::Node node) { node instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo) + any(AdditionalFlowStep s).step(nodeFrom, nodeTo) } predicate isBarrierIn(DataFlow::Node node) { diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql index 0723ec5bb5b7..c7da47a11722 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql @@ -1,4 +1,4 @@ private import codeql.rust.dataflow.DataFlow private import codeql.rust.security.regex.RegexInjectionExtensions -query predicate regexInjectionSink(DataFlow::Node node) { node instanceof RegexInjectionSink } +query predicate regexInjectionSink(DataFlow::Node node) { node instanceof RegexInjection::Sink } From 0db551032c21dabe50b2ec0c48ad28b7dc98973e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:23:53 +0100 Subject: [PATCH 254/409] Rust: Make imports consistent and correct. --- .../rust/security/CleartextTransmissionExtensions.qll | 1 + rust/ql/src/queries/security/CWE-022/TaintedPath.ql | 7 ++++--- rust/ql/src/queries/security/CWE-089/SqlInjection.ql | 3 ++- .../src/queries/security/CWE-311/CleartextTransmission.ql | 1 - rust/ql/src/queries/security/CWE-312/CleartextLogging.ql | 2 +- .../queries/security/CWE-328/WeakSensitiveDataHashing.ql | 2 +- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 2c528dddd9e4..2dfe77ee8ba1 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -7,6 +7,7 @@ private import codeql.util.Unit private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.security.SensitiveData private import codeql.rust.Concepts /** diff --git a/rust/ql/src/queries/security/CWE-022/TaintedPath.ql b/rust/ql/src/queries/security/CWE-022/TaintedPath.ql index fcc1c89ef662..8896cf608427 100644 --- a/rust/ql/src/queries/security/CWE-022/TaintedPath.ql +++ b/rust/ql/src/queries/security/CWE-022/TaintedPath.ql @@ -16,11 +16,10 @@ import rust import codeql.rust.dataflow.DataFlow -import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl import codeql.rust.dataflow.TaintTracking +import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl +import codeql.rust.Concepts import codeql.rust.security.TaintedPathExtensions -import TaintedPathFlow::PathGraph -private import codeql.rust.Concepts newtype NormalizationState = /** A state signifying that the file path has not been normalized. */ @@ -84,6 +83,8 @@ module TaintedPathConfig implements DataFlow::StateConfigSig { module TaintedPathFlow = TaintTracking::GlobalWithState; +import TaintedPathFlow::PathGraph + from TaintedPathFlow::PathNode source, TaintedPathFlow::PathNode sink where TaintedPathFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql index 803cb67e33e8..f61295263bfb 100644 --- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql +++ b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql @@ -14,7 +14,6 @@ import rust import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking import codeql.rust.security.SqlInjectionExtensions -import SqlInjectionFlow::PathGraph /** * A taint configuration for tainted data that reaches a SQL sink. @@ -31,6 +30,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { module SqlInjectionFlow = TaintTracking::Global; +import SqlInjectionFlow::PathGraph + from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode where SqlInjectionFlow::flowPath(sourceNode, sinkNode) select sinkNode.getNode(), sourceNode, sinkNode, "This query depends on a $@.", diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql index 84b88c3f145d..739dca0f4185 100644 --- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql +++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql @@ -13,7 +13,6 @@ import rust import codeql.rust.dataflow.DataFlow -import codeql.rust.security.SensitiveData import codeql.rust.dataflow.TaintTracking import codeql.rust.security.CleartextTransmissionExtensions diff --git a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql index fd6d538f13f2..75bd47e76dc9 100644 --- a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql +++ b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql @@ -14,9 +14,9 @@ */ import rust -import codeql.rust.security.CleartextLoggingExtensions import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking +import codeql.rust.security.CleartextLoggingExtensions /** * A taint-tracking configuration for cleartext logging vulnerabilities. diff --git a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql index b22fe5762128..0f8d23fbc29c 100755 --- a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +++ b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql @@ -13,9 +13,9 @@ */ import rust -import codeql.rust.security.WeakSensitiveDataHashingExtensions import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking +import codeql.rust.security.WeakSensitiveDataHashingExtensions /** * Provides a taint-tracking configuration for detecting use of a broken or weak From 47ee6c6b815b1ecd86a265c8d6972315b23f767d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:27:16 +0100 Subject: [PATCH 255/409] Rust: Give regex injection extendable sources as well. --- .../rust/security/regex/RegexInjectionExtensions.qll | 10 ++++++++++ rust/ql/src/queries/security/CWE-020/RegexInjection.ql | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index 5c0f8b616b6d..36ae9116724b 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -15,6 +15,11 @@ private import codeql.rust.Concepts * injection vulnerabilities, as well as extension points for adding your own. */ module RegexInjection { + /** + * A data flow source for regular expression injection vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + /** * A data flow sink for regular expression injection vulnerabilities. */ @@ -27,6 +32,11 @@ module RegexInjection { */ abstract class Barrier extends DataFlow::Node { } + /** + * An active threat-model source, considered as a flow source. + */ + private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { } + /** * A sink for `a` in `Regex::new(a)` when `a` is not a literal. */ diff --git a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql index 075f6e99d11a..14d6d8e167ed 100644 --- a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql +++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql @@ -17,7 +17,6 @@ private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.TaintTracking -private import codeql.rust.Concepts private import codeql.rust.security.regex.RegexInjectionExtensions /** @@ -26,7 +25,7 @@ private import codeql.rust.security.regex.RegexInjectionExtensions module RegexInjectionConfig implements DataFlow::ConfigSig { import RegexInjection - predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } + predicate isSource(DataFlow::Node source) { source instanceof Source } predicate isSink(DataFlow::Node sink) { sink instanceof Sink } From ff78c45e500aa52bc33e1682536f3320e6a361e9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:33:27 +0100 Subject: [PATCH 256/409] Rust: Abstractions then implementations. --- .../regex/RegexInjectionExtensions.qll | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index 36ae9116724b..4daff543b980 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -32,6 +32,17 @@ module RegexInjection { */ abstract class Barrier extends DataFlow::Node { } + /** + * A unit class for adding additional flow steps. + */ + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to regular expression injection vulnerabilities. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); + } + /** * An active threat-model source, considered as a flow source. */ @@ -59,17 +70,6 @@ module RegexInjection { ModelsAsDataSink() { sinkNode(this, "regex-use") } } - /** - * A unit class for adding additional flow steps. - */ - class AdditionalFlowStep extends Unit { - /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to regular expression injection vulnerabilities. - */ - abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); - } - /** * An escape barrier for regular expression injection vulnerabilities. */ From d7c14ec0656f44cb7063ef934b97b6ce93633e2c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 20:47:16 +0100 Subject: [PATCH 257/409] Rust: Revert change to Cargo.lock. --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index db07984a44b7..7719e26ffd24 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -325,9 +325,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.35" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944" +checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83" dependencies = [ "clap_builder", "clap_derive", @@ -335,9 +335,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.35" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9" +checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8" dependencies = [ "anstream", "anstyle", From a5883b1627a8edfc7bca0196d5ce219f31baede8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 21:45:37 +0100 Subject: [PATCH 258/409] Rust: Accept test changes (due to added models?). --- .../dataflow/local/DataFlowStep.expected | 9 ++ .../security/CWE-020/RegexInjection.expected | 8 +- .../UncontrolledAllocationSize.expected | 152 +++++++++--------- 3 files changed, 89 insertions(+), 80 deletions(-) diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 9676fd3f2afe..6edba8b73ba6 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -2161,6 +2161,13 @@ storeStep | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Err(0)].Reference in lang:core::_::::as_ref | &ref | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Err(0)] in lang:core::_::::as_ref | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::search_tree_for_bifurcation | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::search_tree_for_bifurcation | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::from_str | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::from_str | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::align_to | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::align_to | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::array | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::array | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::extend | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend_packed | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::extend_packed | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::from_size_align | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::from_size_align | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::repeat | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat_packed | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::repeat_packed | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::try_insert | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::try_insert | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::ok_or | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::ok_or | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::ok_or_else | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::ok_or_else | @@ -2194,6 +2201,8 @@ storeStep | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text_with_charset | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text_with_charset | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in repo:https://github.com/servo/rust-url:url::_::::parse | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/servo/rust-url:url::_::::parse | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:alloc::_::::search_tree_for_bifurcation | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::search_tree_for_bifurcation | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:core::_::::extend | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:core::_::::repeat | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout_ms | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout_ms | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout_while | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout_while | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 1dd626144da7..4d5a046ccc57 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:64 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1627 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:68 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1660 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:100 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3050 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:119 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3083 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 9cc7f803aac8..8fbaf7659394 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -53,18 +53,18 @@ edges | main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:31 | +| main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance | | | main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | -| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:22:31:22:53 | ... .unwrap(...) | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:23:31:23:53 | ... .unwrap(...) | main.rs:23:31:23:68 | ... .pad_to_align(...) | provenance | MaD:25 | -| main.rs:23:31:23:68 | ... .pad_to_align(...) | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:31 | +| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:31 | +| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:25 | +| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | @@ -79,10 +79,10 @@ edges | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | | main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size(...) | provenance | MaD:28 | +| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:28 | | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | -| main.rs:39:60:39:68 | l6.size(...) | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | +| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | @@ -90,19 +90,19 @@ edges | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:31 | +| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:31 | +| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | @@ -116,29 +116,29 @@ edges | main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:22 | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | | main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:19 | | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | | main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:31 | +| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:21 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:31 | +| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:31 | +| main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance | | | main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | @@ -150,15 +150,15 @@ edges | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | -| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:31 | +| main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance | | | main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance | | | main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | @@ -170,27 +170,27 @@ edges | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance | | | main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | | main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance | | | main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | | main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance | | | main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | | main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance | | | main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | @@ -198,8 +198,8 @@ edges | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | -| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:192:14:192:56 | ... .unwrap(...) | main.rs:192:9:192:10 | l2 | provenance | | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:31 | +| main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance | | | main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | @@ -226,13 +226,13 @@ edges | main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | | main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:32 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | -| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | +| main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | | main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | | -| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:31 | +| main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance | | | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | @@ -247,9 +247,9 @@ edges | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | | main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:317:13:317:91 | ... .unwrap(...) | main.rs:317:9:317:9 | v | provenance | | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:32 | +| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:31 | +| main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | | | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | | main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | | main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | @@ -297,17 +297,17 @@ nodes | main.rs:18:41:18:41 | v | semmle.label | v | | main.rs:20:9:20:10 | l2 | semmle.label | l2 | | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:20:14:20:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:20:14:20:63 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:20:50:20:50 | v | semmle.label | v | | main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:21:31:21:32 | l2 | semmle.label | l2 | | main.rs:22:13:22:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | -| main.rs:22:31:22:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:22:31:22:53 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:23:13:23:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | -| main.rs:23:31:23:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:23:31:23:68 | ... .pad_to_align(...) | semmle.label | ... .pad_to_align(...) | +| main.rs:23:31:23:53 | ... .unwrap() | semmle.label | ... .unwrap() | +| main.rs:23:31:23:68 | ... .pad_to_align() | semmle.label | ... .pad_to_align() | | main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | | main.rs:24:38:24:39 | l2 | semmle.label | l2 | | main.rs:29:9:29:10 | l4 | semmle.label | l4 | @@ -328,27 +328,27 @@ nodes | main.rs:37:31:37:32 | l6 | semmle.label | l6 | | main.rs:39:9:39:10 | l7 | semmle.label | l7 | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | -| main.rs:39:60:39:68 | l6.size(...) | semmle.label | l6.size(...) | +| main.rs:39:60:39:68 | l6.size() | semmle.label | l6.size() | | main.rs:40:13:40:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:40:31:40:32 | l7 | semmle.label | l7 | | main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | | main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | -| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:50:31:50:53 | ... .0 | semmle.label | ... .0 | | main.rs:50:41:50:41 | v | semmle.label | v | | main.rs:51:13:51:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | -| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:51:31:51:57 | ... .0 | semmle.label | ... .0 | | main.rs:51:41:51:45 | ... + ... | semmle.label | ... + ... | | main.rs:53:13:53:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | -| main.rs:53:31:53:58 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:53:31:53:58 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:53:48:53:48 | v | semmle.label | v | | main.rs:54:13:54:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | -| main.rs:54:31:54:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:54:31:54:63 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:54:48:54:53 | ... * ... | semmle.label | ... * ... | | main.rs:58:9:58:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:58:10:58:11 | k1 | semmle.label | k1 | @@ -360,46 +360,46 @@ nodes | main.rs:60:9:60:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:60:10:60:11 | k2 | semmle.label | k2 | | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | semmle.label | l3.extend(...) [Ok, tuple.0] | -| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:60:34:60:35 | k1 | semmle.label | k1 | | main.rs:61:13:61:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:61:31:61:32 | k2 | semmle.label | k2 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:62:10:62:11 | k3 | semmle.label | k3 | | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | semmle.label | k1.extend(...) [Ok, tuple.0] | -| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:63:13:63:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:63:31:63:32 | k3 | semmle.label | k3 | | main.rs:64:13:64:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | semmle.label | l3.extend_packed(...) [Ok] | -| main.rs:64:31:64:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:64:31:64:59 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:64:48:64:49 | k1 | semmle.label | k1 | | main.rs:65:13:65:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | semmle.label | k1.extend_packed(...) [Ok] | -| main.rs:65:31:65:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:65:31:65:59 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:67:9:67:10 | l4 | semmle.label | l4 | | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:67:14:67:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:14:67:56 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | | main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | | main.rs:87:9:87:14 | layout | semmle.label | layout | | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:18:87:67 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:87:54:87:54 | v | semmle.label | v | | main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:92:14:92:57 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:92:47:92:47 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | | main.rs:101:13:101:14 | l3 | semmle.label | l3 | | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:18:101:61 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | @@ -412,7 +412,7 @@ nodes | main.rs:111:35:111:36 | l1 | semmle.label | l1 | | main.rs:145:13:145:14 | l9 | semmle.label | l9 | | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:18:145:61 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | @@ -420,21 +420,21 @@ nodes | main.rs:148:35:148:36 | l9 | semmle.label | l9 | | main.rs:151:9:151:11 | l10 | semmle.label | l10 | | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:15:151:78 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | | main.rs:151:62:151:62 | v | semmle.label | v | | main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:152:31:152:33 | l10 | semmle.label | l10 | | main.rs:154:9:154:11 | l11 | semmle.label | l11 | | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:15:154:78 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | | main.rs:154:62:154:62 | v | semmle.label | v | | main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:155:31:155:33 | l11 | semmle.label | l11 | | main.rs:161:13:161:15 | l13 | semmle.label | l13 | | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:19:161:68 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:161:55:161:55 | v | semmle.label | v | | main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:162:35:162:37 | l13 | semmle.label | l13 | @@ -445,7 +445,7 @@ nodes | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | | main.rs:192:9:192:10 | l2 | semmle.label | l2 | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:192:14:192:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:192:14:192:56 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:192:46:192:46 | v | semmle.label | v | | main.rs:193:32:193:36 | alloc | semmle.label | alloc | | main.rs:193:38:193:39 | l2 | semmle.label | l2 | @@ -476,11 +476,11 @@ nodes | main.rs:224:31:224:31 | v | semmle.label | v | | main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | | main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | -| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:280:21:280:47 | user_input.parse() [Ok] | semmle.label | user_input.parse() [Ok] | | main.rs:280:21:280:48 | TryExpr | semmle.label | TryExpr | | main.rs:282:9:282:14 | layout | semmle.label | layout | | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:282:18:282:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:282:18:282:75 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | | main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | | main.rs:284:40:284:45 | layout | semmle.label | layout | @@ -493,8 +493,8 @@ nodes | main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | | main.rs:317:13:317:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | | main.rs:317:13:317:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:317:13:317:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:317:13:317:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:317:13:317:82 | ... .parse() [Ok] | semmle.label | ... .parse() [Ok] | +| main.rs:317:13:317:91 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:320:34:320:34 | v | semmle.label | v | | main.rs:321:42:321:42 | v | semmle.label | v | | main.rs:322:36:322:36 | v | semmle.label | v | From c9939387f8512d39e52b8f201d89926519d8be48 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 21:47:22 +0100 Subject: [PATCH 259/409] Rust: Turn on PrettyPrintModels for RegexInjection so we hopefully don't have to deal with test result changes there as often. --- .../security/CWE-020/RegexInjection.expected | 13 +++++++++---- .../security/CWE-020/RegexInjection.qlref | 4 +++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 4d5a046ccc57..c86d5f444d67 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,16 +2,21 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:68 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1660 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:1 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:3 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:119 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3083 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:2 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:4 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | +models +| 1 | Source: lang:std; crate::env::var; environment-source; ReturnValue.Field[crate::result::Result::Ok(0)] | +| 2 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint | +| 3 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 4 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value | nodes | main.rs:4:9:4:16 | username | semmle.label | username | | main.rs:4:20:4:32 | ...::var | semmle.label | ...::var | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref index bc028b7e20d6..390ef3fe5757 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref @@ -1,2 +1,4 @@ query: queries/security/CWE-020/RegexInjection.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql From f992c714fd9ca1b90002fec25525bb8dc5f9bbef Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 7 Apr 2025 09:24:26 +0200 Subject: [PATCH 260/409] Ruby: Add change note --- ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md diff --git a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md new file mode 100644 index 000000000000..7570dffb7407 --- /dev/null +++ b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. From 6fb5376c5f65259ef1e185c3d83820c5130b1c26 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 11:44:40 +0200 Subject: [PATCH 261/409] Refactor `ReceivedItemAsRemoteFlow` to handle data from both client and server WebSocket sources --- .../javascript/frameworks/WebSocket.qll | 19 +++++----- .../frameworks/WebSocket/browser-custom.js | 18 +++++----- .../frameworks/WebSocket/browser.js | 8 ++--- .../frameworks/WebSocket/client-custom.js | 4 +-- .../frameworks/WebSocket/client.js | 2 +- .../frameworks/WebSocket/test.expected | 36 +++++++++++++------ 6 files changed, 53 insertions(+), 34 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index da110c6562c0..5e40360a4d85 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -344,15 +344,18 @@ module ServerWebSocket { result = this.getCallback(1).getParameter(0) } } +} - /** - * A data flow node representing data received from a client, viewed as remote user input. - */ - private class ReceivedItemAsRemoteFlow extends RemoteFlowSource { - ReceivedItemAsRemoteFlow() { this = any(ReceiveNode rercv).getReceivedItem(_) } +/** + * A data flow node representing data received from a client or server, viewed as remote user input. + */ +private class ReceivedItemAsRemoteFlow extends RemoteFlowSource { + ReceivedItemAsRemoteFlow() { + this = any(ClientWebSocket::ReceiveNode rercv).getReceivedItem(_) or + this = any(ServerWebSocket::ReceiveNode rercv).getReceivedItem(_) + } - override string getSourceType() { result = "WebSocket client data" } + override string getSourceType() { result = "WebSocket transmitted data" } - override predicate isUserControlledObject() { any() } - } + override predicate isUserControlledObject() { any() } } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index ad0d30fb01ea..f7ac5b0f4fe3 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -8,11 +8,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }); socket.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $ clientReceive socket.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $ clientReceive })(); @@ -24,12 +24,12 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }; sock.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow sock.close(); }; // $ clientReceive sock.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $ clientReceive })(); @@ -40,11 +40,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }); myWebSocketInstance.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $ clientReceive myWebSocketInstance.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $ clientReceive })(); @@ -55,18 +55,18 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }; mySockJSInstance.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow mySockJSInstance.close(); }; // $ clientReceive mySockJSInstance.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $ clientReceive })(); const recv_message = function (e) { - console.log('Received message:', e.data); + console.log('Received message:', e.data); // $ remoteFlow }; // $ clientReceive (function () { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index f966879f9f25..4d82c113e088 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -6,11 +6,11 @@ }); socket.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $clientReceive socket.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $clientReceive })(); @@ -22,12 +22,12 @@ }; sock.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow sock.close(); }; // $clientReceive sock.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index dd8c84e87c0d..24eeebdb4ccf 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -7,7 +7,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); ws.send('Hi from client!'); // $ clientSend }); - ws.on('message', function incoming(data) { + ws.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $ clientReceive })(); @@ -17,7 +17,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); myWebSocketWSInstance.send('Hi from client!'); // $ clientSend }); - myWebSocketWSInstance.on('message', function incoming(data) { + myWebSocketWSInstance.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index 54a200f33793..7061d51a954c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -7,7 +7,7 @@ const WebSocket = require('ws'); ws.send('Hi from client!'); // $clientSend }); - ws.on('message', function incoming(data) { + ws.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 7480e0668766..d08070a1a71a 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,17 +1,17 @@ clientReceive -| browser-custom.js:10:37:12:2 | functio ... ta);\\n\\t} | -| browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | +| browser-custom.js:10:37:12:2 | functio ... Flow\\n\\t} | +| browser-custom.js:14:21:16:2 | functio ... Flow\\n\\t} | | browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | -| browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | -| browser-custom.js:42:53:44:5 | functio ... ;\\n } | -| browser-custom.js:46:37:48:5 | functio ... )\\n } | +| browser-custom.js:31:35:33:2 | functio ... Flow\\n\\t} | +| browser-custom.js:42:53:44:5 | functio ... w\\n } | +| browser-custom.js:46:37:48:5 | functio ... w\\n } | | browser-custom.js:57:34:60:5 | functio ... ;\\n } | -| browser-custom.js:62:50:64:5 | functio ... ;\\n } | -| browser-custom.js:68:22:70:1 | functio ... ata);\\n} | -| browser.js:8:37:10:2 | functio ... ta);\\n\\t} | -| browser.js:12:21:14:2 | functio ... ata)\\n\\t} | +| browser-custom.js:62:50:64:5 | functio ... w\\n } | +| browser-custom.js:68:22:70:1 | functio ... eFlow\\n} | +| browser.js:8:37:10:2 | functio ... Flow\\n\\t} | +| browser.js:12:21:14:2 | functio ... Flow\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | -| browser.js:29:35:31:2 | functio ... ta);\\n\\t} | +| browser.js:29:35:31:2 | functio ... Flow\\n\\t} | | client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | | client-custom.js:20:38:22:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | @@ -102,6 +102,22 @@ flowSteps | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow +| browser-custom.js:11:39:11:48 | event.data | +| browser-custom.js:15:40:15:49 | event.data | +| browser-custom.js:27:26:27:31 | e.data | +| browser-custom.js:32:42:32:51 | event.data | +| browser-custom.js:43:45:43:54 | event.data | +| browser-custom.js:47:46:47:55 | event.data | +| browser-custom.js:58:32:58:37 | e.data | +| browser-custom.js:63:48:63:57 | event.data | +| browser-custom.js:69:38:69:43 | e.data | +| browser.js:9:39:9:48 | event.data | +| browser.js:13:40:13:49 | event.data | +| browser.js:25:26:25:31 | e.data | +| browser.js:30:42:30:51 | event.data | +| client-custom.js:10:37:10:40 | data | +| client-custom.js:20:56:20:59 | data | +| client.js:10:37:10:40 | data | | server-custom.js:7:38:7:44 | message | | server-custom.js:17:38:17:44 | message | | server.js:7:38:7:44 | message | From 5c2d6e3d0fa3dbbaa01235301f15b552fe03780f Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 11:45:43 +0200 Subject: [PATCH 262/409] Rust: Add path resolution test for Self in trait implementation --- .../library-tests/path-resolution/main.rs | 28 ++++ .../path-resolution/path-resolution.expected | 124 +++++++++--------- 2 files changed, 93 insertions(+), 59 deletions(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 3d54b1a4b6a4..2f9c2c19fbec 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -520,6 +520,33 @@ mod m21 { } } +mod m23 { + #[rustfmt::skip] + trait Trait1< + T // I1 + > { + fn f(&self); // // I3 + } // I2 + + struct S; // I4 + + #[rustfmt::skip] + impl Trait1< + Self // $ MISSING: item=I4 + > // $ item=I2 + for S { // $ item=I4 + fn f(&self) { + println!("m23::>::f"); + } // I5 + } + + #[rustfmt::skip] + pub fn f() { + let x = S; // $ item=I4 + x.f(); // $ item=I5 + } // I108 +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 @@ -547,4 +574,5 @@ fn main() { my3::f(); // $ item=I200 nested_f(); // $ item=I201 m18::m19::m20::g(); // $ item=I103 + m23::f(); // $ item=I108 } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index a7ead02db842..54914c79c372 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -27,6 +27,7 @@ mod | main.rs:496:1:521:1 | mod m21 | | main.rs:497:5:503:5 | mod m22 | | main.rs:505:5:520:5 | mod m33 | +| main.rs:523:1:548:1 | mod m23 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -59,7 +60,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:550:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:578:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -71,7 +72,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:550:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:578:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -85,7 +86,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:550:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:578:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -234,61 +235,66 @@ resolvePath | main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | | main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | -| main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:524:5:524:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:524:5:524:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:525:5:525:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:525:5:525:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:526:5:526:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:526:5:526:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:526:5:526:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:526:5:526:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:527:5:527:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:528:5:528:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:529:5:529:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:529:5:529:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:530:5:530:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:530:5:530:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:530:5:530:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:531:5:531:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:531:5:531:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:531:5:531:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:531:5:531:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:532:5:532:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:532:5:532:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:533:5:533:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:534:5:534:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:535:5:535:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:536:5:536:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:537:5:537:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:537:5:537:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:538:5:538:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:538:5:538:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:539:5:539:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:539:5:539:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:540:5:540:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:540:5:540:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:541:5:541:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:541:5:541:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:542:5:542:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:542:5:542:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:543:5:543:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:543:5:543:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:544:5:544:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:544:5:544:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:545:5:545:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:545:5:545:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:546:5:546:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:546:5:546:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:547:5:547:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:547:5:547:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:548:5:548:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:549:5:549:7 | m18 | main.rs:476:1:494:1 | mod m18 | -| main.rs:549:5:549:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | -| main.rs:549:5:549:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | -| main.rs:549:5:549:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:534:10:536:5 | Trait1::<...> | main.rs:524:5:529:5 | trait Trait1 | +| main.rs:537:11:537:11 | S | main.rs:531:5:531:13 | struct S | +| main.rs:545:17:545:17 | S | main.rs:531:5:531:13 | struct S | +| main.rs:551:5:551:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:551:5:551:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:551:5:551:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:551:5:551:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:551:5:551:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:552:5:552:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:552:5:552:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:553:5:553:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:553:5:553:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:553:5:553:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:553:5:553:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:554:5:554:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:555:5:555:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:556:5:556:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:556:5:556:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:557:5:557:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:557:5:557:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:557:5:557:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:558:5:558:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:558:5:558:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:558:5:558:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:558:5:558:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:559:5:559:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:559:5:559:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:560:5:560:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:561:5:561:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:562:5:562:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:563:5:563:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:564:5:564:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:564:5:564:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:565:5:565:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:565:5:565:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:566:5:566:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:566:5:566:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:567:5:567:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:567:5:567:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:568:5:568:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:568:5:568:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:569:5:569:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:569:5:569:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:570:5:570:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:570:5:570:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:571:5:571:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:571:5:571:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:572:5:572:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:572:5:572:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:573:5:573:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:573:5:573:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:574:5:574:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:574:5:574:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:575:5:575:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:576:5:576:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:576:5:576:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:576:5:576:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:576:5:576:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:577:5:577:7 | m23 | main.rs:523:1:548:1 | mod m23 | +| main.rs:577:5:577:10 | ...::f | main.rs:543:5:547:5 | fn f | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -302,7 +308,7 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:550:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | From 6cecf7e618fbeec0e159520c9ed8fc447bcf84b9 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 11:47:48 +0200 Subject: [PATCH 263/409] Rust: Resolve Self path in trait type of implementation --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 ++ rust/ql/test/library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/path-resolution.expected | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index c70ab0049d56..24b0efd28a46 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -373,6 +373,8 @@ abstract class ImplOrTraitItemNode extends ItemNode { /** Gets an item that may refer to this node using `Self`. */ pragma[nomagic] ItemNode getAnItemInSelfScope() { + result = this + or result.getImmediateParent() = this or exists(ItemNode mid | diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 2f9c2c19fbec..6e7fa8af354a 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -532,7 +532,7 @@ mod m23 { #[rustfmt::skip] impl Trait1< - Self // $ MISSING: item=I4 + Self // $ item=I4 > // $ item=I2 for S { // $ item=I4 fn f(&self) { diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 54914c79c372..1d480f2f5ad9 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -236,6 +236,7 @@ resolvePath | main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:534:10:536:5 | Trait1::<...> | main.rs:524:5:529:5 | trait Trait1 | +| main.rs:535:7:535:10 | Self | main.rs:531:5:531:13 | struct S | | main.rs:537:11:537:11 | S | main.rs:531:5:531:13 | struct S | | main.rs:545:17:545:17 | S | main.rs:531:5:531:13 | struct S | | main.rs:551:5:551:6 | my | main.rs:1:1:1:7 | mod my | From c4fa4176802a27405e418ba0a87325c502b34cc0 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:11:33 +0200 Subject: [PATCH 264/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-websocket.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-websocket.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md new file mode 100644 index 000000000000..a6f6e214f3af --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Improved `WebSocket` analysis by refactoring the model to use API graphs. +* Added data received from `WebSocket` clients as a remote flow source. From 93882263f934cf1c717b259b72e99ae747b8e749 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:32:18 +0200 Subject: [PATCH 265/409] Added test case for `Uint8Array` and `TypedArray.prototype.buffer` --- .../TaintTracking/BasicTaintTracking.expected | 3 +++ .../test/library-tests/TaintTracking/typed-arrays.js | 12 ++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 javascript/ql/test/library-tests/TaintTracking/typed-arrays.js diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 4a0575eb73e1..b16953795b1d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,6 +40,9 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:5 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:7 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:11 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js new file mode 100644 index 000000000000..c29c7bef9548 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -0,0 +1,12 @@ +function test() { + let x = source(); + + let y = new Uint8Array(x); + sink(y); // NOT OK + + sink(y.buffer); // NOT OK + sink(y.length); + + var arr = new Uint8Array(y.buffer, y.byteOffset, y.byteLength); + sink(arr); // NOT OK +} From d17d44125cac4b2898a5f1093d4e7d068b634065 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Mon, 7 Apr 2025 12:43:37 +0200 Subject: [PATCH 266/409] Java: add integration test for query suite contents --- .../java-code-quality.qls.expected | 11 + .../java-code-scanning.qls.expected | 79 ++++++ .../java-security-and-quality.qls.expected | 243 ++++++++++++++++++ .../java-security-extended.qls.expected | 123 +++++++++ .../java/query-suite/test.py | 15 ++ 5 files changed, 471 insertions(+) create mode 100644 java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/test.py diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected new file mode 100644 index 000000000000..1b231590e6a3 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -0,0 +1,11 @@ +/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected new file mode 100644 index 000000000000..9f22d395c39d --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected @@ -0,0 +1,79 @@ +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected new file mode 100644 index 000000000000..7da7bc5119e3 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected @@ -0,0 +1,243 @@ +/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql +/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql +/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql +/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql +/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql +/ql/java/ql/src/DeadCode/UselessParameter.ql +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql +/ql/java/ql/src/Language Abuse/IterableIterator.ql +/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql +/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql +/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +/ql/java/ql/src/Language Abuse/UselessNullCheck.ql +/ql/java/ql/src/Language Abuse/UselessTypeTest.ql +/ql/java/ql/src/Language Abuse/WrappedIterator.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql +/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql +/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql +/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql +/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql +/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql +/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql +/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql +/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql +/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql +/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql +/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql +/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql +/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql +/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql +/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql +/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql +/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql +/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql +/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql +/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql +/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql +/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql +/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql +/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql +/ql/java/ql/src/Performance/InefficientKeySetIterator.ql +/ql/java/ql/src/Performance/InefficientOutputStream.ql +/ql/java/ql/src/Performance/InefficientPrimConstructor.ql +/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql +/ql/java/ql/src/Performance/NewStringString.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql +/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql +/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected new file mode 100644 index 000000000000..adcdc17c6c15 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected @@ -0,0 +1,123 @@ +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py new file mode 100644 index 000000000000..9a95a8089989 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -0,0 +1,15 @@ +import runs_on + +@runs_on.linux +def test(codeql, java, cwd, expected_files, semmle_code_dir): + query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] + + for query_suite in query_suites: + actual = codeql.resolve.queries(query_suite, _capture=True).strip() + actual = sorted(actual.split('\n')) + print(semmle_code_dir) + index = len(str(semmle_code_dir)) + actual = [line[index:] for line in actual] + actual_file_name = query_suite + '.actual' + expected_files.add(actual_file_name) + (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') From acc565f84ef4a51d1d8b157fb3e09893cea538c2 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 12:50:31 +0200 Subject: [PATCH 267/409] Rust: Refactor PathMention as suggested in review --- rust/ql/lib/codeql/rust/internal/TypeMention.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index 2fd50b974c98..3390d9592317 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -62,18 +62,22 @@ class TypeReprMention extends TypeMention, TypeRepr { } } -/** Holds if `path` resolves the type alias `alias` with the definition `rhs`. */ +/** Holds if `path` resolves to the type alias `alias` with the definition `rhs`. */ private predicate resolvePathAlias(Path path, TypeAlias alias, TypeReprMention rhs) { alias = resolvePath(path) and rhs = alias.getTypeRepr() } -abstract class PathMention extends TypeMention, Path { } +abstract class PathMention extends TypeMention, Path { + override TypeMention getTypeArgument(int i) { + result = this.getSegment().getGenericArgList().getTypeArg(i) + } +} class NonAliasPathMention extends PathMention { NonAliasPathMention() { not resolvePathAlias(this, _, _) } override TypeMention getTypeArgument(int i) { - result = this.getSegment().getGenericArgList().getTypeArg(i) + result = super.getTypeArgument(i) or // `Self` paths inside `impl` blocks have implicit type arguments that are // the type parameters of the `impl` block. For example, in @@ -120,10 +124,6 @@ class AliasPathMention extends PathMention { AliasPathMention() { resolvePathAlias(this, alias, rhs) } - override TypeMention getTypeArgument(int i) { - result = this.getSegment().getGenericArgList().getTypeArg(i) - } - /** Get the `i`th type parameter of the alias itself. */ private TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(alias.getGenericParamList().getTypeParam(i)) From 5dba2412b5b8bacbc54b617883f605e29451df7e Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 12:53:13 +0200 Subject: [PATCH 268/409] Rust: Fix annotation in comment --- rust/ql/test/library-tests/path-resolution/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 6e7fa8af354a..467248219a4c 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -525,7 +525,7 @@ mod m23 { trait Trait1< T // I1 > { - fn f(&self); // // I3 + fn f(&self); // I3 } // I2 struct S; // I4 From 2c2506c4f813a5e99bcc259f36b0825647cc40c0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 12:07:51 +0100 Subject: [PATCH 269/409] Rust: Add Rust SSA inconsistency infrastructure. --- rust/ql/consistency-queries/SsaConsistency.ql | 9 ++++++++- .../hello-project/summary.expected | 1 + .../hello-workspace/summary.cargo.expected | 1 + .../hello-workspace/summary.rust-project.expected | 1 + .../queries/diagnostics/SsaConsistencyCounts.ql | 14 ++++++++++++++ rust/ql/src/queries/summary/Stats.qll | 10 ++++++++++ .../diagnostics/SsaConsistencyCounts.expected | 0 .../diagnostics/SsaConsistencyCounts.qlref | 1 + .../diagnostics/SummaryStatsReduced.expected | 1 + shared/ssa/codeql/ssa/Ssa.qll | 7 +++++++ 10 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql create mode 100644 rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected create mode 100644 rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref diff --git a/rust/ql/consistency-queries/SsaConsistency.ql b/rust/ql/consistency-queries/SsaConsistency.ql index 51a5f97e9786..f28b71e2a7d6 100644 --- a/rust/ql/consistency-queries/SsaConsistency.ql +++ b/rust/ql/consistency-queries/SsaConsistency.ql @@ -1,3 +1,10 @@ -import codeql.rust.dataflow.Ssa +/** + * @name Static single assignment inconsistencies + * @description Lists the static single assignment inconsistencies in the database. This query is intended for internal use. + * @kind table + * @id rust/diagnostics/ssa-consistency + */ + + import codeql.rust.dataflow.Ssa import codeql.rust.dataflow.internal.SsaImpl import Consistency diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1ce4e784cbf2..1f343b197c0f 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 6 | | Lines of user code extracted | 6 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 67da3bcf3090..5912f7d69baf 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 9 | | Lines of user code extracted | 9 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 67da3bcf3090..5912f7d69baf 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 9 | | Lines of user code extracted | 9 | diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql new file mode 100644 index 000000000000..8293b6883f9f --- /dev/null +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -0,0 +1,14 @@ +/** + * @name Static single assignment inconsistency counts + * @description Counts the number of static single assignment inconsistencies of each type. This query is intended for internal use. + * @kind diagnostic + * @id rust/diagnostics/ssa-consistency-counts + */ + + private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl + +// see also `rust/diagnostics/ssa-consistency`, which lists the +// individual inconsistency results. +from string type, int num +where num = SsaImpl::Consistency::getInconsistencyCounts(type) +select type, num diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index ec252c36d701..a2e9c93af7cc 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -10,6 +10,7 @@ private import codeql.rust.internal.AstConsistency as AstConsistency private import codeql.rust.internal.PathResolutionConsistency as PathResolutionConsistency private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency +private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl private import codeql.rust.Concepts private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData @@ -57,6 +58,13 @@ int getTotalCfgInconsistencies() { result = sum(string type | | CfgConsistency::getCfgInconsistencyCounts(type)) } +/** + * Gets a count of the total number of SSA inconsistencies in the database. + */ +int getTotalSsaInconsistencies() { + result = sum(string type | | SsaImpl::Consistency::getInconsistencyCounts(type)) +} + /** * Gets a count of the total number of data flow inconsistencies in the database. */ @@ -142,6 +150,8 @@ predicate inconsistencyStats(string key, int value) { or key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() or + key = "Inconsistencies - SSA" and value = getTotalSsaInconsistencies() + or key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() } diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref new file mode 100644 index 000000000000..40242e81c245 --- /dev/null +++ b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref @@ -0,0 +1 @@ +queries/diagnostics/SsaConsistencyCounts.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected index 640bd179abd3..ed21d9772fce 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 60 | | Lines of user code extracted | 60 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 5a18d128ab62..d9bfdf62d901 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1468,6 +1468,13 @@ module Make Input> { inputRefs = count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and inputRefs < 2 } + + /** + * Gets counts of inconsistencies of each type. + */ + int getInconsistencyCounts(string type) { + type = "" and result = 0 + } } /** Provides the input to `DataFlowIntegration`. */ From e5fc1b0b001865d7f1ccd0e28e61c79531f97ff8 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:11:11 +0200 Subject: [PATCH 270/409] ruby: add qhelp to `rb/useless-assignment-to-local` --- .../queries/variables/DeadStoreOfLocal.qhelp | 49 +++++++++++++++++++ .../variables/examples/DeadStoreOfLocal.rb | 5 ++ .../examples/DeadStoreOfLocalGood.rb | 9 ++++ 3 files changed, 63 insertions(+) create mode 100644 ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp create mode 100644 ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb create mode 100644 ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp b/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp new file mode 100644 index 000000000000..b4e32eb1708f --- /dev/null +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp @@ -0,0 +1,49 @@ + + + +

    +A value is assigned to a local variable, but either that variable is never read +later on, or its value is always overwritten before being read. This means +that the original assignment has no effect, and could indicate a logic error or +incomplete code. +

    + +     + + +

    +Ensure that you check the control and data flow in the method carefully. +If a value is really not needed, consider omitting the assignment. Be careful, +though: if the right-hand side has a side-effect (like performing a method call), +it is important to keep this to preserve the overall behavior. +

    + +     + + +

    +In the following example, the return value of the call to send on line 2 +is assigned to the local variable result, but then never used. +

    + + + +

    +Assuming that send returns a status code indicating whether the operation +succeeded or not, the value of result should be checked, perhaps like this: +

    + + + +     + + + +
  • Wikipedia: Dead store.
    • + + + +     +     diff --git a/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb new file mode 100644 index 000000000000..0b5dc3d6c2ee --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb @@ -0,0 +1,5 @@ +def f(x) + result = send(x) + waitForResponse + return getResponse +end \ No newline at end of file diff --git a/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb new file mode 100644 index 000000000000..fc40a7fc4ebd --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb @@ -0,0 +1,9 @@ +def f(x) + result = send(x) + # check for error + if (result == -1) + raise "Unable to send, check network." + end + waitForResponse + return getResponse +end \ No newline at end of file From b205fedef47c9402bb9df7cd932609e1195a6f60 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 16:16:26 +0200 Subject: [PATCH 271/409] ruby: add tests --- .../DeadStoreOfLocal.expected | 4 +++ .../DeadStoreOfLocal/DeadStoreOfLocal.qlref | 2 ++ .../DeadStoreOfLocal/DeadStoreOfLocal.rb | 36 +++++++++++++++++++ .../DeadStoreOfLocal/TestTemplate.rb | 10 ++++++ 4 files changed, 52 insertions(+) create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected new file mode 100644 index 000000000000..9b903f762f4f --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -0,0 +1,4 @@ +| DeadStoreOfLocal.rb:2:5:2:5 | y | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:2:5:2:5 | y | y | +| DeadStoreOfLocal.rb:14:9:14:9 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:8:5:8:5 | x | x | +| DeadStoreOfLocal.rb:21:5:21:5 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:21:5:21:5 | x | x | +| TestTemplate.rb:9:1:9:1 | x | This assignment to $@ is useless, since its value is never read. | TestTemplate.rb:9:1:9:1 | x | x | diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref new file mode 100644 index 000000000000..222bba3622b5 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref @@ -0,0 +1,2 @@ +query: queries/variables/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb new file mode 100644 index 000000000000..9d7b8a95fb47 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb @@ -0,0 +1,36 @@ +def test_basic(x) + y = x #$ Alert + y = x + 2 + return y +end + +def test_retry + x = 0 + begin + if x == 0 + raise "error" + end + rescue + x = 2 #$ SPURIOUS: Alert + retry + end + return 42 +end + +def test_binding + x = 4 #$ SPURIOUS: Alert + return binding +end + +class Sup + def m(x) + print(x + 1) + end +end + +class Sub < Sup + def m(y) + y = 3 # OK - the call to `super` sees the value of y + super + end +end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb new file mode 100644 index 000000000000..09aa20d3a8b7 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +require 'erb' + +template = ERB.new < + \_\_ENCODING\_\_ is <%= \_\_ENCODING\_\_ %>. + x is <%= x %>. +EOF +x = 5 #$ SPURIOUS: Alert +puts template.result \ No newline at end of file From 385598d46dd7324ac059d61f0f7e318fea3d77ab Mon Sep 17 00:00:00 2001 From: yoff Date: Mon, 31 Mar 2025 14:39:02 +0200 Subject: [PATCH 272/409] ruby: remove some FPs from `rb/useless-assignment-to-local` --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 11 ++++++++++- .../DeadStoreOfLocal/DeadStoreOfLocal.expected | 3 --- .../variables/DeadStoreOfLocal/DeadStoreOfLocal.rb | 6 +++--- .../variables/DeadStoreOfLocal/TestTemplate.rb | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index 2cf36bdc3e50..eb2fb4a7b5a0 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -12,11 +12,20 @@ import codeql.ruby.AST import codeql.ruby.dataflow.SSA +import codeql.ruby.ApiGraphs class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess { RelevantLocalVariableWriteAccess() { not this.getVariable().getName().charAt(0) = "_" and - not this = any(Parameter p).getAVariable().getDefiningAccess() + not this = any(Parameter p).getAVariable().getDefiningAccess() and + not API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() = + this.getCfgScope() and + not exists(RetryStmt r | r.getCfgScope() = this.getCfgScope()) and + not exists(MethodCall c | + c.getReceiver() instanceof SelfVariableAccess and + c.getMethodName() = "binding" and + c.getCfgScope() = this.getCfgScope() + ) } } diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected index 9b903f762f4f..572308ee51e4 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -1,4 +1 @@ | DeadStoreOfLocal.rb:2:5:2:5 | y | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:2:5:2:5 | y | y | -| DeadStoreOfLocal.rb:14:9:14:9 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:8:5:8:5 | x | x | -| DeadStoreOfLocal.rb:21:5:21:5 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:21:5:21:5 | x | x | -| TestTemplate.rb:9:1:9:1 | x | This assignment to $@ is useless, since its value is never read. | TestTemplate.rb:9:1:9:1 | x | x | diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb index 9d7b8a95fb47..7f3252a58fdc 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb @@ -11,14 +11,14 @@ def test_retry raise "error" end rescue - x = 2 #$ SPURIOUS: Alert + x = 2 # OK - the retry will allow a later read retry end return 42 end def test_binding - x = 4 #$ SPURIOUS: Alert + x = 4 # OK - the binding collects the value of x return binding end @@ -30,7 +30,7 @@ def m(x) class Sub < Sup def m(y) - y = 3 # OK - the call to `super` sees the value of y + y = 3 # OK - the call to `super` sees the value of `y`` super end end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb index 09aa20d3a8b7..e13b54d0e038 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb @@ -6,5 +6,5 @@ \_\_ENCODING\_\_ is <%= \_\_ENCODING\_\_ %>. x is <%= x %>. EOF -x = 5 #$ SPURIOUS: Alert +x = 5 # OK - the template can see the value of x puts template.result \ No newline at end of file From eb8cbfa287e6648e9fb510b08ae6d18db15a10ed Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:18:00 +0200 Subject: [PATCH 273/409] ruby: add change note --- ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md diff --git a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md new file mode 100644 index 000000000000..c0bff9adf211 --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. From 6a8484f84375c8ba0d7c68bc9f14bcae40c1d919 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:18:42 +0200 Subject: [PATCH 274/409] ruby: adjust precision of `rb/useless-assignment-to-local` to medium --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index eb2fb4a7b5a0..8717047e9954 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -7,7 +7,7 @@ * @id rb/useless-assignment-to-local * @tags maintainability * external/cwe/cwe-563 - * @precision low + * @precision medium */ import codeql.ruby.AST From ba225013e75c33b50e5d17ae1e60dfb30593e26f Mon Sep 17 00:00:00 2001 From: yoff Date: Mon, 7 Apr 2025 14:03:49 +0200 Subject: [PATCH 275/409] ruby: add `rb/useless-assignment-to-local` to the code-quality suite --- ruby/ql/src/codeql-suites/ruby-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/codeql-suites/ruby-code-quality.qls b/ruby/ql/src/codeql-suites/ruby-code-quality.qls index 61775d5f51f7..33be91082d09 100644 --- a/ruby/ql/src/codeql-suites/ruby-code-quality.qls +++ b/ruby/ql/src/codeql-suites/ruby-code-quality.qls @@ -1,4 +1,5 @@ - queries: . - include: id: - - rb/database-query-in-loop \ No newline at end of file + - rb/database-query-in-loop + - rb/useless-assignment-to-local \ No newline at end of file From ffcf6d6e581185d22f499cd7735d33e429c30b4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= Date: Mon, 7 Apr 2025 14:31:24 +0200 Subject: [PATCH 276/409] Apply suggestions from code review Co-authored-by: Paolo Tranquilli Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../java-code-quality.qls.expected | 22 +- .../java-code-scanning.qls.expected | 158 +++--- .../java-security-and-quality.qls.expected | 486 +++++++++--------- .../java-security-extended.qls.expected | 246 ++++----- .../java/query-suite/test.py | 14 +- 5 files changed, 462 insertions(+), 464 deletions(-) diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected index 1b231590e6a3..6f396573aa16 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -1,11 +1,11 @@ -/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql -/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql -/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected index 9f22d395c39d..a8ce00aca6c5 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected @@ -1,79 +1,79 @@ -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected index 7da7bc5119e3..85d7e7d0960d 100644 --- a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected @@ -1,243 +1,243 @@ -/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql -/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql -/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql -/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql -/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql -/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql -/ql/java/ql/src/DeadCode/UselessParameter.ql -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql -/ql/java/ql/src/Language Abuse/IterableIterator.ql -/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql -/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql -/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql -/ql/java/ql/src/Language Abuse/UselessNullCheck.ql -/ql/java/ql/src/Language Abuse/UselessTypeTest.ql -/ql/java/ql/src/Language Abuse/WrappedIterator.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql -/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql -/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql -/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql -/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql -/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql -/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql -/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql -/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql -/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql -/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql -/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql -/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql -/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql -/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql -/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql -/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql -/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql -/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql -/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql -/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql -/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql -/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql -/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql -/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql -/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql -/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql -/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql -/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql -/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql -/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql -/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql -/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql -/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql -/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql -/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql -/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql -/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql -/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql -/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql -/ql/java/ql/src/Performance/InefficientKeySetIterator.ql -/ql/java/ql/src/Performance/InefficientOutputStream.ql -/ql/java/ql/src/Performance/InefficientPrimConstructor.ql -/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql -/ql/java/ql/src/Performance/NewStringString.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql -/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql -/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql -/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql -/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql -/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql -/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql -/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql -/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql +ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql +ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql +ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql +ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql +ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql +ql/java/ql/src/DeadCode/UselessParameter.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Language Abuse/ChainedInstanceof.ql +ql/java/ql/src/Language Abuse/IterableIterator.ql +ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql +ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql +ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +ql/java/ql/src/Language Abuse/UselessNullCheck.ql +ql/java/ql/src/Language Abuse/UselessTypeTest.ql +ql/java/ql/src/Language Abuse/WrappedIterator.ql +ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql +ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql +ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql +ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql +ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql +ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql +ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql +ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql +ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql +ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql +ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql +ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql +ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql +ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql +ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql +ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql +ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql +ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql +ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql +ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql +ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql +ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql +ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql +ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql +ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql +ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql +ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql +ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql +ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql +ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql +ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql +ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql +ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql +ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql +ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql +ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Performance/InefficientEmptyStringTest.ql +ql/java/ql/src/Performance/InefficientKeySetIterator.ql +ql/java/ql/src/Performance/InefficientOutputStream.ql +ql/java/ql/src/Performance/InefficientPrimConstructor.ql +ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql +ql/java/ql/src/Performance/NewStringString.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql +ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected index adcdc17c6c15..d5f4cbf1ccc4 100644 --- a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected @@ -1,123 +1,123 @@ -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql -/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql -/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql -/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql -/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py index 9a95a8089989..c829eb9ffa01 100644 --- a/java/ql/integration-tests/java/query-suite/test.py +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -1,15 +1,13 @@ +import os import runs_on +import pytest @runs_on.linux -def test(codeql, java, cwd, expected_files, semmle_code_dir): - query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] - - for query_suite in query_suites: +@pytest.mark.parametrize("query_suite", ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']) +def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite): actual = codeql.resolve.queries(query_suite, _capture=True).strip() - actual = sorted(actual.split('\n')) - print(semmle_code_dir) - index = len(str(semmle_code_dir)) - actual = [line[index:] for line in actual] + actual = sorted(actual.splitlines()) + actual = [os.path.relpath(q, semmle_code_dir) for q in actual] actual_file_name = query_suite + '.actual' expected_files.add(actual_file_name) (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') From e23ff9cf3eeca835094d64da502ace1b63403b2a Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:55:58 +0200 Subject: [PATCH 277/409] Add TypedArrays flow summaries for `Uint8Array` and buffer property --- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/TypedArrays.qll | 38 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 9 +++-- .../DecompressionBombs.expected | 5 +++ 4 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 940180d80cb4..20247b7e2681 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -12,3 +12,4 @@ private import Sets private import Strings private import DynamicImportStep private import UrlSearchParams +private import TypedArrays diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll new file mode 100644 index 000000000000..788992d7c1ca --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -0,0 +1,38 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +private class TypedArrayEntryPoint extends API::EntryPoint { + TypedArrayEntryPoint() { this = "global.Uint8Array" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Uint8Array") } +} + +pragma[nomagic] +API::Node typedArrayConstructorRef() { result = any(TypedArrayEntryPoint e).getANode() } + +class TypedArrayConstructorSummary extends SummarizedCallable { + TypedArrayConstructorSummary() { this = "TypedArray constructor" } + + override DataFlow::InvokeNode getACall() { + result = typedArrayConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class BufferTypedArray extends DataFlow::AdditionalFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + exists(DataFlow::PropRead p | + p = typedArrayConstructorRef().getInstance().getMember("buffer").asSource() and + pred = p.getBase() and + succ = p + ) + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b16953795b1d..14ae297b4fd1 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -35,14 +35,14 @@ legacyDataFlowDifference | spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library | | spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library | | tst.js:2:13:2:20 | source() | tst.js:17:10:17:10 | a | only flow with OLD data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:5 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:7 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:11 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -328,6 +328,9 @@ flow | tst.js:87:22:87:29 | source() | tst.js:90:14:90:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected index 56acd5390128..11c63c257e83 100644 --- a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -81,9 +81,12 @@ edges | pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) | provenance | Config | | pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile | provenance | | | pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | provenance | | +| pako.js:29:11:29:62 | myArray [ArrayElement] | pako.js:32:31:32:37 | myArray | provenance | | | pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:11:29:62 | myArray | provenance | | +| pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | pako.js:29:11:29:62 | myArray [ArrayElement] | provenance | | | pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:54 | zipFile.data.buffer | provenance | | | pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) | provenance | Config | +| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | provenance | | | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | provenance | Config | | unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | provenance | Config | | unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | provenance | Config | @@ -183,7 +186,9 @@ nodes | pako.js:21:31:21:37 | myArray | semmle.label | myArray | | pako.js:28:19:28:25 | zipFile | semmle.label | zipFile | | pako.js:29:11:29:62 | myArray | semmle.label | myArray | +| pako.js:29:11:29:62 | myArray [ArrayElement] | semmle.label | myArray [ArrayElement] | | pako.js:29:21:29:55 | new Uin ... buffer) | semmle.label | new Uin ... buffer) | +| pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | semmle.label | new Uin ... buffer) [ArrayElement] | | pako.js:29:36:29:42 | zipFile | semmle.label | zipFile | | pako.js:29:36:29:54 | zipFile.data.buffer | semmle.label | zipFile.data.buffer | | pako.js:32:31:32:37 | myArray | semmle.label | myArray | From d689a55229615798a3a03d2c067dc659cf44e9fa Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:12:00 +0200 Subject: [PATCH 278/409] Added test cases for `TypedArray` methods --- .../TaintTracking/BasicTaintTracking.expected | 3 +++ .../test/library-tests/TaintTracking/typed-arrays.js | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 14ae297b4fd1..3856dfe15f8d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -43,6 +43,9 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:15 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:18 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index c29c7bef9548..4ccf64131b60 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -9,4 +9,15 @@ function test() { var arr = new Uint8Array(y.buffer, y.byteOffset, y.byteLength); sink(arr); // NOT OK + + const z = new Uint8Array([1, 2, 3]); + z.set(y, 3); + sink(z); // NOT OK + + const sub = y.subarray(1, 3) + sink(sub); // NOT OK + + const clone = new y.constructor(y.length); + clone.set(y); + sink(clone); // NOT OK } From edb7aaabab1d5166b207c6a548d8e2e9c6a68e6a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 10:50:54 +0200 Subject: [PATCH 279/409] Rust: Add path attribute test --- rust/ql/test/library-tests/path-resolution/my2/mod.rs | 5 +++++ rust/ql/test/library-tests/path-resolution/my2/renamed.rs | 1 + .../library-tests/path-resolution/path-resolution.expected | 6 ++++-- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 rust/ql/test/library-tests/path-resolution/my2/renamed.rs diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 64291a53af53..27969db97c0e 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -10,3 +10,8 @@ pub use nested2::nested5::*; // $ item=I114 pub use nested2::nested7::nested8::{self}; // $ item=I118 pub mod my3; + +#[path = "renamed.rs"] +mod mymod; + +use mymod::f; // $ MISSING: item=I1001 diff --git a/rust/ql/test/library-tests/path-resolution/my2/renamed.rs b/rust/ql/test/library-tests/path-resolution/my2/renamed.rs new file mode 100644 index 000000000000..fa37691c1366 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/my2/renamed.rs @@ -0,0 +1 @@ +pub fn f() {} // I1001 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 1d480f2f5ad9..85a56c3384c4 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -30,6 +30,7 @@ mod | main.rs:523:1:548:1 | mod m23 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | +| my2/mod.rs:14:1:15:10 | mod mymod | | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/nested2.rs:2:5:10:5 | mod nested4 | | my2/nested2.rs:13:1:19:1 | mod nested5 | @@ -306,12 +307,13 @@ resolvePath | my2/mod.rs:10:9:10:24 | ...::nested7 | my2/nested2.rs:21:1:27:1 | mod nested7 | | my2/mod.rs:10:9:10:33 | ...::nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:10:37:10:40 | self | my2/nested2.rs:22:5:26:5 | mod nested8 | +| my2/mod.rs:17:5:17:9 | mymod | my2/mod.rs:14:1:15:10 | mod mymod | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | +| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | | my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | +| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | From 13f4a6afa6426b9b2e708cb23901333c686704f6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 10:51:35 +0200 Subject: [PATCH 280/409] Rust: Handle path attributes in path resolution --- rust/ql/lib/codeql/files/FileSystem.qll | 2 + .../codeql/rust/internal/PathResolution.qll | 27 ++++++++--- .../library-tests/path-resolution/my2/mod.rs | 2 +- .../path-resolution/path-resolution.expected | 5 +- shared/util/codeql/util/FileSystem.qll | 47 +++++++++++++++++++ 5 files changed, 74 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/files/FileSystem.qll b/rust/ql/lib/codeql/files/FileSystem.qll index 175f50c7c9ea..5a60d28418eb 100644 --- a/rust/ql/lib/codeql/files/FileSystem.qll +++ b/rust/ql/lib/codeql/files/FileSystem.qll @@ -34,6 +34,8 @@ class Container = Impl::Container; class Folder = Impl::Folder; +module Folder = Impl::Folder; + /** A file. */ class File extends Container, Impl::File { /** Holds if this file was extracted from ordinary source code. */ diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c6..ad64e50d009f 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -655,6 +655,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { ) } +private Meta getPathAttrMeta(Module m) { + result = m.getAnAttr().getMeta() and + result.getPath().getText() = "path" +} + /** * Holds if `m` is a `mod name;` module declaration, where the corresponding * module file needs to be looked up in `lookup` or one of its descandants. @@ -663,12 +668,7 @@ private predicate modImport0(Module m, string name, Folder lookup) { exists(File f, Folder parent, string fileName | f = m.getFile() and not m.hasItemList() and - // TODO: handle - // ``` - // #[path = "foo.rs"] - // mod bar; - // ``` - not m.getAnAttr().getMeta().getPath().getText() = "path" and + not exists(getPathAttrMeta(m)) and name = m.getName().getText() and parent = f.getParentContainer() and fileName = f.getStem() @@ -717,6 +717,16 @@ private predicate modImportNestedLookup(Module m, ModuleItemNode ancestor, Folde ) } +private predicate pathAttrImport(Folder f, Module m, string relativePath) { + exists(Meta meta | + f = m.getFile().getParentContainer() and + meta = getPathAttrMeta(m) and + relativePath = meta.getExpr().(LiteralExpr).getTextValue().regexpCapture("\"(.+)\"", 1) + ) +} + +private predicate append(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } + /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { exists(string name, Folder parent | @@ -730,6 +740,11 @@ private predicate fileImport(Module m, SourceFile f) { // `m` is inside a nested module modImportNestedLookup(m, m, parent) ) + or + exists(Folder folder, string relativePath | + pathAttrImport(folder, m, relativePath) and + f.getFile() = Folder::Append::append(folder, relativePath) + ) } /** diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 27969db97c0e..43c1a05e91fe 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -14,4 +14,4 @@ pub mod my3; #[path = "renamed.rs"] mod mymod; -use mymod::f; // $ MISSING: item=I1001 +use mymod::f; // $ item=I1001 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 85a56c3384c4..7fbbca66c39c 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -308,12 +308,13 @@ resolvePath | my2/mod.rs:10:9:10:33 | ...::nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:10:37:10:40 | self | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:17:5:17:9 | mymod | my2/mod.rs:14:1:15:10 | mod mymod | +| my2/mod.rs:17:5:17:12 | ...::f | my2/renamed.rs:1:1:1:13 | fn f | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | +| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:30 | SourceFile | | my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | +| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:30 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | diff --git a/shared/util/codeql/util/FileSystem.qll b/shared/util/codeql/util/FileSystem.qll index a9eb21279b63..261139dcf41b 100644 --- a/shared/util/codeql/util/FileSystem.qll +++ b/shared/util/codeql/util/FileSystem.qll @@ -218,6 +218,53 @@ module Make { /** Gets the URL of this file. */ override string getURL() { result = "file://" + this.getAbsolutePath() + ":0:0:0:0" } } + + /** Provides logic related to `Folder`s. */ + module Folder { + /** Holds if `relativePath` needs to be appended to `f`. */ + signature predicate appendSig(Folder f, string relativePath); + + /** Provides the `append` predicate for appending a relative path onto a folder. */ + module Append { + pragma[nomagic] + private string getComponent(string relativePath, int i) { + app(_, relativePath) and + result = relativePath.replaceAll("\\", "/").regexpFind("[^/]+", i, _) + } + + pragma[nomagic] + private Container appendStep(Folder f, string relativePath, int i) { + i = -1 and + app(f, relativePath) and + result = f + or + exists(Container mid, string comp | + mid = appendStep(f, relativePath, i - 1) and + comp = getComponent(relativePath, i) and + if comp = ".." + then result = mid.getParentContainer() + else + if comp = "." + then result = mid + else ( + result = mid.getAChildContainer() and + result.getBaseName() = comp + ) + ) + } + + /** + * Gets the file or folder obtained by appending `relativePath` onto `f`. + */ + pragma[nomagic] + Container append(Folder f, string relativePath) { + exists(int components | + components = (-1).maximum(max(int comp | exists(getComponent(relativePath, comp)) | comp)) and + result = appendStep(f, relativePath, components) + ) + } + } + } } /** A file. */ From dad85854cddf8969136f88788294fa1227b50e89 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 14:27:12 +0100 Subject: [PATCH 281/409] Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../CWE-770/UncontrolledAllocationSize.qhelp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp index 936c27619764..fe5a2582e309 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp @@ -5,11 +5,11 @@

    Allocating memory with a size based on user input may allow arbitrary amounts of memory to be -allocated, leading to a crash or denial of service incident.

    +allocated, leading to a crash or a denial-of-service (DoS) attack.

    If the user input is multiplied by a constant, such as the size of a type, the result may -overflow. In a build with the --release flag Rust performs two's complement wrapping, -with the result that less memory may be allocated than expected. This can lead to buffer overflow +overflow. In a build with the --release flag, Rust performs two's complement wrapping, +with the result that less memory than expected may be allocated. This can lead to buffer overflow incidents.

     @@ -24,12 +24,12 @@ does not wrap around.

    In the following example, an arbitrary amount of memory is allocated based on user input. In -addition, due to the multiplication operation the result may overflow if a very large value is -provided, leading to less memory being allocated than other parts of the program expect.

    +addition, due to the multiplication operation, the result may overflow if a very large value is +provided. This may lead to less memory being allocated than expected by other parts of the program.

    -

    In the fixed example, the user input is checked against a maximum value. If the check fails an -error is returned, and both the multiplication and alloaction do not take place.

    +

    In the fixed example, the user input is checked against a maximum value. If the check fails, an +error is returned, and both the multiplication and allocation do not take place.

     From 41f54d836eaa9c6e81aa536385a709e9852fe843 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 14:29:32 +0100 Subject: [PATCH 282/409] Rust: Tweak query description. --- .../src/queries/security/CWE-770/UncontrolledAllocationSize.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql index bbaaaf06a027..c41257743152 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql @@ -1,7 +1,8 @@ /** * @name Uncontrolled allocation size * @description Allocating memory with a size controlled by an external user can result in - * arbitrary amounts of memory being allocated. + * arbitrary amounts of memory being allocated, leading to a crash or a + * denial-of-service (DoS) attack. * @kind path-problem * @problem.severity recommendation * @security-severity 7.5 From 3744ef737968ea8203e5336ed230a2e3b365bb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 7 Apr 2025 15:43:16 +0200 Subject: [PATCH 283/409] Disable csharp tests that use nuget on macos-15 --- .../posix/standalone_dependencies_no_framework/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget with_space/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget_no_sources/test.py | 5 ++++- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py index 4d5c7b24bc9a..d1c1745d69b6 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py @@ -3,8 +3,11 @@ import os -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = ( "/non-existent-path" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py index 5bfcb3bfd1c5..6d2058c684c2 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py @@ -3,8 +3,11 @@ import pytest -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): # making sure we're not doing any fallback restore: os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py index c7728b64d2af..7f88196097ff 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py @@ -2,7 +2,10 @@ import pytest -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): codeql.database.create(build_mode="none") diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py index a6a6123f019c..185fb5201f95 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py @@ -3,6 +3,9 @@ # Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): codeql.database.create(source_root="proj", build_mode="none") From 8e76bb1a43f0d399ccc25889da606c7e4cc0fdf0 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 16:46:54 +0200 Subject: [PATCH 284/409] Rust: Minor changes based on PR review --- rust/ql/lib/codeql/rust/internal/Type.qll | 14 +++++++++----- rust/ql/lib/codeql/rust/internal/TypeMention.qll | 8 ++++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index c3eb83c8dfaa..d9c156ef96f7 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -16,7 +16,7 @@ newtype TType = TArrayType() or // todo: add size? TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or - TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getADescendant() = t } or + TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getAnAssocItem() = t } or TRefTypeParameter() or TSelfTypeParameter(Trait t) @@ -333,7 +333,11 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { } } -/** Gets type alias that is the `i`th type parameter of `trait`. */ +/** + * Gets the type alias that is the `i`th type parameter of `trait`. Type aliases + * are numbered consecutively but in arbitrary order, starting from the index + * following the last ordinary type parameter. + */ predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { typeAlias = rank[i + 1 - trait.getNumberOfGenericParams()](TypeAlias alias | @@ -354,7 +358,7 @@ predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { * // ... * } * ``` - * is treated as if it where + * is treated as if it was * ```rust * trait ATrait { * // ... @@ -369,9 +373,9 @@ class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypePara TypeAlias getTypeAlias() { result = typeAlias } /** Gets the trait that contains this associated type declaration. */ - TraitItemNode getTrait() { result.getADescendant() = typeAlias } + TraitItemNode getTrait() { result.getAnAssocItem() = typeAlias } - int getIndex() { traitAliasIndex(this.getTrait(), result, typeAlias) } + int getIndex() { traitAliasIndex(_, result, typeAlias) } override Function getMethod(string name) { none() } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index b049d9b71774..f29b7dfe8592 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -131,11 +131,15 @@ class TypeParamMention extends TypeMention, TypeParam { override Type resolveType() { result = TTypeParamTypeParameter(this) } } -// Used to represent implicit associated type type arguments in traits. +// Used to represent implicit type arguments for associated types in traits. class TypeAliasMention extends TypeMention, TypeAlias { + private Type t; + + TypeAliasMention() { t = TAssociatedTypeTypeParameter(this) } + override TypeReprMention getTypeArgument(int i) { none() } - override Type resolveType() { result = TAssociatedTypeTypeParameter(this) } + override Type resolveType() { result = t } } /** From 602e617bc669725b836e2a56ab03947d7d242df9 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 17:02:51 +0200 Subject: [PATCH 285/409] Rust: Add type inference test for trait with multiple associated types --- .../test/library-tests/type-inference/main.rs | 33 + .../type-inference/type-inference.expected | 1175 +++++++++-------- 2 files changed, 634 insertions(+), 574 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index efe1a3444e0c..be85debb7c34 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -368,6 +368,18 @@ mod trait_associated_type { } } + // A generic trait with multiple associated types. + trait TraitMultipleAssoc { + type Assoc1; + type Assoc2; + + fn get_zero(&self) -> TrG; + + fn get_one(&self) -> Self::Assoc1; + + fn get_two(&self) -> Self::Assoc2; + } + #[derive(Debug, Default)] struct S; @@ -417,6 +429,23 @@ mod trait_associated_type { thing.m1() // $ method=MyTrait::m1 } + impl TraitMultipleAssoc for AT { + type Assoc1 = S; + type Assoc2 = S2; + + fn get_zero(&self) -> AT { + AT + } + + fn get_one(&self) -> Self::Assoc1 { + S + } + + fn get_two(&self) -> Self::Assoc2 { + S2 + } + } + pub fn f() { let x1 = S; // Call to method in `impl` block @@ -441,6 +470,10 @@ mod trait_associated_type { println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 let x6 = S2; println!("{:?}", x6.m2()); // $ method=m2 type=x6.m2():A.S2 + + let assoc_zero = AT.get_zero(); // $ method=get_zero type=assoc_zero:AT + let assoc_one = AT.get_one(); // $ method=get_one type=assoc_one:S + let assoc_two = AT.get_two(); // $ method=get_two type=assoc_two:S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 907ea9fcc533..477aebc2099c 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -356,577 +356,604 @@ inferType | main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:367:13:367:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | -| main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | -| main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | -| main.rs:385:13:385:14 | AT | | main.rs:377:5:378:14 | AT | -| main.rs:394:19:394:23 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:394:19:394:23 | SelfParam | &T | main.rs:371:5:372:13 | S | -| main.rs:394:26:394:26 | a | | main.rs:394:16:394:16 | A | -| main.rs:394:46:396:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:394:46:396:9 | { ... } | A | main.rs:394:16:394:16 | A | -| main.rs:395:13:395:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:395:13:395:32 | Wrapper {...} | A | main.rs:394:16:394:16 | A | -| main.rs:395:30:395:30 | a | | main.rs:394:16:394:16 | A | -| main.rs:403:15:403:18 | SelfParam | | main.rs:374:5:375:14 | S2 | -| main.rs:403:45:405:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:403:45:405:9 | { ... } | A | main.rs:374:5:375:14 | S2 | -| main.rs:404:13:404:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:404:13:404:35 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | -| main.rs:404:30:404:33 | self | | main.rs:374:5:375:14 | S2 | -| main.rs:410:30:412:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:410:30:412:9 | { ... } | A | main.rs:374:5:375:14 | S2 | -| main.rs:411:13:411:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:411:13:411:33 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | -| main.rs:411:30:411:31 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:416:22:416:26 | thing | | main.rs:416:10:416:19 | T | -| main.rs:417:9:417:13 | thing | | main.rs:416:10:416:19 | T | -| main.rs:421:13:421:14 | x1 | | main.rs:371:5:372:13 | S | -| main.rs:421:18:421:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:423:26:423:27 | x1 | | main.rs:371:5:372:13 | S | -| main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | -| main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | -| main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:427:13:427:13 | y | | main.rs:377:5:378:14 | AT | -| main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | -| main.rs:427:17:427:23 | x2.m2() | | main.rs:377:5:378:14 | AT | -| main.rs:428:26:428:26 | y | | main.rs:377:5:378:14 | AT | -| main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:432:26:432:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | -| main.rs:435:26:435:27 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:437:20:437:20 | S | | main.rs:371:5:372:13 | S | -| main.rs:440:13:440:14 | x5 | | main.rs:374:5:375:14 | S2 | -| main.rs:440:18:440:19 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:441:26:441:27 | x5 | | main.rs:374:5:375:14 | S2 | -| main.rs:441:26:441:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | -| main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | -| main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | -| main.rs:443:26:443:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | -| main.rs:443:26:443:32 | x6.m2() | A | main.rs:374:5:375:14 | S2 | -| main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | -| main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | -| main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | -| main.rs:461:13:464:13 | match self { ... } | | main.rs:459:10:459:10 | T | -| main.rs:461:19:461:22 | self | | main.rs:448:5:452:5 | MyEnum | -| main.rs:461:19:461:22 | self | A | main.rs:459:10:459:10 | T | -| main.rs:462:28:462:28 | a | | main.rs:459:10:459:10 | T | -| main.rs:462:34:462:34 | a | | main.rs:459:10:459:10 | T | -| main.rs:463:30:463:30 | a | | main.rs:459:10:459:10 | T | -| main.rs:463:37:463:37 | a | | main.rs:459:10:459:10 | T | -| main.rs:469:13:469:13 | x | | main.rs:448:5:452:5 | MyEnum | -| main.rs:469:13:469:13 | x | A | main.rs:454:5:455:14 | S1 | -| main.rs:469:17:469:30 | ...::C1(...) | | main.rs:448:5:452:5 | MyEnum | -| main.rs:469:17:469:30 | ...::C1(...) | A | main.rs:454:5:455:14 | S1 | -| main.rs:469:28:469:29 | S1 | | main.rs:454:5:455:14 | S1 | -| main.rs:470:13:470:13 | y | | main.rs:448:5:452:5 | MyEnum | -| main.rs:470:13:470:13 | y | A | main.rs:456:5:457:14 | S2 | -| main.rs:470:17:470:36 | ...::C2 {...} | | main.rs:448:5:452:5 | MyEnum | -| main.rs:470:17:470:36 | ...::C2 {...} | A | main.rs:456:5:457:14 | S2 | -| main.rs:470:33:470:34 | S2 | | main.rs:456:5:457:14 | S2 | -| main.rs:472:26:472:26 | x | | main.rs:448:5:452:5 | MyEnum | -| main.rs:472:26:472:26 | x | A | main.rs:454:5:455:14 | S1 | -| main.rs:472:26:472:31 | x.m1() | | main.rs:454:5:455:14 | S1 | -| main.rs:473:26:473:26 | y | | main.rs:448:5:452:5 | MyEnum | -| main.rs:473:26:473:26 | y | A | main.rs:456:5:457:14 | S2 | -| main.rs:473:26:473:31 | y.m1() | | main.rs:456:5:457:14 | S2 | -| main.rs:495:15:495:18 | SelfParam | | main.rs:493:5:496:5 | Self [trait MyTrait1] | -| main.rs:499:15:499:18 | SelfParam | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:502:9:508:9 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:503:13:507:13 | if ... {...} else {...} | | main.rs:498:20:498:22 | Tr2 | -| main.rs:503:26:505:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:504:17:504:20 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:504:17:504:25 | self.m1() | | main.rs:498:20:498:22 | Tr2 | -| main.rs:505:20:507:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:506:17:506:30 | ...::m1(...) | | main.rs:498:20:498:22 | Tr2 | -| main.rs:506:26:506:29 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:512:15:512:18 | SelfParam | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:515:9:521:9 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:516:13:520:13 | if ... {...} else {...} | | main.rs:511:20:511:22 | Tr3 | -| main.rs:516:26:518:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:517:17:517:20 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:517:17:517:25 | self.m2() | | main.rs:478:5:481:5 | MyThing | -| main.rs:517:17:517:25 | self.m2() | A | main.rs:511:20:511:22 | Tr3 | -| main.rs:517:17:517:27 | ... .a | | main.rs:511:20:511:22 | Tr3 | -| main.rs:518:20:520:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:17:519:30 | ...::m2(...) | | main.rs:478:5:481:5 | MyThing | -| main.rs:519:17:519:30 | ...::m2(...) | A | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:17:519:32 | ... .a | | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:26:519:29 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:526:15:526:18 | SelfParam | | main.rs:478:5:481:5 | MyThing | -| main.rs:526:15:526:18 | SelfParam | A | main.rs:524:10:524:10 | T | -| main.rs:526:26:528:9 | { ... } | | main.rs:524:10:524:10 | T | -| main.rs:527:13:527:16 | self | | main.rs:478:5:481:5 | MyThing | -| main.rs:527:13:527:16 | self | A | main.rs:524:10:524:10 | T | -| main.rs:527:13:527:18 | self.a | | main.rs:524:10:524:10 | T | -| main.rs:535:15:535:18 | SelfParam | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:535:15:535:18 | SelfParam | A | main.rs:533:10:533:10 | T | -| main.rs:535:35:537:9 | { ... } | | main.rs:478:5:481:5 | MyThing | -| main.rs:535:35:537:9 | { ... } | A | main.rs:533:10:533:10 | T | -| main.rs:536:13:536:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:536:13:536:33 | MyThing {...} | A | main.rs:533:10:533:10 | T | -| main.rs:536:26:536:29 | self | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:536:26:536:29 | self | A | main.rs:533:10:533:10 | T | -| main.rs:536:26:536:31 | self.a | | main.rs:533:10:533:10 | T | -| main.rs:545:13:545:13 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:545:13:545:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:545:17:545:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:545:17:545:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:545:30:545:31 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:546:13:546:13 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:546:13:546:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:546:17:546:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:546:17:546:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:546:30:546:31 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:548:26:548:26 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:548:26:548:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:548:26:548:31 | x.m1() | | main.rs:488:5:489:14 | S1 | -| main.rs:549:26:549:26 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:549:26:549:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:549:26:549:31 | y.m1() | | main.rs:490:5:491:14 | S2 | -| main.rs:551:13:551:13 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:551:13:551:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:551:17:551:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:551:17:551:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:551:30:551:31 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:552:13:552:13 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:552:13:552:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:552:17:552:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:552:17:552:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:552:30:552:31 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:554:26:554:26 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:554:26:554:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:554:26:554:31 | x.m2() | | main.rs:488:5:489:14 | S1 | -| main.rs:555:26:555:26 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:555:26:555:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:555:26:555:31 | y.m2() | | main.rs:490:5:491:14 | S2 | -| main.rs:557:13:557:13 | x | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:557:13:557:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:557:17:557:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:557:17:557:34 | MyThing2 {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:557:31:557:32 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:558:13:558:13 | y | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:558:13:558:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:558:17:558:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:558:17:558:34 | MyThing2 {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:558:31:558:32 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:560:26:560:26 | x | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:560:26:560:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:560:26:560:31 | x.m3() | | main.rs:488:5:489:14 | S1 | -| main.rs:561:26:561:26 | y | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:561:26:561:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:561:26:561:31 | y.m3() | | main.rs:490:5:491:14 | S2 | -| main.rs:579:22:579:22 | x | | file://:0:0:0:0 | & | -| main.rs:579:22:579:22 | x | &T | main.rs:579:11:579:19 | T | -| main.rs:579:35:581:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:579:35:581:5 | { ... } | &T | main.rs:579:11:579:19 | T | -| main.rs:580:9:580:9 | x | | file://:0:0:0:0 | & | -| main.rs:580:9:580:9 | x | &T | main.rs:579:11:579:19 | T | -| main.rs:584:17:584:20 | SelfParam | | main.rs:569:5:570:14 | S1 | -| main.rs:584:29:586:9 | { ... } | | main.rs:572:5:573:14 | S2 | -| main.rs:585:13:585:14 | S2 | | main.rs:572:5:573:14 | S2 | -| main.rs:589:21:589:21 | x | | main.rs:589:13:589:14 | T1 | -| main.rs:592:5:594:5 | { ... } | | main.rs:589:17:589:18 | T2 | -| main.rs:593:9:593:9 | x | | main.rs:589:13:589:14 | T1 | -| main.rs:593:9:593:16 | x.into() | | main.rs:589:17:589:18 | T2 | -| main.rs:597:13:597:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:597:17:597:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:598:26:598:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:598:26:598:31 | id(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:598:29:598:30 | &x | | file://:0:0:0:0 | & | -| main.rs:598:29:598:30 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:598:30:598:30 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:600:13:600:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:600:17:600:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:601:26:601:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:601:26:601:37 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:601:35:601:36 | &x | | file://:0:0:0:0 | & | -| main.rs:601:35:601:36 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:601:36:601:36 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:603:13:603:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:603:17:603:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:604:26:604:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:604:26:604:44 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:604:42:604:43 | &x | | file://:0:0:0:0 | & | -| main.rs:604:42:604:43 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:604:43:604:43 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:606:13:606:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:606:17:606:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:607:9:607:25 | into::<...>(...) | | main.rs:572:5:573:14 | S2 | -| main.rs:607:24:607:24 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:609:13:609:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:609:17:609:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:610:13:610:13 | y | | main.rs:572:5:573:14 | S2 | -| main.rs:610:21:610:27 | into(...) | | main.rs:572:5:573:14 | S2 | -| main.rs:610:26:610:26 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:640:13:640:14 | p1 | | main.rs:615:5:621:5 | PairOption | -| main.rs:640:13:640:14 | p1 | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:640:13:640:14 | p1 | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:640:26:640:53 | ...::PairBoth(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:640:26:640:53 | ...::PairBoth(...) | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:640:26:640:53 | ...::PairBoth(...) | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:640:47:640:48 | S1 | | main.rs:623:5:624:14 | S1 | -| main.rs:640:51:640:52 | S2 | | main.rs:626:5:627:14 | S2 | -| main.rs:641:26:641:27 | p1 | | main.rs:615:5:621:5 | PairOption | -| main.rs:641:26:641:27 | p1 | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:641:26:641:27 | p1 | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:644:13:644:14 | p2 | | main.rs:615:5:621:5 | PairOption | -| main.rs:644:26:644:47 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:645:26:645:27 | p2 | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:13:648:14 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:13:648:14 | p3 | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:648:34:648:56 | ...::PairSnd(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:34:648:56 | ...::PairSnd(...) | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:648:54:648:55 | S3 | | main.rs:629:5:630:14 | S3 | -| main.rs:649:26:649:27 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:649:26:649:27 | p3 | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:652:13:652:14 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:652:13:652:14 | p3 | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:652:35:652:56 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:652:35:652:56 | ...::PairNone(...) | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:653:26:653:27 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:653:26:653:27 | p3 | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:666:16:666:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:16:666:24 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:666:27:666:31 | value | | main.rs:664:19:664:19 | S | -| main.rs:668:21:668:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:668:21:668:29 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:668:32:668:36 | value | | main.rs:664:19:664:19 | S | -| main.rs:669:13:669:16 | self | | file://:0:0:0:0 | & | -| main.rs:669:13:669:16 | self | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:669:22:669:26 | value | | main.rs:664:19:664:19 | S | -| main.rs:675:16:675:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:675:16:675:24 | SelfParam | &T | main.rs:658:5:662:5 | MyOption | -| main.rs:675:16:675:24 | SelfParam | &T.T | main.rs:673:10:673:10 | T | -| main.rs:675:27:675:31 | value | | main.rs:673:10:673:10 | T | -| main.rs:679:26:681:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:679:26:681:9 | { ... } | T | main.rs:678:10:678:10 | T | -| main.rs:680:13:680:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:680:13:680:30 | ...::MyNone(...) | T | main.rs:678:10:678:10 | T | -| main.rs:685:20:685:23 | SelfParam | | main.rs:658:5:662:5 | MyOption | -| main.rs:685:20:685:23 | SelfParam | T | main.rs:658:5:662:5 | MyOption | -| main.rs:685:20:685:23 | SelfParam | T.T | main.rs:684:10:684:10 | T | -| main.rs:685:41:690:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:685:41:690:9 | { ... } | T | main.rs:684:10:684:10 | T | -| main.rs:686:13:689:13 | match self { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:686:13:689:13 | match self { ... } | T | main.rs:684:10:684:10 | T | -| main.rs:686:19:686:22 | self | | main.rs:658:5:662:5 | MyOption | -| main.rs:686:19:686:22 | self | T | main.rs:658:5:662:5 | MyOption | -| main.rs:686:19:686:22 | self | T.T | main.rs:684:10:684:10 | T | -| main.rs:687:39:687:56 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:687:39:687:56 | ...::MyNone(...) | T | main.rs:684:10:684:10 | T | -| main.rs:688:34:688:34 | x | | main.rs:658:5:662:5 | MyOption | -| main.rs:688:34:688:34 | x | T | main.rs:684:10:684:10 | T | -| main.rs:688:40:688:40 | x | | main.rs:658:5:662:5 | MyOption | -| main.rs:688:40:688:40 | x | T | main.rs:684:10:684:10 | T | -| main.rs:697:13:697:14 | x1 | | main.rs:658:5:662:5 | MyOption | -| main.rs:697:18:697:37 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:698:26:698:27 | x1 | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:13:700:18 | mut x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:13:700:18 | mut x2 | T | main.rs:693:5:694:13 | S | -| main.rs:700:22:700:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:22:700:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | -| main.rs:701:9:701:10 | x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:701:9:701:10 | x2 | T | main.rs:693:5:694:13 | S | -| main.rs:701:16:701:16 | S | | main.rs:693:5:694:13 | S | -| main.rs:702:26:702:27 | x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:702:26:702:27 | x2 | T | main.rs:693:5:694:13 | S | -| main.rs:704:13:704:18 | mut x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:704:22:704:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:705:9:705:10 | x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:705:21:705:21 | S | | main.rs:693:5:694:13 | S | -| main.rs:706:26:706:27 | x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:13:708:18 | mut x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:13:708:18 | mut x4 | T | main.rs:693:5:694:13 | S | -| main.rs:708:22:708:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:22:708:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | -| main.rs:709:23:709:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:709:23:709:29 | &mut x4 | &T | main.rs:658:5:662:5 | MyOption | -| main.rs:709:23:709:29 | &mut x4 | &T.T | main.rs:693:5:694:13 | S | -| main.rs:709:28:709:29 | x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:709:28:709:29 | x4 | T | main.rs:693:5:694:13 | S | -| main.rs:709:32:709:32 | S | | main.rs:693:5:694:13 | S | -| main.rs:710:26:710:27 | x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:710:26:710:27 | x4 | T | main.rs:693:5:694:13 | S | -| main.rs:712:13:712:14 | x5 | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:13:712:14 | x5 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:712:13:712:14 | x5 | T.T | main.rs:693:5:694:13 | S | -| main.rs:712:18:712:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:18:712:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | -| main.rs:712:18:712:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | -| main.rs:712:35:712:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:35:712:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:713:26:713:27 | x5 | | main.rs:658:5:662:5 | MyOption | -| main.rs:713:26:713:27 | x5 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:713:26:713:27 | x5 | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:13:715:14 | x6 | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:13:715:14 | x6 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:715:13:715:14 | x6 | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:18:715:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:18:715:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | -| main.rs:715:18:715:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:35:715:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:35:715:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:716:26:716:61 | ...::flatten(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:716:26:716:61 | ...::flatten(...) | T | main.rs:693:5:694:13 | S | -| main.rs:716:59:716:60 | x6 | | main.rs:658:5:662:5 | MyOption | -| main.rs:716:59:716:60 | x6 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:716:59:716:60 | x6 | T.T | main.rs:693:5:694:13 | S | -| main.rs:718:13:718:19 | from_if | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:13:718:19 | from_if | T | main.rs:693:5:694:13 | S | -| main.rs:718:23:722:9 | if ... {...} else {...} | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:23:722:9 | if ... {...} else {...} | T | main.rs:693:5:694:13 | S | -| main.rs:718:36:720:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:36:720:9 | { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:719:13:719:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:719:13:719:30 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:720:16:722:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:720:16:722:9 | { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:721:13:721:31 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:721:13:721:31 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:721:30:721:30 | S | | main.rs:693:5:694:13 | S | -| main.rs:723:26:723:32 | from_if | | main.rs:658:5:662:5 | MyOption | -| main.rs:723:26:723:32 | from_if | T | main.rs:693:5:694:13 | S | -| main.rs:725:13:725:22 | from_match | | main.rs:658:5:662:5 | MyOption | -| main.rs:725:13:725:22 | from_match | T | main.rs:693:5:694:13 | S | -| main.rs:725:26:728:9 | match ... { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:725:26:728:9 | match ... { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:726:21:726:38 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:726:21:726:38 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:727:22:727:40 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:727:22:727:40 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:727:39:727:39 | S | | main.rs:693:5:694:13 | S | -| main.rs:729:26:729:35 | from_match | | main.rs:658:5:662:5 | MyOption | -| main.rs:729:26:729:35 | from_match | T | main.rs:693:5:694:13 | S | -| main.rs:731:13:731:21 | from_loop | | main.rs:658:5:662:5 | MyOption | -| main.rs:731:13:731:21 | from_loop | T | main.rs:693:5:694:13 | S | -| main.rs:731:25:736:9 | loop { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:731:25:736:9 | loop { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:733:23:733:40 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:733:23:733:40 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:735:19:735:37 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:735:19:735:37 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:735:36:735:36 | S | | main.rs:693:5:694:13 | S | -| main.rs:737:26:737:34 | from_loop | | main.rs:658:5:662:5 | MyOption | -| main.rs:737:26:737:34 | from_loop | T | main.rs:693:5:694:13 | S | -| main.rs:750:15:750:18 | SelfParam | | main.rs:743:5:744:19 | S | -| main.rs:750:15:750:18 | SelfParam | T | main.rs:749:10:749:10 | T | -| main.rs:750:26:752:9 | { ... } | | main.rs:749:10:749:10 | T | -| main.rs:751:13:751:16 | self | | main.rs:743:5:744:19 | S | -| main.rs:751:13:751:16 | self | T | main.rs:749:10:749:10 | T | -| main.rs:751:13:751:18 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:754:15:754:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:754:15:754:19 | SelfParam | &T | main.rs:743:5:744:19 | S | -| main.rs:754:15:754:19 | SelfParam | &T.T | main.rs:749:10:749:10 | T | -| main.rs:754:28:756:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:754:28:756:9 | { ... } | &T | main.rs:749:10:749:10 | T | -| main.rs:755:13:755:19 | &... | | file://:0:0:0:0 | & | -| main.rs:755:13:755:19 | &... | &T | main.rs:749:10:749:10 | T | -| main.rs:755:14:755:17 | self | | file://:0:0:0:0 | & | -| main.rs:755:14:755:17 | self | &T | main.rs:743:5:744:19 | S | -| main.rs:755:14:755:17 | self | &T.T | main.rs:749:10:749:10 | T | -| main.rs:755:14:755:19 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:758:15:758:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:758:15:758:25 | SelfParam | &T | main.rs:743:5:744:19 | S | -| main.rs:758:15:758:25 | SelfParam | &T.T | main.rs:749:10:749:10 | T | -| main.rs:758:34:760:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:758:34:760:9 | { ... } | &T | main.rs:749:10:749:10 | T | -| main.rs:759:13:759:19 | &... | | file://:0:0:0:0 | & | -| main.rs:759:13:759:19 | &... | &T | main.rs:749:10:749:10 | T | -| main.rs:759:14:759:17 | self | | file://:0:0:0:0 | & | -| main.rs:759:14:759:17 | self | &T | main.rs:743:5:744:19 | S | -| main.rs:759:14:759:17 | self | &T.T | main.rs:749:10:749:10 | T | -| main.rs:759:14:759:19 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:764:13:764:14 | x1 | | main.rs:743:5:744:19 | S | -| main.rs:764:13:764:14 | x1 | T | main.rs:746:5:747:14 | S2 | -| main.rs:764:18:764:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:764:18:764:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:764:20:764:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:765:26:765:27 | x1 | | main.rs:743:5:744:19 | S | -| main.rs:765:26:765:27 | x1 | T | main.rs:746:5:747:14 | S2 | -| main.rs:765:26:765:32 | x1.m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:767:13:767:14 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:767:13:767:14 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:767:18:767:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:767:18:767:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:767:20:767:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:769:26:769:27 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:769:26:769:27 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:769:26:769:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:769:26:769:32 | x2.m2() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:770:26:770:27 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:770:26:770:27 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:770:26:770:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:770:26:770:32 | x2.m3() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:772:13:772:14 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:772:13:772:14 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:772:18:772:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:772:18:772:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:772:20:772:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:774:26:774:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:774:26:774:41 | ...::m2(...) | &T | main.rs:746:5:747:14 | S2 | -| main.rs:774:38:774:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:774:38:774:40 | &x3 | &T | main.rs:743:5:744:19 | S | -| main.rs:774:38:774:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:774:39:774:40 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:774:39:774:40 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:775:26:775:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:775:26:775:41 | ...::m3(...) | &T | main.rs:746:5:747:14 | S2 | -| main.rs:775:38:775:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:775:38:775:40 | &x3 | &T | main.rs:743:5:744:19 | S | -| main.rs:775:38:775:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:775:39:775:40 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:775:39:775:40 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:777:13:777:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:777:13:777:14 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:777:13:777:14 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:777:18:777:23 | &... | | file://:0:0:0:0 | & | -| main.rs:777:18:777:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:777:18:777:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:777:19:777:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:777:19:777:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:777:21:777:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:779:26:779:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:779:26:779:27 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:779:26:779:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:779:26:779:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:779:26:779:32 | x4.m2() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:780:26:780:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:780:26:780:27 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:780:26:780:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:780:26:780:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:780:26:780:32 | x4.m3() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:782:13:782:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:782:13:782:14 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:782:13:782:14 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:782:18:782:23 | &... | | file://:0:0:0:0 | & | -| main.rs:782:18:782:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:782:18:782:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:782:19:782:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:782:19:782:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:782:21:782:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:784:26:784:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:784:26:784:27 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:784:26:784:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:784:26:784:32 | x5.m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:785:26:785:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:785:26:785:27 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:785:26:785:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:785:26:785:29 | x5.0 | | main.rs:746:5:747:14 | S2 | -| main.rs:787:13:787:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:787:13:787:14 | x6 | &T | main.rs:743:5:744:19 | S | -| main.rs:787:13:787:14 | x6 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:787:18:787:23 | &... | | file://:0:0:0:0 | & | -| main.rs:787:18:787:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:787:18:787:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:787:19:787:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:787:19:787:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:787:21:787:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:789:26:789:30 | (...) | | main.rs:743:5:744:19 | S | -| main.rs:789:26:789:30 | (...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:789:26:789:35 | ... .m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:789:27:789:29 | * ... | | main.rs:743:5:744:19 | S | -| main.rs:789:27:789:29 | * ... | T | main.rs:746:5:747:14 | S2 | -| main.rs:789:28:789:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:789:28:789:29 | x6 | &T | main.rs:743:5:744:19 | S | -| main.rs:789:28:789:29 | x6 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:796:16:796:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:796:16:796:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:799:16:799:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:799:16:799:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:799:32:801:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:799:32:801:9 | { ... } | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:800:13:800:16 | self | | file://:0:0:0:0 | & | -| main.rs:800:13:800:16 | self | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:800:13:800:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:800:13:800:22 | self.foo() | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:808:16:808:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:808:16:808:20 | SelfParam | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:808:36:810:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:808:36:810:9 | { ... } | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:809:13:809:16 | self | | file://:0:0:0:0 | & | -| main.rs:809:13:809:16 | self | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:814:13:814:13 | x | | main.rs:804:5:804:20 | MyStruct | -| main.rs:814:17:814:24 | MyStruct | | main.rs:804:5:804:20 | MyStruct | -| main.rs:815:9:815:9 | x | | main.rs:804:5:804:20 | MyStruct | -| main.rs:815:9:815:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:815:9:815:15 | x.bar() | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:825:16:825:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:825:16:825:20 | SelfParam | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:825:16:825:20 | SelfParam | &T.T | main.rs:824:10:824:10 | T | -| main.rs:825:32:827:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:825:32:827:9 | { ... } | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:825:32:827:9 | { ... } | &T.T | main.rs:824:10:824:10 | T | -| main.rs:826:13:826:16 | self | | file://:0:0:0:0 | & | -| main.rs:826:13:826:16 | self | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:826:13:826:16 | self | &T.T | main.rs:824:10:824:10 | T | -| main.rs:831:13:831:13 | x | | main.rs:822:5:822:26 | MyStruct | -| main.rs:831:13:831:13 | x | T | main.rs:820:5:820:13 | S | -| main.rs:831:17:831:27 | MyStruct(...) | | main.rs:822:5:822:26 | MyStruct | -| main.rs:831:17:831:27 | MyStruct(...) | T | main.rs:820:5:820:13 | S | -| main.rs:831:26:831:26 | S | | main.rs:820:5:820:13 | S | -| main.rs:832:9:832:9 | x | | main.rs:822:5:822:26 | MyStruct | -| main.rs:832:9:832:9 | x | T | main.rs:820:5:820:13 | S | -| main.rs:832:9:832:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:832:9:832:15 | x.foo() | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:832:9:832:15 | x.foo() | &T.T | main.rs:820:5:820:13 | S | -| main.rs:840:15:840:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:840:15:840:19 | SelfParam | &T | main.rs:837:5:837:13 | S | -| main.rs:840:31:842:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:840:31:842:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:841:13:841:19 | &... | | file://:0:0:0:0 | & | -| main.rs:841:13:841:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:841:14:841:19 | &... | | file://:0:0:0:0 | & | -| main.rs:841:14:841:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:841:15:841:19 | &self | | file://:0:0:0:0 | & | -| main.rs:841:15:841:19 | &self | &T | main.rs:837:5:837:13 | S | -| main.rs:841:16:841:19 | self | | file://:0:0:0:0 | & | -| main.rs:841:16:841:19 | self | &T | main.rs:837:5:837:13 | S | -| main.rs:844:15:844:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:844:15:844:25 | SelfParam | &T | main.rs:837:5:837:13 | S | -| main.rs:844:37:846:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:844:37:846:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:845:13:845:19 | &... | | file://:0:0:0:0 | & | -| main.rs:845:13:845:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:845:14:845:19 | &... | | file://:0:0:0:0 | & | -| main.rs:845:14:845:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:845:15:845:19 | &self | | file://:0:0:0:0 | & | -| main.rs:845:15:845:19 | &self | &T | main.rs:837:5:837:13 | S | -| main.rs:845:16:845:19 | self | | file://:0:0:0:0 | & | -| main.rs:845:16:845:19 | self | &T | main.rs:837:5:837:13 | S | -| main.rs:848:15:848:15 | x | | file://:0:0:0:0 | & | -| main.rs:848:15:848:15 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:848:34:850:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:848:34:850:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:849:13:849:13 | x | | file://:0:0:0:0 | & | -| main.rs:849:13:849:13 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:852:15:852:15 | x | | file://:0:0:0:0 | & | -| main.rs:852:15:852:15 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:852:34:854:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:852:34:854:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:853:13:853:16 | &... | | file://:0:0:0:0 | & | -| main.rs:853:13:853:16 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:853:14:853:16 | &... | | file://:0:0:0:0 | & | -| main.rs:853:14:853:16 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:853:15:853:16 | &x | | file://:0:0:0:0 | & | -| main.rs:853:15:853:16 | &x | &T | main.rs:837:5:837:13 | S | -| main.rs:853:16:853:16 | x | | file://:0:0:0:0 | & | -| main.rs:853:16:853:16 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:858:13:858:13 | x | | main.rs:837:5:837:13 | S | -| main.rs:858:17:858:20 | S {...} | | main.rs:837:5:837:13 | S | -| main.rs:859:9:859:9 | x | | main.rs:837:5:837:13 | S | -| main.rs:859:9:859:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:859:9:859:14 | x.f1() | &T | main.rs:837:5:837:13 | S | -| main.rs:860:9:860:9 | x | | main.rs:837:5:837:13 | S | -| main.rs:860:9:860:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:860:9:860:14 | x.f2() | &T | main.rs:837:5:837:13 | S | -| main.rs:861:9:861:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:861:9:861:17 | ...::f3(...) | &T | main.rs:837:5:837:13 | S | -| main.rs:861:15:861:16 | &x | | file://:0:0:0:0 | & | -| main.rs:861:15:861:16 | &x | &T | main.rs:837:5:837:13 | S | -| main.rs:861:16:861:16 | x | | main.rs:837:5:837:13 | S | -| main.rs:867:5:867:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:868:5:868:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:868:20:868:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:868:41:868:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:376:21:376:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:376:21:376:25 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:378:20:378:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:378:20:378:24 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:380:20:380:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:380:20:380:24 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:396:15:396:18 | SelfParam | | main.rs:383:5:384:13 | S | +| main.rs:396:45:398:9 | { ... } | | main.rs:389:5:390:14 | AT | +| main.rs:397:13:397:14 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:406:19:406:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:406:19:406:23 | SelfParam | &T | main.rs:383:5:384:13 | S | +| main.rs:406:26:406:26 | a | | main.rs:406:16:406:16 | A | +| main.rs:406:46:408:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:406:46:408:9 | { ... } | A | main.rs:406:16:406:16 | A | +| main.rs:407:13:407:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:407:13:407:32 | Wrapper {...} | A | main.rs:406:16:406:16 | A | +| main.rs:407:30:407:30 | a | | main.rs:406:16:406:16 | A | +| main.rs:415:15:415:18 | SelfParam | | main.rs:386:5:387:14 | S2 | +| main.rs:415:45:417:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:415:45:417:9 | { ... } | A | main.rs:386:5:387:14 | S2 | +| main.rs:416:13:416:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:416:13:416:35 | Wrapper {...} | A | main.rs:386:5:387:14 | S2 | +| main.rs:416:30:416:33 | self | | main.rs:386:5:387:14 | S2 | +| main.rs:422:30:424:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:422:30:424:9 | { ... } | A | main.rs:386:5:387:14 | S2 | +| main.rs:423:13:423:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:423:13:423:33 | Wrapper {...} | A | main.rs:386:5:387:14 | S2 | +| main.rs:423:30:423:31 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:428:22:428:26 | thing | | main.rs:428:10:428:19 | T | +| main.rs:429:9:429:13 | thing | | main.rs:428:10:428:19 | T | +| main.rs:436:21:436:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:436:21:436:25 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:436:34:438:9 | { ... } | | main.rs:389:5:390:14 | AT | +| main.rs:437:13:437:14 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:440:20:440:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:440:20:440:24 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:440:43:442:9 | { ... } | | main.rs:383:5:384:13 | S | +| main.rs:441:13:441:13 | S | | main.rs:383:5:384:13 | S | +| main.rs:444:20:444:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:444:20:444:24 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:444:43:446:9 | { ... } | | main.rs:386:5:387:14 | S2 | +| main.rs:445:13:445:14 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:450:13:450:14 | x1 | | main.rs:383:5:384:13 | S | +| main.rs:450:18:450:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:452:26:452:27 | x1 | | main.rs:383:5:384:13 | S | +| main.rs:452:26:452:32 | x1.m1() | | main.rs:389:5:390:14 | AT | +| main.rs:454:13:454:14 | x2 | | main.rs:383:5:384:13 | S | +| main.rs:454:18:454:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:456:13:456:13 | y | | main.rs:389:5:390:14 | AT | +| main.rs:456:17:456:18 | x2 | | main.rs:383:5:384:13 | S | +| main.rs:456:17:456:23 | x2.m2() | | main.rs:389:5:390:14 | AT | +| main.rs:457:26:457:26 | y | | main.rs:389:5:390:14 | AT | +| main.rs:459:13:459:14 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:459:18:459:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:461:26:461:27 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:461:26:461:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | +| main.rs:464:26:464:27 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:466:20:466:20 | S | | main.rs:383:5:384:13 | S | +| main.rs:469:13:469:14 | x5 | | main.rs:386:5:387:14 | S2 | +| main.rs:469:18:469:19 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:470:26:470:27 | x5 | | main.rs:386:5:387:14 | S2 | +| main.rs:470:26:470:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:471:13:471:14 | x6 | | main.rs:386:5:387:14 | S2 | +| main.rs:471:18:471:19 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:472:26:472:27 | x6 | | main.rs:386:5:387:14 | S2 | +| main.rs:472:26:472:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:472:26:472:32 | x6.m2() | A | main.rs:386:5:387:14 | S2 | +| main.rs:474:13:474:22 | assoc_zero | | main.rs:389:5:390:14 | AT | +| main.rs:474:26:474:27 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:474:26:474:38 | AT.get_zero() | | main.rs:389:5:390:14 | AT | +| main.rs:475:13:475:21 | assoc_one | | main.rs:383:5:384:13 | S | +| main.rs:475:25:475:26 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:475:25:475:36 | AT.get_one() | | main.rs:383:5:384:13 | S | +| main.rs:476:13:476:21 | assoc_two | | main.rs:386:5:387:14 | S2 | +| main.rs:476:25:476:26 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:476:25:476:36 | AT.get_two() | | main.rs:386:5:387:14 | S2 | +| main.rs:493:15:493:18 | SelfParam | | main.rs:481:5:485:5 | MyEnum | +| main.rs:493:15:493:18 | SelfParam | A | main.rs:492:10:492:10 | T | +| main.rs:493:26:498:9 | { ... } | | main.rs:492:10:492:10 | T | +| main.rs:494:13:497:13 | match self { ... } | | main.rs:492:10:492:10 | T | +| main.rs:494:19:494:22 | self | | main.rs:481:5:485:5 | MyEnum | +| main.rs:494:19:494:22 | self | A | main.rs:492:10:492:10 | T | +| main.rs:495:28:495:28 | a | | main.rs:492:10:492:10 | T | +| main.rs:495:34:495:34 | a | | main.rs:492:10:492:10 | T | +| main.rs:496:30:496:30 | a | | main.rs:492:10:492:10 | T | +| main.rs:496:37:496:37 | a | | main.rs:492:10:492:10 | T | +| main.rs:502:13:502:13 | x | | main.rs:481:5:485:5 | MyEnum | +| main.rs:502:13:502:13 | x | A | main.rs:487:5:488:14 | S1 | +| main.rs:502:17:502:30 | ...::C1(...) | | main.rs:481:5:485:5 | MyEnum | +| main.rs:502:17:502:30 | ...::C1(...) | A | main.rs:487:5:488:14 | S1 | +| main.rs:502:28:502:29 | S1 | | main.rs:487:5:488:14 | S1 | +| main.rs:503:13:503:13 | y | | main.rs:481:5:485:5 | MyEnum | +| main.rs:503:13:503:13 | y | A | main.rs:489:5:490:14 | S2 | +| main.rs:503:17:503:36 | ...::C2 {...} | | main.rs:481:5:485:5 | MyEnum | +| main.rs:503:17:503:36 | ...::C2 {...} | A | main.rs:489:5:490:14 | S2 | +| main.rs:503:33:503:34 | S2 | | main.rs:489:5:490:14 | S2 | +| main.rs:505:26:505:26 | x | | main.rs:481:5:485:5 | MyEnum | +| main.rs:505:26:505:26 | x | A | main.rs:487:5:488:14 | S1 | +| main.rs:505:26:505:31 | x.m1() | | main.rs:487:5:488:14 | S1 | +| main.rs:506:26:506:26 | y | | main.rs:481:5:485:5 | MyEnum | +| main.rs:506:26:506:26 | y | A | main.rs:489:5:490:14 | S2 | +| main.rs:506:26:506:31 | y.m1() | | main.rs:489:5:490:14 | S2 | +| main.rs:528:15:528:18 | SelfParam | | main.rs:526:5:529:5 | Self [trait MyTrait1] | +| main.rs:532:15:532:18 | SelfParam | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:535:9:541:9 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:536:13:540:13 | if ... {...} else {...} | | main.rs:531:20:531:22 | Tr2 | +| main.rs:536:26:538:13 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:537:17:537:20 | self | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:537:17:537:25 | self.m1() | | main.rs:531:20:531:22 | Tr2 | +| main.rs:538:20:540:13 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:539:17:539:30 | ...::m1(...) | | main.rs:531:20:531:22 | Tr2 | +| main.rs:539:26:539:29 | self | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:545:15:545:18 | SelfParam | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:548:9:554:9 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:549:13:553:13 | if ... {...} else {...} | | main.rs:544:20:544:22 | Tr3 | +| main.rs:549:26:551:13 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:550:17:550:20 | self | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:550:17:550:25 | self.m2() | | main.rs:511:5:514:5 | MyThing | +| main.rs:550:17:550:25 | self.m2() | A | main.rs:544:20:544:22 | Tr3 | +| main.rs:550:17:550:27 | ... .a | | main.rs:544:20:544:22 | Tr3 | +| main.rs:551:20:553:13 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:17:552:30 | ...::m2(...) | | main.rs:511:5:514:5 | MyThing | +| main.rs:552:17:552:30 | ...::m2(...) | A | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:17:552:32 | ... .a | | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:26:552:29 | self | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:559:15:559:18 | SelfParam | | main.rs:511:5:514:5 | MyThing | +| main.rs:559:15:559:18 | SelfParam | A | main.rs:557:10:557:10 | T | +| main.rs:559:26:561:9 | { ... } | | main.rs:557:10:557:10 | T | +| main.rs:560:13:560:16 | self | | main.rs:511:5:514:5 | MyThing | +| main.rs:560:13:560:16 | self | A | main.rs:557:10:557:10 | T | +| main.rs:560:13:560:18 | self.a | | main.rs:557:10:557:10 | T | +| main.rs:568:15:568:18 | SelfParam | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:568:15:568:18 | SelfParam | A | main.rs:566:10:566:10 | T | +| main.rs:568:35:570:9 | { ... } | | main.rs:511:5:514:5 | MyThing | +| main.rs:568:35:570:9 | { ... } | A | main.rs:566:10:566:10 | T | +| main.rs:569:13:569:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:569:13:569:33 | MyThing {...} | A | main.rs:566:10:566:10 | T | +| main.rs:569:26:569:29 | self | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:569:26:569:29 | self | A | main.rs:566:10:566:10 | T | +| main.rs:569:26:569:31 | self.a | | main.rs:566:10:566:10 | T | +| main.rs:578:13:578:13 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:578:13:578:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:578:17:578:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:578:17:578:33 | MyThing {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:578:30:578:31 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:579:13:579:13 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:579:13:579:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:579:17:579:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:579:17:579:33 | MyThing {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:579:30:579:31 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:581:26:581:26 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:581:26:581:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:581:26:581:31 | x.m1() | | main.rs:521:5:522:14 | S1 | +| main.rs:582:26:582:26 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:582:26:582:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:582:26:582:31 | y.m1() | | main.rs:523:5:524:14 | S2 | +| main.rs:584:13:584:13 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:584:13:584:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:584:17:584:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:584:17:584:33 | MyThing {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:584:30:584:31 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:585:13:585:13 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:585:13:585:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:585:17:585:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:585:17:585:33 | MyThing {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:585:30:585:31 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:587:26:587:26 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:587:26:587:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:587:26:587:31 | x.m2() | | main.rs:521:5:522:14 | S1 | +| main.rs:588:26:588:26 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:588:26:588:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:588:26:588:31 | y.m2() | | main.rs:523:5:524:14 | S2 | +| main.rs:590:13:590:13 | x | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:590:13:590:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:590:17:590:34 | MyThing2 {...} | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:590:17:590:34 | MyThing2 {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:590:31:590:32 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:591:13:591:13 | y | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:591:13:591:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:591:17:591:34 | MyThing2 {...} | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:591:17:591:34 | MyThing2 {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:591:31:591:32 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:593:26:593:26 | x | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:593:26:593:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:593:26:593:31 | x.m3() | | main.rs:521:5:522:14 | S1 | +| main.rs:594:26:594:26 | y | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:594:26:594:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:594:26:594:31 | y.m3() | | main.rs:523:5:524:14 | S2 | +| main.rs:612:22:612:22 | x | | file://:0:0:0:0 | & | +| main.rs:612:22:612:22 | x | &T | main.rs:612:11:612:19 | T | +| main.rs:612:35:614:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:612:35:614:5 | { ... } | &T | main.rs:612:11:612:19 | T | +| main.rs:613:9:613:9 | x | | file://:0:0:0:0 | & | +| main.rs:613:9:613:9 | x | &T | main.rs:612:11:612:19 | T | +| main.rs:617:17:617:20 | SelfParam | | main.rs:602:5:603:14 | S1 | +| main.rs:617:29:619:9 | { ... } | | main.rs:605:5:606:14 | S2 | +| main.rs:618:13:618:14 | S2 | | main.rs:605:5:606:14 | S2 | +| main.rs:622:21:622:21 | x | | main.rs:622:13:622:14 | T1 | +| main.rs:625:5:627:5 | { ... } | | main.rs:622:17:622:18 | T2 | +| main.rs:626:9:626:9 | x | | main.rs:622:13:622:14 | T1 | +| main.rs:626:9:626:16 | x.into() | | main.rs:622:17:622:18 | T2 | +| main.rs:630:13:630:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:630:17:630:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:631:26:631:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:631:26:631:31 | id(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:631:29:631:30 | &x | | file://:0:0:0:0 | & | +| main.rs:631:29:631:30 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:631:30:631:30 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:633:13:633:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:633:17:633:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:634:26:634:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:634:26:634:37 | id::<...>(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:634:35:634:36 | &x | | file://:0:0:0:0 | & | +| main.rs:634:35:634:36 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:634:36:634:36 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:636:13:636:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:636:17:636:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:637:26:637:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:637:26:637:44 | id::<...>(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:637:42:637:43 | &x | | file://:0:0:0:0 | & | +| main.rs:637:42:637:43 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:637:43:637:43 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:639:13:639:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:639:17:639:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:640:9:640:25 | into::<...>(...) | | main.rs:605:5:606:14 | S2 | +| main.rs:640:24:640:24 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:642:13:642:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:642:17:642:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:643:13:643:13 | y | | main.rs:605:5:606:14 | S2 | +| main.rs:643:21:643:27 | into(...) | | main.rs:605:5:606:14 | S2 | +| main.rs:643:26:643:26 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:673:13:673:14 | p1 | | main.rs:648:5:654:5 | PairOption | +| main.rs:673:13:673:14 | p1 | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:673:13:673:14 | p1 | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:673:26:673:53 | ...::PairBoth(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:673:26:673:53 | ...::PairBoth(...) | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:673:26:673:53 | ...::PairBoth(...) | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:673:47:673:48 | S1 | | main.rs:656:5:657:14 | S1 | +| main.rs:673:51:673:52 | S2 | | main.rs:659:5:660:14 | S2 | +| main.rs:674:26:674:27 | p1 | | main.rs:648:5:654:5 | PairOption | +| main.rs:674:26:674:27 | p1 | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:674:26:674:27 | p1 | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:677:13:677:14 | p2 | | main.rs:648:5:654:5 | PairOption | +| main.rs:677:26:677:47 | ...::PairNone(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:678:26:678:27 | p2 | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:13:681:14 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:13:681:14 | p3 | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:681:34:681:56 | ...::PairSnd(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:34:681:56 | ...::PairSnd(...) | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:681:54:681:55 | S3 | | main.rs:662:5:663:14 | S3 | +| main.rs:682:26:682:27 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:682:26:682:27 | p3 | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:685:13:685:14 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:685:13:685:14 | p3 | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:685:35:685:56 | ...::PairNone(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:685:35:685:56 | ...::PairNone(...) | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:686:26:686:27 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:686:26:686:27 | p3 | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:699:16:699:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:699:16:699:24 | SelfParam | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:699:27:699:31 | value | | main.rs:697:19:697:19 | S | +| main.rs:701:21:701:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:701:21:701:29 | SelfParam | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:701:32:701:36 | value | | main.rs:697:19:697:19 | S | +| main.rs:702:13:702:16 | self | | file://:0:0:0:0 | & | +| main.rs:702:13:702:16 | self | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:702:22:702:26 | value | | main.rs:697:19:697:19 | S | +| main.rs:708:16:708:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:708:16:708:24 | SelfParam | &T | main.rs:691:5:695:5 | MyOption | +| main.rs:708:16:708:24 | SelfParam | &T.T | main.rs:706:10:706:10 | T | +| main.rs:708:27:708:31 | value | | main.rs:706:10:706:10 | T | +| main.rs:712:26:714:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:712:26:714:9 | { ... } | T | main.rs:711:10:711:10 | T | +| main.rs:713:13:713:30 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:713:13:713:30 | ...::MyNone(...) | T | main.rs:711:10:711:10 | T | +| main.rs:718:20:718:23 | SelfParam | | main.rs:691:5:695:5 | MyOption | +| main.rs:718:20:718:23 | SelfParam | T | main.rs:691:5:695:5 | MyOption | +| main.rs:718:20:718:23 | SelfParam | T.T | main.rs:717:10:717:10 | T | +| main.rs:718:41:723:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:718:41:723:9 | { ... } | T | main.rs:717:10:717:10 | T | +| main.rs:719:13:722:13 | match self { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:719:13:722:13 | match self { ... } | T | main.rs:717:10:717:10 | T | +| main.rs:719:19:719:22 | self | | main.rs:691:5:695:5 | MyOption | +| main.rs:719:19:719:22 | self | T | main.rs:691:5:695:5 | MyOption | +| main.rs:719:19:719:22 | self | T.T | main.rs:717:10:717:10 | T | +| main.rs:720:39:720:56 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:720:39:720:56 | ...::MyNone(...) | T | main.rs:717:10:717:10 | T | +| main.rs:721:34:721:34 | x | | main.rs:691:5:695:5 | MyOption | +| main.rs:721:34:721:34 | x | T | main.rs:717:10:717:10 | T | +| main.rs:721:40:721:40 | x | | main.rs:691:5:695:5 | MyOption | +| main.rs:721:40:721:40 | x | T | main.rs:717:10:717:10 | T | +| main.rs:730:13:730:14 | x1 | | main.rs:691:5:695:5 | MyOption | +| main.rs:730:18:730:37 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:731:26:731:27 | x1 | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:13:733:18 | mut x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:13:733:18 | mut x2 | T | main.rs:726:5:727:13 | S | +| main.rs:733:22:733:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:22:733:36 | ...::new(...) | T | main.rs:726:5:727:13 | S | +| main.rs:734:9:734:10 | x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:734:9:734:10 | x2 | T | main.rs:726:5:727:13 | S | +| main.rs:734:16:734:16 | S | | main.rs:726:5:727:13 | S | +| main.rs:735:26:735:27 | x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:735:26:735:27 | x2 | T | main.rs:726:5:727:13 | S | +| main.rs:737:13:737:18 | mut x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:737:22:737:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:738:9:738:10 | x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:738:21:738:21 | S | | main.rs:726:5:727:13 | S | +| main.rs:739:26:739:27 | x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:13:741:18 | mut x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:13:741:18 | mut x4 | T | main.rs:726:5:727:13 | S | +| main.rs:741:22:741:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:22:741:36 | ...::new(...) | T | main.rs:726:5:727:13 | S | +| main.rs:742:23:742:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:742:23:742:29 | &mut x4 | &T | main.rs:691:5:695:5 | MyOption | +| main.rs:742:23:742:29 | &mut x4 | &T.T | main.rs:726:5:727:13 | S | +| main.rs:742:28:742:29 | x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:742:28:742:29 | x4 | T | main.rs:726:5:727:13 | S | +| main.rs:742:32:742:32 | S | | main.rs:726:5:727:13 | S | +| main.rs:743:26:743:27 | x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:743:26:743:27 | x4 | T | main.rs:726:5:727:13 | S | +| main.rs:745:13:745:14 | x5 | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:13:745:14 | x5 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:745:13:745:14 | x5 | T.T | main.rs:726:5:727:13 | S | +| main.rs:745:18:745:58 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:18:745:58 | ...::MySome(...) | T | main.rs:691:5:695:5 | MyOption | +| main.rs:745:18:745:58 | ...::MySome(...) | T.T | main.rs:726:5:727:13 | S | +| main.rs:745:35:745:57 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:35:745:57 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:746:26:746:27 | x5 | | main.rs:691:5:695:5 | MyOption | +| main.rs:746:26:746:27 | x5 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:746:26:746:27 | x5 | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:13:748:14 | x6 | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:13:748:14 | x6 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:748:13:748:14 | x6 | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:18:748:58 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:18:748:58 | ...::MySome(...) | T | main.rs:691:5:695:5 | MyOption | +| main.rs:748:18:748:58 | ...::MySome(...) | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:35:748:57 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:35:748:57 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:749:26:749:61 | ...::flatten(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:749:26:749:61 | ...::flatten(...) | T | main.rs:726:5:727:13 | S | +| main.rs:749:59:749:60 | x6 | | main.rs:691:5:695:5 | MyOption | +| main.rs:749:59:749:60 | x6 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:749:59:749:60 | x6 | T.T | main.rs:726:5:727:13 | S | +| main.rs:751:13:751:19 | from_if | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:13:751:19 | from_if | T | main.rs:726:5:727:13 | S | +| main.rs:751:23:755:9 | if ... {...} else {...} | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:23:755:9 | if ... {...} else {...} | T | main.rs:726:5:727:13 | S | +| main.rs:751:36:753:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:36:753:9 | { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:752:13:752:30 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:752:13:752:30 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:753:16:755:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:753:16:755:9 | { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:754:13:754:31 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:754:13:754:31 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:754:30:754:30 | S | | main.rs:726:5:727:13 | S | +| main.rs:756:26:756:32 | from_if | | main.rs:691:5:695:5 | MyOption | +| main.rs:756:26:756:32 | from_if | T | main.rs:726:5:727:13 | S | +| main.rs:758:13:758:22 | from_match | | main.rs:691:5:695:5 | MyOption | +| main.rs:758:13:758:22 | from_match | T | main.rs:726:5:727:13 | S | +| main.rs:758:26:761:9 | match ... { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:758:26:761:9 | match ... { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:759:21:759:38 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:759:21:759:38 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:760:22:760:40 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:760:22:760:40 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:760:39:760:39 | S | | main.rs:726:5:727:13 | S | +| main.rs:762:26:762:35 | from_match | | main.rs:691:5:695:5 | MyOption | +| main.rs:762:26:762:35 | from_match | T | main.rs:726:5:727:13 | S | +| main.rs:764:13:764:21 | from_loop | | main.rs:691:5:695:5 | MyOption | +| main.rs:764:13:764:21 | from_loop | T | main.rs:726:5:727:13 | S | +| main.rs:764:25:769:9 | loop { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:764:25:769:9 | loop { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:766:23:766:40 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:766:23:766:40 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:768:19:768:37 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:768:19:768:37 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:768:36:768:36 | S | | main.rs:726:5:727:13 | S | +| main.rs:770:26:770:34 | from_loop | | main.rs:691:5:695:5 | MyOption | +| main.rs:770:26:770:34 | from_loop | T | main.rs:726:5:727:13 | S | +| main.rs:783:15:783:18 | SelfParam | | main.rs:776:5:777:19 | S | +| main.rs:783:15:783:18 | SelfParam | T | main.rs:782:10:782:10 | T | +| main.rs:783:26:785:9 | { ... } | | main.rs:782:10:782:10 | T | +| main.rs:784:13:784:16 | self | | main.rs:776:5:777:19 | S | +| main.rs:784:13:784:16 | self | T | main.rs:782:10:782:10 | T | +| main.rs:784:13:784:18 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:787:15:787:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:787:15:787:19 | SelfParam | &T | main.rs:776:5:777:19 | S | +| main.rs:787:15:787:19 | SelfParam | &T.T | main.rs:782:10:782:10 | T | +| main.rs:787:28:789:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:787:28:789:9 | { ... } | &T | main.rs:782:10:782:10 | T | +| main.rs:788:13:788:19 | &... | | file://:0:0:0:0 | & | +| main.rs:788:13:788:19 | &... | &T | main.rs:782:10:782:10 | T | +| main.rs:788:14:788:17 | self | | file://:0:0:0:0 | & | +| main.rs:788:14:788:17 | self | &T | main.rs:776:5:777:19 | S | +| main.rs:788:14:788:17 | self | &T.T | main.rs:782:10:782:10 | T | +| main.rs:788:14:788:19 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:791:15:791:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:791:15:791:25 | SelfParam | &T | main.rs:776:5:777:19 | S | +| main.rs:791:15:791:25 | SelfParam | &T.T | main.rs:782:10:782:10 | T | +| main.rs:791:34:793:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:791:34:793:9 | { ... } | &T | main.rs:782:10:782:10 | T | +| main.rs:792:13:792:19 | &... | | file://:0:0:0:0 | & | +| main.rs:792:13:792:19 | &... | &T | main.rs:782:10:782:10 | T | +| main.rs:792:14:792:17 | self | | file://:0:0:0:0 | & | +| main.rs:792:14:792:17 | self | &T | main.rs:776:5:777:19 | S | +| main.rs:792:14:792:17 | self | &T.T | main.rs:782:10:782:10 | T | +| main.rs:792:14:792:19 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:797:13:797:14 | x1 | | main.rs:776:5:777:19 | S | +| main.rs:797:13:797:14 | x1 | T | main.rs:779:5:780:14 | S2 | +| main.rs:797:18:797:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:797:18:797:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:797:20:797:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:798:26:798:27 | x1 | | main.rs:776:5:777:19 | S | +| main.rs:798:26:798:27 | x1 | T | main.rs:779:5:780:14 | S2 | +| main.rs:798:26:798:32 | x1.m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:800:13:800:14 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:800:13:800:14 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:800:18:800:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:800:18:800:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:800:20:800:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:802:26:802:27 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:802:26:802:27 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:802:26:802:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:802:26:802:32 | x2.m2() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:803:26:803:27 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:803:26:803:27 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:803:26:803:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:803:26:803:32 | x2.m3() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:805:13:805:14 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:805:13:805:14 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:805:18:805:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:805:18:805:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:805:20:805:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:807:26:807:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:807:26:807:41 | ...::m2(...) | &T | main.rs:779:5:780:14 | S2 | +| main.rs:807:38:807:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:807:38:807:40 | &x3 | &T | main.rs:776:5:777:19 | S | +| main.rs:807:38:807:40 | &x3 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:807:39:807:40 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:807:39:807:40 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:808:26:808:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:808:26:808:41 | ...::m3(...) | &T | main.rs:779:5:780:14 | S2 | +| main.rs:808:38:808:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:808:38:808:40 | &x3 | &T | main.rs:776:5:777:19 | S | +| main.rs:808:38:808:40 | &x3 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:808:39:808:40 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:808:39:808:40 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:810:13:810:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:810:13:810:14 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:810:13:810:14 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:810:18:810:23 | &... | | file://:0:0:0:0 | & | +| main.rs:810:18:810:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:810:18:810:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:810:19:810:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:810:19:810:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:810:21:810:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:812:26:812:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:812:26:812:27 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:812:26:812:27 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:812:26:812:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:812:26:812:32 | x4.m2() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:813:26:813:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:813:26:813:27 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:813:26:813:27 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:813:26:813:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:813:26:813:32 | x4.m3() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:815:13:815:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:815:13:815:14 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:815:13:815:14 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:815:18:815:23 | &... | | file://:0:0:0:0 | & | +| main.rs:815:18:815:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:815:18:815:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:815:19:815:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:815:19:815:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:815:21:815:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:817:26:817:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:817:26:817:27 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:817:26:817:27 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:817:26:817:32 | x5.m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:818:26:818:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:818:26:818:27 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:818:26:818:27 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:818:26:818:29 | x5.0 | | main.rs:779:5:780:14 | S2 | +| main.rs:820:13:820:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:820:13:820:14 | x6 | &T | main.rs:776:5:777:19 | S | +| main.rs:820:13:820:14 | x6 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:820:18:820:23 | &... | | file://:0:0:0:0 | & | +| main.rs:820:18:820:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:820:18:820:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:820:19:820:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:820:19:820:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:820:21:820:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:822:26:822:30 | (...) | | main.rs:776:5:777:19 | S | +| main.rs:822:26:822:30 | (...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:822:26:822:35 | ... .m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:822:27:822:29 | * ... | | main.rs:776:5:777:19 | S | +| main.rs:822:27:822:29 | * ... | T | main.rs:779:5:780:14 | S2 | +| main.rs:822:28:822:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:822:28:822:29 | x6 | &T | main.rs:776:5:777:19 | S | +| main.rs:822:28:822:29 | x6 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:829:16:829:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:829:16:829:20 | SelfParam | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:832:16:832:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:832:16:832:20 | SelfParam | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:832:32:834:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:832:32:834:9 | { ... } | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:833:13:833:16 | self | | file://:0:0:0:0 | & | +| main.rs:833:13:833:16 | self | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:833:13:833:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:833:13:833:22 | self.foo() | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:841:16:841:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:841:16:841:20 | SelfParam | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:841:36:843:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:841:36:843:9 | { ... } | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:842:13:842:16 | self | | file://:0:0:0:0 | & | +| main.rs:842:13:842:16 | self | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:847:13:847:13 | x | | main.rs:837:5:837:20 | MyStruct | +| main.rs:847:17:847:24 | MyStruct | | main.rs:837:5:837:20 | MyStruct | +| main.rs:848:9:848:9 | x | | main.rs:837:5:837:20 | MyStruct | +| main.rs:848:9:848:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:848:9:848:15 | x.bar() | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:858:16:858:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:858:16:858:20 | SelfParam | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:858:16:858:20 | SelfParam | &T.T | main.rs:857:10:857:10 | T | +| main.rs:858:32:860:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:858:32:860:9 | { ... } | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:858:32:860:9 | { ... } | &T.T | main.rs:857:10:857:10 | T | +| main.rs:859:13:859:16 | self | | file://:0:0:0:0 | & | +| main.rs:859:13:859:16 | self | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:859:13:859:16 | self | &T.T | main.rs:857:10:857:10 | T | +| main.rs:864:13:864:13 | x | | main.rs:855:5:855:26 | MyStruct | +| main.rs:864:13:864:13 | x | T | main.rs:853:5:853:13 | S | +| main.rs:864:17:864:27 | MyStruct(...) | | main.rs:855:5:855:26 | MyStruct | +| main.rs:864:17:864:27 | MyStruct(...) | T | main.rs:853:5:853:13 | S | +| main.rs:864:26:864:26 | S | | main.rs:853:5:853:13 | S | +| main.rs:865:9:865:9 | x | | main.rs:855:5:855:26 | MyStruct | +| main.rs:865:9:865:9 | x | T | main.rs:853:5:853:13 | S | +| main.rs:865:9:865:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:865:9:865:15 | x.foo() | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:865:9:865:15 | x.foo() | &T.T | main.rs:853:5:853:13 | S | +| main.rs:873:15:873:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:873:15:873:19 | SelfParam | &T | main.rs:870:5:870:13 | S | +| main.rs:873:31:875:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:873:31:875:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:874:13:874:19 | &... | | file://:0:0:0:0 | & | +| main.rs:874:13:874:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:874:14:874:19 | &... | | file://:0:0:0:0 | & | +| main.rs:874:14:874:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:874:15:874:19 | &self | | file://:0:0:0:0 | & | +| main.rs:874:15:874:19 | &self | &T | main.rs:870:5:870:13 | S | +| main.rs:874:16:874:19 | self | | file://:0:0:0:0 | & | +| main.rs:874:16:874:19 | self | &T | main.rs:870:5:870:13 | S | +| main.rs:877:15:877:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:877:15:877:25 | SelfParam | &T | main.rs:870:5:870:13 | S | +| main.rs:877:37:879:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:877:37:879:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:878:13:878:19 | &... | | file://:0:0:0:0 | & | +| main.rs:878:13:878:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:878:14:878:19 | &... | | file://:0:0:0:0 | & | +| main.rs:878:14:878:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:878:15:878:19 | &self | | file://:0:0:0:0 | & | +| main.rs:878:15:878:19 | &self | &T | main.rs:870:5:870:13 | S | +| main.rs:878:16:878:19 | self | | file://:0:0:0:0 | & | +| main.rs:878:16:878:19 | self | &T | main.rs:870:5:870:13 | S | +| main.rs:881:15:881:15 | x | | file://:0:0:0:0 | & | +| main.rs:881:15:881:15 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:881:34:883:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:881:34:883:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:882:13:882:13 | x | | file://:0:0:0:0 | & | +| main.rs:882:13:882:13 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:885:15:885:15 | x | | file://:0:0:0:0 | & | +| main.rs:885:15:885:15 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:885:34:887:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:885:34:887:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:886:13:886:16 | &... | | file://:0:0:0:0 | & | +| main.rs:886:13:886:16 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:886:14:886:16 | &... | | file://:0:0:0:0 | & | +| main.rs:886:14:886:16 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:886:15:886:16 | &x | | file://:0:0:0:0 | & | +| main.rs:886:15:886:16 | &x | &T | main.rs:870:5:870:13 | S | +| main.rs:886:16:886:16 | x | | file://:0:0:0:0 | & | +| main.rs:886:16:886:16 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:891:13:891:13 | x | | main.rs:870:5:870:13 | S | +| main.rs:891:17:891:20 | S {...} | | main.rs:870:5:870:13 | S | +| main.rs:892:9:892:9 | x | | main.rs:870:5:870:13 | S | +| main.rs:892:9:892:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:892:9:892:14 | x.f1() | &T | main.rs:870:5:870:13 | S | +| main.rs:893:9:893:9 | x | | main.rs:870:5:870:13 | S | +| main.rs:893:9:893:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:893:9:893:14 | x.f2() | &T | main.rs:870:5:870:13 | S | +| main.rs:894:9:894:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:894:9:894:17 | ...::f3(...) | &T | main.rs:870:5:870:13 | S | +| main.rs:894:15:894:16 | &x | | file://:0:0:0:0 | & | +| main.rs:894:15:894:16 | &x | &T | main.rs:870:5:870:13 | S | +| main.rs:894:16:894:16 | x | | main.rs:870:5:870:13 | S | +| main.rs:900:5:900:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:901:5:901:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:901:20:901:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:901:41:901:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From 9c1567375defeceb6b864460d766ff7c43493952 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 16:17:42 +0100 Subject: [PATCH 286/409] Shared: Implement getInconsistencyCounts for SSA. --- .../diagnostics/SsaConsistencyCounts.expected | 10 ++++ shared/ssa/codeql/ssa/Ssa.qll | 47 ++++++++++++++++++- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected index e69de29bb2d1..7e264176d32d 100644 --- a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected +++ b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected @@ -0,0 +1,10 @@ +| Definition cannot reach a read | 0 | +| End of a basic block can be reached by multiple definitions | 0 | +| Phi has less than 2 immediately prior references | 0 | +| Phi node has less than two inputs | 0 | +| Phi read has less than 2 immediately prior references | 0 | +| Read can be reached from multiple definitions | 0 | +| Read cannot be reached from a definition | 0 | +| Read does not have a prior reference | 0 | +| Read has multiple prior references | 0 | +| Read is not dominated by a definition | 0 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index d9bfdf62d901..a0a8a1c864de 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1473,7 +1473,52 @@ module Make Input> { * Gets counts of inconsistencies of each type. */ int getInconsistencyCounts(string type) { - type = "" and result = 0 + // total results from all the SSA consistency query predicates. + type = "Read can be reached from multiple definitions" and + result = + count(Definition def, SourceVariable v, BasicBlock bb, int i | nonUniqueDef(def, v, bb, i)) + or + type = "Read cannot be reached from a definition" and + result = count(SourceVariable v, BasicBlock bb, int i | readWithoutDef(v, bb, i)) + or + type = "Definition cannot reach a read" and + result = count(Definition def, SourceVariable v | deadDef(def, v)) + or + type = "Read is not dominated by a definition" and + result = + count(Definition def, SourceVariable v, BasicBlock bb, int i | + notDominatedByDef(def, v, bb, i) + ) + or + type = "End of a basic block can be reached by multiple definitions" and + result = + count(Definition def, SourceVariable v, BasicBlock bb | + nonUniqueDefReachesEndOfBlock(def, v, bb) + ) + or + type = "Phi node has less than two inputs" and + result = count(PhiNode phi, int inputs | uselessPhiNode(phi, inputs)) + or + type = "Read does not have a prior reference" and + result = count(SourceVariable v, BasicBlock bb, int i | readWithoutPriorRef(v, bb, i)) + or + type = "Read has multiple prior references" and + result = + count(SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2 | + readWithMultiplePriorRefs(v, bb1, i1, bb2, i2) + ) + or + type = "Phi has less than 2 immediately prior references" and + result = + count(PhiNode phi, BasicBlock bbPhi, SourceVariable v, int inputRefs | + phiWithoutTwoPriorRefs(phi, bbPhi, v, inputRefs) + ) + or + type = "Phi read has less than 2 immediately prior references" and + result = + count(BasicBlock bbPhi, SourceVariable v, int inputRefs | + phiReadWithoutTwoPriorRefs(bbPhi, v, inputRefs) + ) } } From ee54ba4c489b33290d7ca3661bc439da28d49131 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 17:01:19 +0100 Subject: [PATCH 287/409] Rust: Autoformat. --- rust/ql/consistency-queries/SsaConsistency.ql | 2 +- rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/consistency-queries/SsaConsistency.ql b/rust/ql/consistency-queries/SsaConsistency.ql index f28b71e2a7d6..1774f269749c 100644 --- a/rust/ql/consistency-queries/SsaConsistency.ql +++ b/rust/ql/consistency-queries/SsaConsistency.ql @@ -5,6 +5,6 @@ * @id rust/diagnostics/ssa-consistency */ - import codeql.rust.dataflow.Ssa +import codeql.rust.dataflow.Ssa import codeql.rust.dataflow.internal.SsaImpl import Consistency diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql index 8293b6883f9f..287f14f9707d 100644 --- a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -5,7 +5,7 @@ * @id rust/diagnostics/ssa-consistency-counts */ - private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl // see also `rust/diagnostics/ssa-consistency`, which lists the // individual inconsistency results. From ff07ec8d8c58749dded7417c17585f7dfdb80d73 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:43:50 +0200 Subject: [PATCH 288/409] Add flow summaries for TypedArray methods `set` and `subarray` --- .../internal/flow_summaries/TypedArrays.qll | 29 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 7 +++-- .../TaintTracking/typed-arrays.js | 4 --- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 788992d7c1ca..43c2a5e07e5a 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -36,3 +36,32 @@ class BufferTypedArray extends DataFlow::AdditionalFlowStep { ) } } + +class SetLike extends SummarizedCallable { + SetLike() { this = "TypedArray#set" } + + override InstanceCall getACall() { + result = typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("set").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "Argument[this].ArrayElement" + } +} + +class SubArrayLike extends SummarizedCallable { + SubArrayLike() { this = "TypedArray#subarray" } + + override InstanceCall getACall() { + result = + typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("subarray").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 3856dfe15f8d..78dbc3dc5dc7 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -38,14 +38,13 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:15 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:18 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -334,6 +333,8 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 4ccf64131b60..1b66d5491d90 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -16,8 +16,4 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK - - const clone = new y.constructor(y.length); - clone.set(y); - sink(clone); // NOT OK } From 0e099474c56b9157905478c7cb0881e28124ec41 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:50:46 +0200 Subject: [PATCH 289/409] Added test cases for `ArrayBuffer` and `SharedArrayBuffer` --- .../TaintTracking/BasicTaintTracking.expected | 4 ++++ .../library-tests/TaintTracking/typed-arrays.js | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 78dbc3dc5dc7..c51eb4793134 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -45,6 +45,10 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:26 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:30 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:34 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 1b66d5491d90..9b85e8f2804d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -16,4 +16,20 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK + + const buffer = new ArrayBuffer(x); + const view = new Uint8Array(buffer); + sink(view); // NOT OK + + const sharedBuffer = new SharedArrayBuffer(x); + const view1 = new Uint8Array(sharedBuffer); + sink(view1); // NOT OK + + const transfered = buffer.transfer(); + const transferedView = new Uint8Array(transfered); + sink(transferedView); // NOT OK + + const transfered2 = buffer.transferToFixedLength(); + const transferedView2 = new Uint8Array(transfered2); + sink(transferedView2); // NOT OK } From f4277204b7fb664be85d6c8cb80ddb6d84da1bd1 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:56:13 +0200 Subject: [PATCH 290/409] Add flow summaries and entry points for `ArrayBuffer` and `SharedArrayBuffer` --- .../internal/flow_summaries/TypedArrays.qll | 44 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 12 +++-- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 43c2a5e07e5a..81e84d806fd4 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -65,3 +65,47 @@ class SubArrayLike extends SummarizedCallable { output = "ReturnValue.ArrayElement" } } + +private class ArrayBufferEntryPoint extends API::EntryPoint { + ArrayBufferEntryPoint() { this = ["global.ArrayBuffer", "global.SharedArrayBuffer"] } + + override DataFlow::SourceNode getASource() { + result = DataFlow::globalVarRef(["ArrayBuffer", "SharedArrayBuffer"]) + } +} + +pragma[nomagic] +API::Node arrayBufferConstructorRef() { result = any(ArrayBufferEntryPoint a).getANode() } + +class ArrayBufferConstructorSummary extends SummarizedCallable { + ArrayBufferConstructorSummary() { this = "ArrayBuffer constructor" } + + override DataFlow::InvokeNode getACall() { + result = arrayBufferConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class TransferLike extends SummarizedCallable { + TransferLike() { this = "ArrayBuffer#transfer" } + + override InstanceCall getACall() { + result = + arrayBufferConstructorRef() + .getAnInstantiation() + .getReturn() + .getMember(["transfer", "transferToFixedLength"]) + .getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index c51eb4793134..fa33cf231254 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,15 +40,15 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:26 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:30 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:34 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -339,6 +339,10 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | From f28478e87668c644e3990254c4b8e1a921ee7878 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 14:23:44 +0200 Subject: [PATCH 291/409] Add test cases from `TypedArrays` to strings. --- .../TaintTracking/BasicTaintTracking.expected | 4 ++++ .../library-tests/TaintTracking/typed-arrays.js | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index fa33cf231254..b20e00624110 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -44,11 +44,14 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:50 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -343,6 +346,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 9b85e8f2804d..d2dc8b2168c4 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -32,4 +32,20 @@ function test() { const transfered2 = buffer.transferToFixedLength(); const transferedView2 = new Uint8Array(transfered2); sink(transferedView2); // NOT OK + + var typedArrayToString = (function () { + return function (a) { return String.fromCharCode.apply(null, a); }; + })(); + + sink(typedArrayToString(y)); // NOT OK -- Should be flagged but it is not. + + let str = ''; + for (let i = 0; i < y.length; i++) + str += String.fromCharCode(y[i]); + + sink(str); // NOT OK + + const decoder = new TextDecoder('utf-8'); + const str2 = decoder.decode(y); + sink(str2); // NOT OK } From b97c61864e904d0cde359132e600f899374deb94 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 14:37:52 +0200 Subject: [PATCH 292/409] Add flow summaries and entry points for `TextDecoder` --- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/Decoders.qll | 29 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 3 +- 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 20247b7e2681..dfbe9ef7da31 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -13,3 +13,4 @@ private import Strings private import DynamicImportStep private import UrlSearchParams private import TypedArrays +private import Decoders diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll new file mode 100644 index 000000000000..567a0403bcf5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -0,0 +1,29 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +private class TextDecoderEntryPoint extends API::EntryPoint { + TextDecoderEntryPoint() { this = "global.TextDecoder" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("TextDecoder") } +} + +pragma[nomagic] +API::Node textDecoderConstructorRef() { result = any(TextDecoderEntryPoint e).getANode() } + +class DecodeLike extends SummarizedCallable { + DecodeLike() { this = "TextDecoder#decode" } + + override InstanceCall getACall() { + result = + textDecoderConstructorRef().getAnInstantiation().getReturn().getMember("decode").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b20e00624110..e0cbc7b3b2eb 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -45,13 +45,13 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | | typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | -| typed-arrays.js:50 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -347,6 +347,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | From 873db7c1215e8fcee250c9f55a7c9061bed0e286 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 15:16:22 +0200 Subject: [PATCH 293/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md new file mode 100644 index 000000000000..f09e6831743b --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. From 5e74bdc8dda99bc7cdbc3007597e11c099734566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 7 Apr 2025 17:49:18 +0200 Subject: [PATCH 294/409] Disable csharp test failing on macos-15 --- .../all-platforms/diag_missing_project_files/test.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py index a2676d16d9c0..fa941f346df1 100644 --- a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py +++ b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py @@ -1,2 +1,8 @@ +import pytest +import runs_on + + +# Skipping the test on macos-15, as we're running into trouble. +@pytest.mark.only_if(not runs_on.macos_15) def test(codeql, csharp): codeql.database.create(_assert_failure=True) From 37db35431b4bf7886845c1e8db790ac2417618ba Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 16:44:42 -0700 Subject: [PATCH 295/409] Actions: Ensure autobuild invocations work when the CLI path contains spaces Quote the paths to the CodeQL CLI dist or autobuild scripts when invoked. This unblocks integration testing, since our integration tests always use a CLI with a space in its directory name. --- actions/extractor/tools/autobuild-impl.ps1 | 4 ++-- actions/extractor/tools/autobuild.cmd | 2 +- actions/extractor/tools/autobuild.sh | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/extractor/tools/autobuild-impl.ps1 b/actions/extractor/tools/autobuild-impl.ps1 index 1b7805efa041..5a5aa1ab53aa 100644 --- a/actions/extractor/tools/autobuild-impl.ps1 +++ b/actions/extractor/tools/autobuild-impl.ps1 @@ -21,7 +21,7 @@ if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) # Find the JavaScript extractor directory via `codeql resolve extractor`. $CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe' -$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript +$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &"$CodeQL" resolve extractor --language javascript if ($LASTEXITCODE -ne 0) { throw 'Failed to resolve JavaScript extractor.' } @@ -40,7 +40,7 @@ $env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTI $env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR $env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE -&$JavaScriptAutoBuild +&"$JavaScriptAutoBuild" if ($LASTEXITCODE -ne 0) { throw "JavaScript autobuilder failed." } diff --git a/actions/extractor/tools/autobuild.cmd b/actions/extractor/tools/autobuild.cmd index ff5ca89d94a4..cd05b9791109 100644 --- a/actions/extractor/tools/autobuild.cmd +++ b/actions/extractor/tools/autobuild.cmd @@ -1,3 +1,3 @@ @echo off rem All of the work is done in the PowerShell script -powershell.exe %~dp0autobuild-impl.ps1 +powershell.exe "%~dp0autobuild-impl.ps1" diff --git a/actions/extractor/tools/autobuild.sh b/actions/extractor/tools/autobuild.sh index ce6a02b5b762..703154f99c9b 100755 --- a/actions/extractor/tools/autobuild.sh +++ b/actions/extractor/tools/autobuild.sh @@ -26,7 +26,7 @@ else fi # Find the JavaScript extractor directory via `codeql resolve extractor`. -CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)" +CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$("${CODEQL_DIST}/codeql" resolve extractor --language javascript)" export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'." @@ -42,4 +42,4 @@ env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGN CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \ - ${JAVASCRIPT_AUTO_BUILD} + "${JAVASCRIPT_AUTO_BUILD}" From 0bb4ab950f46967171b83948e53a087151d0385c Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 17:46:28 -0700 Subject: [PATCH 296/409] Actions: Add integration test for default filter behaviour Include a reachable workflow, and several unreachable workflow files. Include action metadata files at various depths, all reachable. This test exercises the default filters when the user doesn't specify paths/paths-ignore. --- .../filters-default/actions.expected | 4 ++++ .../ql/integration-tests/filters-default/actions.ql | 5 +++++ .../filters-default/src/.github/action.yaml | 11 +++++++++++ .../src/.github/actions/action-name/action.yml | 11 +++++++++++ .../src/.github/unreachable-workflow.yml | 12 ++++++++++++ .../src/.github/workflows/workflow.yml | 12 ++++++++++++ .../integration-tests/filters-default/src/action.yml | 11 +++++++++++ .../filters-default/src/unreachable-workflow.yml | 12 ++++++++++++ actions/ql/integration-tests/filters-default/test.py | 2 ++ 9 files changed, 80 insertions(+) create mode 100644 actions/ql/integration-tests/filters-default/actions.expected create mode 100644 actions/ql/integration-tests/filters-default/actions.ql create mode 100644 actions/ql/integration-tests/filters-default/src/.github/action.yaml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml create mode 100755 actions/ql/integration-tests/filters-default/test.py diff --git a/actions/ql/integration-tests/filters-default/actions.expected b/actions/ql/integration-tests/filters-default/actions.expected new file mode 100644 index 000000000000..376c71bad6d4 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.expected @@ -0,0 +1,4 @@ +| src/.github/action.yaml:1:1:11:32 | name: ' ... action' | +| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | +| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | +| src/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters-default/actions.ql b/actions/ql/integration-tests/filters-default/actions.ql new file mode 100644 index 000000000000..f0a3e0ab297d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.ql @@ -0,0 +1,5 @@ +import actions + +from AstNode n +where n instanceof Workflow or n instanceof CompositeAction +select n diff --git a/actions/ql/integration-tests/filters-default/src/.github/action.yaml b/actions/ql/integration-tests/filters-default/src/.github/action.yaml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/action.yaml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml new file mode 100644 index 000000000000..8be09d6d07ea --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml @@ -0,0 +1,12 @@ +name: A workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/action.yml b/actions/ql/integration-tests/filters-default/src/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/test.py b/actions/ql/integration-tests/filters-default/test.py new file mode 100755 index 000000000000..c0ac8d191b9f --- /dev/null +++ b/actions/ql/integration-tests/filters-default/test.py @@ -0,0 +1,2 @@ +def test(codeql, actions): + codeql.database.create(source_root="src") From 5adf135134078edb021746e2050cffd74bae0380 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 00:22:09 +0000 Subject: [PATCH 297/409] Add changed framework coverage reports --- go/documentation/library-coverage/coverage.csv | 4 ++-- go/documentation/library-coverage/coverage.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go/documentation/library-coverage/coverage.csv b/go/documentation/library-coverage/coverage.csv index d8091bbda648..2aed94d84a50 100644 --- a/go/documentation/library-coverage/coverage.csv +++ b/go/documentation/library-coverage/coverage.csv @@ -56,7 +56,7 @@ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,,,7,,,,, github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,,,2,,, github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,,, github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,, -github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,,, +github.com/gogf/gf/database/gdb,51,39,21,,,,,,,,,,,,51,,,,,,39,,,,,21, github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,, github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,,,11, github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,, @@ -94,7 +94,7 @@ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1, github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,, github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,,, github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4, -github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,,, +github.com/uptrace/bun,63,8,,,,,,,,,,,,,63,,,,,,8,,,,,, github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,,,50,,5, go.mongodb.org/mongo-driver/mongo,14,11,5,,,,,14,,,,,,,,,,,,,11,,,,,5, go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,,,11, diff --git a/go/documentation/library-coverage/coverage.rst b/go/documentation/library-coverage/coverage.rst index 2f45f4b7e339..cad7baeb70f8 100644 --- a/go/documentation/library-coverage/coverage.rst +++ b/go/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ Go framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total) `Afero `_,``github.com/spf13/afero*``,,,34 - `Bun `_,``github.com/uptrace/bun*``,,,63 + `Bun `_,``github.com/uptrace/bun*``,8,,63 `CleverGo `_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2 `Couchbase official client(gocb) `_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",44,96,16 `Couchbase unofficial client `_,``github.com/couchbaselabs/gocb*``,22,48,8 @@ -22,7 +22,7 @@ Go framework & library support `Go kit `_,``github.com/go-kit/kit*``,,,1 `Go-spew `_,``github.com/davecgh/go-spew/spew*``,,,9 `GoDotEnv `_,``github.com/joho/godotenv*``,4,, - `GoFrame `_,``github.com/gogf/gf*``,,,51 + `GoFrame `_,``github.com/gogf/gf*``,39,21,51 `Gokogiri `_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10 `Iris `_,``github.com/kataras/iris*``,,,14 `Kubernetes `_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57, @@ -74,5 +74,5 @@ Go framework & library support `yaml `_,``gopkg.in/yaml*``,,9, `zap `_,``go.uber.org/zap*``,,11,33 Others,``github.com/kanikanema/gorqlite``,8,2,24 - Totals,,641,1048,1556 + Totals,,688,1069,1556 From 98b6e5ce2f28347d15e6aa963db3b10d70481030 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Mon, 7 Apr 2025 17:33:43 -0700 Subject: [PATCH 298/409] Docs: Fix formatting of GitHub Actions content Discovered in internal review of docs preview. Use double backticks to render inline code blocks. Use __ after inline hyperlinks. Use an extra blank line to format the Actions library predicates table correctly. Fix some rogue references to Ruby and case inconsistency. --- .../codeql-for-actions.rst | 2 +- .../codeql-library-for-actions.rst | 27 ++++++++++--------- ...customizing-library-models-for-actions.rst | 2 +- .../customizing-library-models-for-ruby.rst | 2 +- .../codeql/reusables/supported-frameworks.rst | 4 +-- 5 files changed, 19 insertions(+), 18 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst index d4597811a470..23b87193abf5 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -12,6 +12,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-library-for-actions customizing-library-models-for-actions -- :doc:`CodeQL library for GitHub Actions `: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. +- :doc:`CodeQL library for GitHub Actions `: When you're analyzing GitHub Actions code, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. - :doc:`Customizing library models for GitHub Actions `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 507438583c62..7be7f3c8cfe7 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -95,7 +95,7 @@ to all AST classes: * - ``getAChildNode()`` - Gets a child node of this node. * - ``getParentNode()`` - - Gets the parent of this `AstNode`, if this node is not a root node. + - Gets the parent of this ``AstNode``, if this node is not a root node. * - ``getATriggerEvent()`` - Gets an Actions trigger event that can start the enclosing Actions workflow, if any. @@ -104,9 +104,9 @@ Workflows ~~~~~~~~~ A workflow is a configurable automated process made up of one or more jobs, -defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. +defined in a workflow YAML file in the ``.github/workflows`` directory of a GitHub repository. -In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file. +In the CodeQL AST library, a ``Workflow`` is an ``AstNode`` representing the mapping at the top level of an Actions YAML workflow file. See the GitHub Actions documentation on `workflows `__ and `workflow syntax `__ for more information. @@ -116,16 +116,17 @@ See the GitHub Actions documentation on `workflows `, Workflows - `GitHub Actions action metadata YAML files `, Actions + `GitHub Actions workflow YAML files `__, Workflows + `GitHub Actions action metadata YAML files `__, Actions Go built-in support ================================ From cf4989e1f854a8fe63472ab1bccb59b375e7a73d Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Mon, 7 Apr 2025 17:37:21 -0700 Subject: [PATCH 299/409] Docs: Place GitHub Actions link lower in sidebar Order by the human-readable language name that is rendered, i.e. 'GitHub Actions', not 'actions'. --- docs/codeql/codeql-language-guides/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index f59d8163db21..ca03ebffd759 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -7,9 +7,9 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: - codeql-for-actions codeql-for-cpp codeql-for-csharp + codeql-for-actions codeql-for-go codeql-for-java codeql-for-javascript From 2f9be926fb8da5e8525f87e619592087f3a249dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 03:42:17 +0000 Subject: [PATCH 300/409] Bump golang.org/x/tools Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/tools` from 0.31.0 to 0.32.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] --- go/extractor/go.mod | 4 ++-- go/extractor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go/extractor/go.mod b/go/extractor/go.mod index de799a83fcab..737af893993f 100644 --- a/go/extractor/go.mod +++ b/go/extractor/go.mod @@ -10,7 +10,7 @@ toolchain go1.24.0 // bazel mod tidy require ( golang.org/x/mod v0.24.0 - golang.org/x/tools v0.31.0 + golang.org/x/tools v0.32.0 ) -require golang.org/x/sync v0.12.0 // indirect +require golang.org/x/sync v0.13.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum index 09ebfb8a2a8c..0fbc8831fb33 100644 --- a/go/extractor/go.sum +++ b/go/extractor/go.sum @@ -2,7 +2,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= -golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610= +golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= +golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= From df89739085904e75cc4f08b99ed7dc3f79500dbd Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:10:10 +0200 Subject: [PATCH 301/409] Added test cases for `open` package. --- .../query-tests/Security/CWE-022/TaintedPath/open.js | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js new file mode 100644 index 000000000000..10077281b3aa --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js @@ -0,0 +1,11 @@ +import open, {openApp, apps} from 'open'; + +const express = require('express'); +const app = express(); + +app.get('/open', (req, res) => { + const file = req.query.file; // $ MISSING: Source + + open(file); // $ MISSING: Alert + openApp(file); // $ MISSING: Alert +}); From b8802a29f4ca34b5057a9d9452315bb3428299b4 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:12:30 +0200 Subject: [PATCH 302/409] Added `open` package model as data. --- javascript/ql/lib/ext/open.model.yml | 7 +++++++ .../Security/CWE-022/TaintedPath/TaintedPath.expected | 9 +++++++++ .../query-tests/Security/CWE-022/TaintedPath/open.js | 6 +++--- 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/ext/open.model.yml diff --git a/javascript/ql/lib/ext/open.model.yml b/javascript/ql/lib/ext/open.model.yml new file mode 100644 index 000000000000..2159fe794d74 --- /dev/null +++ b/javascript/ql/lib/ext/open.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["open", "Argument[0]", "path-injection"] + - ["open", "Member[openApp].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 99be2545b8e3..88334b64c38b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -140,6 +140,8 @@ | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value | | normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | | normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | +| open.js:9:10:9:13 | file | open.js:7:18:7:31 | req.query.file | open.js:9:10:9:13 | file | This path depends on a $@. | open.js:7:18:7:31 | req.query.file | user-provided value | +| open.js:10:13:10:16 | file | open.js:7:18:7:31 | req.query.file | open.js:10:13:10:16 | file | This path depends on a $@. | open.js:7:18:7:31 | req.query.file | user-provided value | | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | @@ -561,6 +563,9 @@ edges | normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | provenance | | | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | normalizedPaths.js:412:7:412:46 | path | provenance | | | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | provenance | Config | +| open.js:7:11:7:31 | file | open.js:9:10:9:13 | file | provenance | | +| open.js:7:11:7:31 | file | open.js:10:13:10:16 | file | provenance | | +| open.js:7:18:7:31 | req.query.file | open.js:7:11:7:31 | file | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | provenance | | @@ -1116,6 +1121,10 @@ nodes | normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x | | normalizedPaths.js:415:19:415:22 | path | semmle.label | path | | normalizedPaths.js:426:21:426:24 | path | semmle.label | path | +| open.js:7:11:7:31 | file | semmle.label | file | +| open.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | +| open.js:9:10:9:13 | file | semmle.label | file | +| open.js:10:13:10:16 | file | semmle.label | file | | other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js index 10077281b3aa..ce93d6284a2a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js @@ -4,8 +4,8 @@ const express = require('express'); const app = express(); app.get('/open', (req, res) => { - const file = req.query.file; // $ MISSING: Source + const file = req.query.file; // $ Source - open(file); // $ MISSING: Alert - openApp(file); // $ MISSING: Alert + open(file); // $ Alert + openApp(file); // $ Alert }); From 4a4d78bbdef1eb882e0a0fec36281f1e4da31f97 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:12:42 +0200 Subject: [PATCH 303/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-open-package.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-open-package.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-open-package.md b/javascript/ql/lib/change-notes/2025-04-07-open-package.md new file mode 100644 index 000000000000..a4c02f0d6d9e --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-open-package.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for the `open` package. From 15606dd89414e44f2265e928aa0b8b3e9983d030 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 8 Apr 2025 08:20:54 +0200 Subject: [PATCH 304/409] Bazel: update to 8.1.1 --- .bazelversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bazelversion b/.bazelversion index ae9a76b9249a..0e79152459e0 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -8.0.0 +8.1.1 From fd3dcb2d00ab4b6eb345ba88b0ebd076fff08c16 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Apr 2025 09:27:02 +0100 Subject: [PATCH 305/409] Rust: More precise imports. --- rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql | 4 ++-- rust/ql/src/queries/summary/Stats.qll | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql index 287f14f9707d..7b79a275f0ad 100644 --- a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -5,10 +5,10 @@ * @id rust/diagnostics/ssa-consistency-counts */ -private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency // see also `rust/diagnostics/ssa-consistency`, which lists the // individual inconsistency results. from string type, int num -where num = SsaImpl::Consistency::getInconsistencyCounts(type) +where num = SsaConsistency::getInconsistencyCounts(type) select type, num diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2e9c93af7cc..17ce97871d0f 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -10,7 +10,7 @@ private import codeql.rust.internal.AstConsistency as AstConsistency private import codeql.rust.internal.PathResolutionConsistency as PathResolutionConsistency private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency -private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency private import codeql.rust.Concepts private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData @@ -62,7 +62,7 @@ int getTotalCfgInconsistencies() { * Gets a count of the total number of SSA inconsistencies in the database. */ int getTotalSsaInconsistencies() { - result = sum(string type | | SsaImpl::Consistency::getInconsistencyCounts(type)) + result = sum(string type | | SsaConsistency::getInconsistencyCounts(type)) } /** From 10ad5780b5d83a6af212552021008ea6cf5eab5a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Apr 2025 09:03:12 +0100 Subject: [PATCH 306/409] Rust: Try a different toolchain version to fix the test in CI? --- rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml index afeb59293258..5d56faf9ae08 100644 --- a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml +++ b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml @@ -1,2 +1,2 @@ [toolchain] -channel = "nightly-2025-03-17" +channel = "nightly" From 7459548118699421b25aed08fd8adb23098e3f89 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 11:49:16 +0200 Subject: [PATCH 307/409] Rust: Cache tweaks --- .../rust/dataflow/internal/DataFlowImpl.qll | 2 + .../rust/elements/internal/AstNodeImpl.qll | 1 + .../rust/elements/internal/VariableImpl.qll | 88 ++++++++++++------- .../lib/codeql/rust/internal/CachedStages.qll | 4 + .../codeql/rust/internal/PathResolution.qll | 7 +- 5 files changed, 69 insertions(+), 33 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 91af72fce4e9..4376df7caf8d 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -846,9 +846,11 @@ module RustDataFlow implements InputSig { /** Provides logic related to captured variables. */ module VariableCapture { + private import codeql.rust.internal.CachedStages private import codeql.dataflow.VariableCapture as SharedVariableCapture private predicate closureFlowStep(ExprCfgNode e1, ExprCfgNode e2) { + Stages::DataFlowStage::ref() and e1 = getALastEvalNode(e2) or exists(Ssa::Definition def | diff --git a/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll index c33b1f3dd6eb..dea172a72669 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll @@ -33,6 +33,7 @@ module Impl { * Gets the nearest enclosing parent of this node, which is also an `AstNode`, * if any. */ + cached AstNode getParentNode() { result = getParentOfAstStep*(getImmediateParent(this)) } /** Gets the immediately enclosing callable of this node, if any. */ diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll index 88a1b815f6bc..9bb2029cd447 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll @@ -68,36 +68,36 @@ module Impl { * where `definingNode` is the entire `Either::Left(x) | Either::Right(x)` * pattern. */ + cached private predicate variableDecl(AstNode definingNode, Name name, string text) { - ( - exists(SelfParam sp | - name = sp.getName() and - definingNode = name and - text = name.getText() and - // exclude self parameters from functions without a body as these are - // trait method declarations without implementations - not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp) - ) - or - exists(IdentPat pat | - name = pat.getName() and - ( - definingNode = getOutermostEnclosingOrPat(pat) - or - not exists(getOutermostEnclosingOrPat(pat)) and definingNode = name - ) and - text = name.getText() and - // exclude for now anything starting with an uppercase character, which may be a reference to - // an enum constant (e.g. `None`). This excludes static and constant variables (UPPERCASE), - // which we don't appear to recognize yet anyway. This also assumes programmers follow the - // naming guidelines, which they generally do, but they're not enforced. - not text.charAt(0).isUppercase() and - // exclude parameters from functions without a body as these are trait method declarations - // without implementations - not exists(Function f | not f.hasBody() and f.getParamList().getAParam().getPat() = pat) and - // exclude parameters from function pointer types (e.g. `x` in `fn(x: i32) -> i32`) - not exists(FnPtrTypeRepr fp | fp.getParamList().getParam(_).getPat() = pat) - ) + Cached::ref() and + exists(SelfParam sp | + name = sp.getName() and + definingNode = name and + text = name.getText() and + // exclude self parameters from functions without a body as these are + // trait method declarations without implementations + not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp) + ) + or + exists(IdentPat pat | + name = pat.getName() and + ( + definingNode = getOutermostEnclosingOrPat(pat) + or + not exists(getOutermostEnclosingOrPat(pat)) and definingNode = name + ) and + text = name.getText() and + // exclude for now anything starting with an uppercase character, which may be a reference to + // an enum constant (e.g. `None`). This excludes static and constant variables (UPPERCASE), + // which we don't appear to recognize yet anyway. This also assumes programmers follow the + // naming guidelines, which they generally do, but they're not enforced. + not text.charAt(0).isUppercase() and + // exclude parameters from functions without a body as these are trait method declarations + // without implementations + not exists(Function f | not f.hasBody() and f.getParamList().getAParam().getPat() = pat) and + // exclude parameters from function pointer types (e.g. `x` in `fn(x: i32) -> i32`) + not exists(FnPtrTypeRepr fp | fp.getParamList().getParam(_).getPat() = pat) ) } @@ -156,8 +156,12 @@ module Impl { predicate isCaptured() { this.getAnAccess().isCapture() } /** Gets the parameter that introduces this variable, if any. */ + cached ParamBase getParameter() { - result = this.getSelfParam() or result.(Param).getPat() = getAVariablePatAncestor(this) + Cached::ref() and + result = this.getSelfParam() + or + result.(Param).getPat() = getAVariablePatAncestor(this) } /** Hold is this variable is mutable. */ @@ -614,12 +618,18 @@ module Impl { /** A variable write. */ class VariableWriteAccess extends VariableAccess { - VariableWriteAccess() { assignmentExprDescendant(this) } + cached + VariableWriteAccess() { + Cached::ref() and + assignmentExprDescendant(this) + } } /** A variable read. */ class VariableReadAccess extends VariableAccess { + cached VariableReadAccess() { + Cached::ref() and not this instanceof VariableWriteAccess and not this = any(RefExpr re).getExpr() and not this = any(CompoundAssignmentExpr cae).getLhs() @@ -638,6 +648,22 @@ module Impl { cached private module Cached { + cached + predicate ref() { 1 = 1 } + + cached + predicate backref() { + 1 = 1 + or + variableDecl(_, _, _) + or + exists(VariableReadAccess a) + or + exists(VariableWriteAccess a) + or + exists(any(Variable v).getParameter()) + } + cached newtype TVariable = MkVariable(AstNode definingNode, string name) { variableDecl(definingNode, _, name) } diff --git a/rust/ql/lib/codeql/rust/internal/CachedStages.qll b/rust/ql/lib/codeql/rust/internal/CachedStages.qll index 41e819195694..4041b2731f97 100644 --- a/rust/ql/lib/codeql/rust/internal/CachedStages.qll +++ b/rust/ql/lib/codeql/rust/internal/CachedStages.qll @@ -123,6 +123,10 @@ module Stages { exists(any(ItemNode i).getASuccessor(_)) or exists(any(ItemNode i).getASuccessorRec(_)) + or + exists(any(ImplOrTraitItemNode i).getASelfPath()) + or + any(TypeParamItemNode i).hasTraitBound() } } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c6..f7f67311ca40 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -384,7 +384,9 @@ abstract class ImplOrTraitItemNode extends ItemNode { } /** Gets a `Self` path that refers to this item. */ + cached Path getASelfPath() { + Stages::PathResolutionStage::ref() and isUnqualifiedSelfPath(result) and this = unqualifiedPathLookup(result, _) } @@ -578,7 +580,7 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr { override TypeParam getTypeParam(int i) { none() } } -private class TypeParamItemNode extends ItemNode instanceof TypeParam { +class TypeParamItemNode extends ItemNode instanceof TypeParam { pragma[nomagic] Path getABoundPath() { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() @@ -598,8 +600,9 @@ private class TypeParamItemNode extends ItemNode instanceof TypeParam { * impl Foo where T: Trait { ... } // has trait bound * ``` */ - pragma[nomagic] + cached predicate hasTraitBound() { + Stages::PathResolutionStage::ref() and exists(this.getABoundPath()) or exists(ItemNode declaringItem, WherePred wp | From 7798b716ff73b9a762e622a0bbf79a29fad0968e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 8 Apr 2025 12:04:12 +0100 Subject: [PATCH 308/409] Go: Fix `err` instead of `decErr` in `GetPkgsInfo` --- go/extractor/toolchain/toolchain.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/extractor/toolchain/toolchain.go b/go/extractor/toolchain/toolchain.go index 119e3782f6f6..8abe93ba0963 100644 --- a/go/extractor/toolchain/toolchain.go +++ b/go/extractor/toolchain/toolchain.go @@ -259,7 +259,7 @@ func GetPkgsInfo(patterns []string, includingDeps bool, extractTests bool, flags break } if decErr != nil { - log.Printf("Error decoding output of go list -json: %s", err.Error()) + log.Printf("Error decoding output of go list -json: %s", decErr.Error()) return nil, decErr } pkgAbsDir, err := filepath.Abs(pkgInfo.Dir) From 2e1b8b8b0e8ec208831259e7c2ae15b2972a1fed Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 13:10:52 +0200 Subject: [PATCH 309/409] Rust: Fix bad join in `unqualifiedPathLookup` Before ``` Pipeline standard for PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1@822d53wq was evaluated in 61 iterations totaling 118ms (delta sizes total: 131072). 606491 ~0% {4} r1 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.1, In.2, In.0, In.3 106457 ~1% {3} | JOIN WITH `PathResolution::unqualifiedPathLookup/4#e32cdfce_1230#join_rhs` ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Lhs.1 606491 ~2% {4} r2 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.0, In.2, In.3, In.1 19261 ~0% {4} r3 = JOIN r2 WITH `PathResolution::ModuleLikeNode.isRoot/0#dispred#21662e64` ON FIRST 1 OUTPUT Lhs.3, Lhs.0, Lhs.1, Lhs.2 42776643 ~1% {4} r4 = JOIN r2 WITH `doublyBoundedFastTC@PathResolution::hasChild/2#6b318d51#2@PathResolution::isRoot/1#a01ce5c3#1@PathResolution::hasCratePath/1#73ea688d#1` ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2 42795904 ~1% {4} r5 = r3 UNION r4 24921 ~6% {3} | JOIN WITH `PathResolution::RelevantPath.isCratePath/2#e595e892_120#join_rhs` ON FIRST 2 OUTPUT Lhs.3, Rhs.2, Lhs.2 131378 ~2% {3} r6 = r1 UNION r5 131072 ~2% {3} | AND NOT `PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1#prev`(FIRST 3) return r6 ``` After ``` Pipeline standard for PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1@0553a4wi was evaluated in 66 iterations totaling 10ms (delta sizes total: 131072). 610251 ~0% {4} r1 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.1, In.2, In.0, In.3 131378 ~0% {3} | JOIN WITH `PathResolution::unqualifiedPathLookup1/4#781de0cd_1230#join_rhs` ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Lhs.1 131072 ~0% {3} | AND NOT `PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1#prev`(FIRST 3) return r1 ``` --- .../codeql/rust/internal/PathResolution.qll | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c6..74f03e3f6093 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -882,20 +882,24 @@ private predicate hasChild(ItemNode parent, ItemNode child) { child.getImmediate private predicate rootHasCratePathTc(ItemNode i1, ItemNode i2) = doublyBoundedFastTC(hasChild/2, isRoot/1, hasCratePath/1)(i1, i2) +pragma[nomagic] +private predicate unqualifiedPathLookup1(RelevantPath p, string name, Namespace ns, ItemNode encl) { + unqualifiedPathLookup(p, name, ns, encl) + or + // For `($)crate`, jump directly to the root module + exists(ItemNode i | p.isCratePath(name, i) | + encl.(ModuleLikeNode).isRoot() and + encl = i + or + rootHasCratePathTc(encl, i) + ) +} + pragma[nomagic] private ItemNode unqualifiedPathLookup(RelevantPath path, Namespace ns) { exists(ItemNode encl, string name | - result = getASuccessor(encl, pragma[only_bind_into](name), ns) - | - unqualifiedPathLookup(path, name, ns, encl) - or - // For `($)crate`, jump directly to the root module - exists(ItemNode i | path.isCratePath(pragma[only_bind_into](name), i) | - encl.(ModuleLikeNode).isRoot() and - encl = i - or - rootHasCratePathTc(encl, i) - ) + result = getASuccessor(encl, name, ns) and + unqualifiedPathLookup1(path, name, ns, encl) ) } @@ -916,8 +920,7 @@ private ItemNode resolvePath0(RelevantPath path, Namespace ns) { or exists(ItemNode q, string name | q = resolvePathQualifier(path, name) and - result = q.getASuccessor(name) and - ns = result.getNamespace() + result = getASuccessor(q, name, ns) ) or result = resolveUseTreeListItem(_, _, path) and From 95add2f60bc474b69625a1394c12f4b2a4822b0b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 13:11:32 +0200 Subject: [PATCH 310/409] Rust: Fix bad join in `getAPrivateVisibleModule` Before ``` Pipeline standard for PathResolution::getAPrivateVisibleModule/1#3829a5ee@822d5hwq was evaluated in 24 iterations totaling 16ms (delta sizes total: 4843). 105047 ~63652% {2} r1 = SCAN `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev_delta` OUTPUT In.0, In.0 69 ~0% {2} r2 = JOIN `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev_delta` WITH `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev` ON FIRST 1 OUTPUT Lhs.0, Lhs.1 5766690 ~148309% {2} r3 = JOIN `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev_delta` WITH `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev` ON FIRST 1 OUTPUT Lhs.0, Rhs.1 5871806 ~143984% {2} r4 = r1 UNION r2 UNION r3 6859 ~148% {2} | AND NOT `PathResolution::getAPrivateVisibleModule/1#3829a5ee#prev`(FIRST 2) return r4 ``` After ``` Pipeline standard for PathResolution::getAPrivateVisibleModule/1#3829a5ee@5edefhwp was evaluated in 12 iterations totaling 0ms (delta sizes total: 3515). 339 ~1% {2} r1 = SCAN `PathResolution::isItemParent/1#d5e587d6#prev_delta` OUTPUT In.0, In.0 3130 ~0% {2} r2 = JOIN `PathResolution::isItemParent/1#d5e587d6#prev_delta` WITH `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev` ON FIRST 1 OUTPUT Lhs.0, Rhs.1 46 ~0% {2} r3 = JOIN `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev_delta` WITH `PathResolution::isItemParent/1#d5e587d6#prev` ON FIRST 1 OUTPUT Lhs.0, Lhs.1 3515 ~2% {2} r4 = r1 UNION r2 UNION r3 3515 ~2% {2} | AND NOT `PathResolution::getAPrivateVisibleModule/1#3829a5ee#prev`(FIRST 2) return r4 ``` --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 74f03e3f6093..fca468359599 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -981,6 +981,11 @@ private ItemNode resolvePathPrivate( ) } +pragma[nomagic] +private predicate isItemParent(ModuleLikeNode itemParent) { + exists(resolvePathPrivate(_, itemParent, _)) +} + /** * Gets a module that has access to private items defined inside `itemParent`. * @@ -991,7 +996,7 @@ private ItemNode resolvePathPrivate( */ pragma[nomagic] private ModuleLikeNode getAPrivateVisibleModule(ModuleLikeNode itemParent) { - exists(resolvePathPrivate(_, itemParent, _)) and + isItemParent(itemParent) and result.getImmediateParentModule*() = itemParent } From b5e1b255534d3fb69c3f8c2a1f959f2811e8ecc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 13:51:09 +0200 Subject: [PATCH 311/409] use sudo nice for running maven test server --- .../java/buildless-inherit-trust-store/test.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index b69070ddf81a..b067844b7a45 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -1,10 +1,15 @@ import subprocess import os +import runs_on def test(codeql, java, cwd): # This serves the "repo" directory on https://locahost:4443 - repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd="repo") + command = ["python3", "../server.py"] + if runs_on.github_actions and runs_on.posix: + # On GitHub Actions, we try to run the server with higher priority + command = ["sudo", "nice", "-n", "10"] + command + repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" # If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead maven_opts = os.environ["MAVEN_OPTS"] + f" -Djavax.net.ssl.trustStore={certspath}" From e49fb839b8e3fa08555da5457599eb9a8216f663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 15:28:18 +0200 Subject: [PATCH 312/409] Update java/ql/integration-tests/java/buildless-inherit-trust-store/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-inherit-trust-store/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index b067844b7a45..000ca3e86eb8 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -8,7 +8,7 @@ def test(codeql, java, cwd): command = ["python3", "../server.py"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["sudo", "nice", "-n", "10"] + command + command = ["sudo"] + command repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" # If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead From 3b56f954804fae1b0e28747b353acc555441253b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:19:33 +0200 Subject: [PATCH 313/409] use only sudo for running maven test server (remove nice) --- .../java/buildless-snapshot-repository/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index 2241f2917b97..3a45161a56a0 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -7,7 +7,7 @@ def test(codeql, java): command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["sudo", "nice", "-n", "10"] + command + command = ["sudo"] + command repo_server_process = subprocess.Popen( command, cwd="repo" ) From 1eb4a1aa811e726ac7ea3fb950d673868622ff11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:29:16 +0200 Subject: [PATCH 314/409] Update java/ql/integration-tests/java/buildless-snapshot-repository/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-snapshot-repository/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index 3a45161a56a0..a4814e1f8a1e 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -6,7 +6,8 @@ def test(codeql, java): # This serves the "repo" directory on http://localhost:9427 command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: - # On GitHub Actions, we try to run the server with higher priority + # On GitHub Actions, we saw the server timing out while running in parallel with other tests + # we work around that by running it with higher permissions command = ["sudo"] + command repo_server_process = subprocess.Popen( command, cwd="repo" From afe3e5332f89deee3628d29593bc8b510d55a35c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:29:23 +0200 Subject: [PATCH 315/409] Update java/ql/integration-tests/java/buildless-inherit-trust-store/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-inherit-trust-store/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index 000ca3e86eb8..93a527620e1e 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -7,7 +7,8 @@ def test(codeql, java, cwd): # This serves the "repo" directory on https://locahost:4443 command = ["python3", "../server.py"] if runs_on.github_actions and runs_on.posix: - # On GitHub Actions, we try to run the server with higher priority + # On GitHub Actions, we saw the server timing out while running in parallel with other tests + # we work around that by running it with higher permissions command = ["sudo"] + command repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" From 259a09386e4b42981dd3536e90c9d900a1e10264 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 09:17:41 +0200 Subject: [PATCH 316/409] Move query suite selector logic to security-and-quality-suite --- .../java-security-and-quality.qls | 160 +++++++++++++++++- 1 file changed, 158 insertions(+), 2 deletions(-) diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls index 2b9ca6c132f1..6b1897cc5065 100644 --- a/java/ql/src/codeql-suites/java-security-and-quality.qls +++ b/java/ql/src/codeql-suites/java-security-and-quality.qls @@ -1,4 +1,160 @@ - description: Security-and-quality queries for Java - queries: . -- apply: security-and-quality-selectors.yml - from: codeql/suite-helpers +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: + - /^experimental\/.*/ + - Metrics/Summaries/FrameworkCoverage.ql + - /Diagnostics/Internal/.*/ +- exclude: + tags contain: + - modeleditor + - modelgenerator + + +java/abs-of-random +java/abstract-to-concrete-cast +java/call-to-object-tostring +java/call-to-thread-run +java/chained-type-tests +java/class-name-matches-super-class +java/comparison-of-identical-expressions +java/comparison-with-nan +java/confusing-method-name +java/confusing-method-signature +java/constant-comparison +java/constant-loop-condition +java/constants-only-interface +java/continue-in-false-loop +java/contradictory-type-checks +java/database-resource-leak +java/deprecated-call +java/dereferenced-expr-may-be-null +java/dereferenced-value-is-always-null +java/dereferenced-value-may-be-null +java/empty-container +java/empty-zip-file-entry +java/equals-on-arrays +java/equals-on-unrelated-types +java/equals-typo +java/evaluation-to-constant +java/field-masks-super-field +java/hashcode-typo +java/hashing-without-hashcode +java/ignored-error-status-of-call +java/implicit-cast-in-compound-assignment +java/inconsistent-compareto-and-equals +java/inconsistent-equals-and-hashcode +java/inconsistent-javadoc-throws +java/inconsistent-sync-writeobject +java/incorrect-serial-version-uid +java/index-out-of-bounds +java/ineffective-annotation-present-check +java/inefficient-boxed-constructor +java/inefficient-empty-string-test +java/inefficient-key-set-iterator +java/inefficient-output-stream +java/inefficient-string-constructor +java/input-resource-leak +java/integer-multiplication-cast-to-long +java/internal-representation-exposure +java/iterable-wraps-iterator +java/iterator-hasnext-calls-next +java/iterator-implements-iterable +java/iterator-remove-failure +java/jdk-internal-api-access +java/local-shadows-field +java/local-variable-is-never-read +java/lshift-larger-than-type-width +java/misleading-indentation +java/missing-call-to-super-clone +java/missing-case-in-switch +java/missing-clone-method +java/missing-format-argument +java/missing-no-arg-constructor-on-externalizable +java/missing-no-arg-constructor-on-serializable +java/missing-override-annotation +java/missing-space-in-concatenation +java/missing-super-finalize +java/multiplication-of-remainder +java/non-final-call-in-constructor +java/non-null-boxed-variable +java/non-overriding-package-private +java/non-serializable-inner-class +java/non-short-circuit-evaluation +java/non-static-nested-class +java/non-sync-override +java/notify-instead-of-notify-all +java/output-resource-leak +java/print-array +java/random-used-once +java/redundant-assignment +java/reference-equality-of-boxed-types +java/reference-equality-on-strings +java/run-finalizers-on-exit +java/sleep-with-lock-held +java/spin-on-field +java/string-buffer-char-init +java/subtle-inherited-call +java/suspicious-date-format +java/sync-on-boxed-types +java/test-for-negative-container-size +java/thread-start-in-constructor +java/thread-unsafe-dateformat +java/tostring-typo +java/type-bound-extends-final +java/type-mismatch-access +java/type-mismatch-modification +java/type-variable-hides-type +java/uncaught-number-format-exception +java/unchecked-cast-in-equals +java/underscore-identifier +java/unimplementable-interface +java/unknown-javadoc-parameter +java/unreachable-catch-clause +java/unreleased-lock +java/unsafe-double-checked-locking +java/unsafe-double-checked-locking-init-order +java/unsafe-get-resource +java/unsafe-sync-on-field +java/unsynchronized-getter +java/unused-container +java/unused-format-argument +java/unused-label +java/unused-parameter +java/unused-reference-type +java/useless-null-check +java/useless-tostring-call +java/useless-type-test +java/wait-on-condition-interface +java/whitespace-contradicts-precedence +java/wrong-compareto-signature +java/wrong-equals-signature +java/wrong-junit-suite-signature +java/wrong-object-serialization-signature +java/wrong-readresolve-signature +java/wrong-swing-event-adapter-signature From 6abff483da26ce10b9665896611b2056a6286c01 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 09:18:01 +0200 Subject: [PATCH 317/409] Java: Add explicit filtering for quality queries that should be included in security-and-quality --- .../java-security-and-quality.qls | 256 +++++++++--------- 1 file changed, 130 insertions(+), 126 deletions(-) diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls index 6b1897cc5065..91751e6da1ba 100644 --- a/java/ql/src/codeql-suites/java-security-and-quality.qls +++ b/java/ql/src/codeql-suites/java-security-and-quality.qls @@ -7,14 +7,142 @@ precision: - high - very-high + tags contain: + - security - include: kind: - problem - path-problem precision: medium problem.severity: - - error - - warning + - error + - warning + tags contain: + - security +- include: + id: + - java/abs-of-random + - java/abstract-to-concrete-cast + - java/call-to-object-tostring + - java/call-to-thread-run + - java/chained-type-tests + - java/class-name-matches-super-class + - java/comparison-of-identical-expressions + - java/comparison-with-nan + - java/confusing-method-name + - java/confusing-method-signature + - java/constant-comparison + - java/constant-loop-condition + - java/constants-only-interface + - java/continue-in-false-loop + - java/contradictory-type-checks + - java/database-resource-leak + - java/deprecated-call + - java/dereferenced-expr-may-be-null + - java/dereferenced-value-is-always-null + - java/dereferenced-value-may-be-null + - java/empty-container + - java/empty-zip-file-entry + - java/equals-on-arrays + - java/equals-on-unrelated-types + - java/equals-typo + - java/evaluation-to-constant + - java/field-masks-super-field + - java/hashcode-typo + - java/hashing-without-hashcode + - java/ignored-error-status-of-call + - java/implicit-cast-in-compound-assignment + - java/inconsistent-compareto-and-equals + - java/inconsistent-equals-and-hashcode + - java/inconsistent-javadoc-throws + - java/inconsistent-sync-writeobject + - java/incorrect-serial-version-uid + - java/index-out-of-bounds + - java/ineffective-annotation-present-check + - java/inefficient-boxed-constructor + - java/inefficient-empty-string-test + - java/inefficient-key-set-iterator + - java/inefficient-output-stream + - java/inefficient-string-constructor + - java/input-resource-leak + - java/integer-multiplication-cast-to-long + - java/internal-representation-exposure + - java/iterable-wraps-iterator + - java/iterator-hasnext-calls-next + - java/iterator-implements-iterable + - java/iterator-remove-failure + - java/jdk-internal-api-access + - java/local-shadows-field + - java/local-variable-is-never-read + - java/lshift-larger-than-type-width + - java/misleading-indentation + - java/missing-call-to-super-clone + - java/missing-case-in-switch + - java/missing-clone-method + - java/missing-format-argument + - java/missing-no-arg-constructor-on-externalizable + - java/missing-no-arg-constructor-on-serializable + - java/missing-override-annotation + - java/missing-space-in-concatenation + - java/missing-super-finalize + - java/multiplication-of-remainder + - java/non-final-call-in-constructor + - java/non-null-boxed-variable + - java/non-overriding-package-private + - java/non-serializable-inner-class + - java/non-short-circuit-evaluation + - java/non-static-nested-class + - java/non-sync-override + - java/notify-instead-of-notify-all + - java/output-resource-leak + - java/print-array + - java/random-used-once + - java/redundant-assignment + - java/reference-equality-of-boxed-types + - java/reference-equality-on-strings + - java/run-finalizers-on-exit + - java/sleep-with-lock-held + - java/spin-on-field + - java/string-buffer-char-init + - java/subtle-inherited-call + - java/suspicious-date-format + - java/sync-on-boxed-types + - java/test-for-negative-container-size + - java/thread-start-in-constructor + - java/thread-unsafe-dateformat + - java/tostring-typo + - java/type-bound-extends-final + - java/type-mismatch-access + - java/type-mismatch-modification + - java/type-variable-hides-type + - java/uncaught-number-format-exception + - java/unchecked-cast-in-equals + - java/underscore-identifier + - java/unimplementable-interface + - java/unknown-javadoc-parameter + - java/unreachable-catch-clause + - java/unreleased-lock + - java/unsafe-double-checked-locking + - java/unsafe-double-checked-locking-init-order + - java/unsafe-get-resource + - java/unsafe-sync-on-field + - java/unsynchronized-getter + - java/unused-container + - java/unused-format-argument + - java/unused-label + - java/unused-parameter + - java/unused-reference-type + - java/useless-null-check + - java/useless-tostring-call + - java/useless-type-test + - java/wait-on-condition-interface + - java/whitespace-contradicts-precedence + - java/wrong-compareto-signature + - java/wrong-equals-signature + - java/wrong-junit-suite-signature + - java/wrong-object-serialization-signature + - java/wrong-readresolve-signature + - java/wrong-swing-event-adapter-signature - include: kind: - diagnostic @@ -34,127 +162,3 @@ tags contain: - modeleditor - modelgenerator - - -java/abs-of-random -java/abstract-to-concrete-cast -java/call-to-object-tostring -java/call-to-thread-run -java/chained-type-tests -java/class-name-matches-super-class -java/comparison-of-identical-expressions -java/comparison-with-nan -java/confusing-method-name -java/confusing-method-signature -java/constant-comparison -java/constant-loop-condition -java/constants-only-interface -java/continue-in-false-loop -java/contradictory-type-checks -java/database-resource-leak -java/deprecated-call -java/dereferenced-expr-may-be-null -java/dereferenced-value-is-always-null -java/dereferenced-value-may-be-null -java/empty-container -java/empty-zip-file-entry -java/equals-on-arrays -java/equals-on-unrelated-types -java/equals-typo -java/evaluation-to-constant -java/field-masks-super-field -java/hashcode-typo -java/hashing-without-hashcode -java/ignored-error-status-of-call -java/implicit-cast-in-compound-assignment -java/inconsistent-compareto-and-equals -java/inconsistent-equals-and-hashcode -java/inconsistent-javadoc-throws -java/inconsistent-sync-writeobject -java/incorrect-serial-version-uid -java/index-out-of-bounds -java/ineffective-annotation-present-check -java/inefficient-boxed-constructor -java/inefficient-empty-string-test -java/inefficient-key-set-iterator -java/inefficient-output-stream -java/inefficient-string-constructor -java/input-resource-leak -java/integer-multiplication-cast-to-long -java/internal-representation-exposure -java/iterable-wraps-iterator -java/iterator-hasnext-calls-next -java/iterator-implements-iterable -java/iterator-remove-failure -java/jdk-internal-api-access -java/local-shadows-field -java/local-variable-is-never-read -java/lshift-larger-than-type-width -java/misleading-indentation -java/missing-call-to-super-clone -java/missing-case-in-switch -java/missing-clone-method -java/missing-format-argument -java/missing-no-arg-constructor-on-externalizable -java/missing-no-arg-constructor-on-serializable -java/missing-override-annotation -java/missing-space-in-concatenation -java/missing-super-finalize -java/multiplication-of-remainder -java/non-final-call-in-constructor -java/non-null-boxed-variable -java/non-overriding-package-private -java/non-serializable-inner-class -java/non-short-circuit-evaluation -java/non-static-nested-class -java/non-sync-override -java/notify-instead-of-notify-all -java/output-resource-leak -java/print-array -java/random-used-once -java/redundant-assignment -java/reference-equality-of-boxed-types -java/reference-equality-on-strings -java/run-finalizers-on-exit -java/sleep-with-lock-held -java/spin-on-field -java/string-buffer-char-init -java/subtle-inherited-call -java/suspicious-date-format -java/sync-on-boxed-types -java/test-for-negative-container-size -java/thread-start-in-constructor -java/thread-unsafe-dateformat -java/tostring-typo -java/type-bound-extends-final -java/type-mismatch-access -java/type-mismatch-modification -java/type-variable-hides-type -java/uncaught-number-format-exception -java/unchecked-cast-in-equals -java/underscore-identifier -java/unimplementable-interface -java/unknown-javadoc-parameter -java/unreachable-catch-clause -java/unreleased-lock -java/unsafe-double-checked-locking -java/unsafe-double-checked-locking-init-order -java/unsafe-get-resource -java/unsafe-sync-on-field -java/unsynchronized-getter -java/unused-container -java/unused-format-argument -java/unused-label -java/unused-parameter -java/unused-reference-type -java/useless-null-check -java/useless-tostring-call -java/useless-type-test -java/wait-on-condition-interface -java/whitespace-contradicts-precedence -java/wrong-compareto-signature -java/wrong-equals-signature -java/wrong-junit-suite-signature -java/wrong-object-serialization-signature -java/wrong-readresolve-signature -java/wrong-swing-event-adapter-signature From e1633449077621942b87d28b1fef594f7bbbdce4 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 17:06:46 +0200 Subject: [PATCH 318/409] Java: Add test to check queries not included in well-known query suites --- .../query-suite/not_included_in_qls.expected | 285 ++++++++++++++++++ .../java/query-suite/test.py | 32 +- 2 files changed, 309 insertions(+), 8 deletions(-) create mode 100644 java/ql/integration-tests/java/query-suite/not_included_in_qls.expected diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected new file mode 100644 index 000000000000..38c0db1c66d0 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -0,0 +1,285 @@ +ql/java/ql/src/Advisory/Declarations/NonFinalImmutableField.ql +ql/java/ql/src/Advisory/Declarations/NonPrivateField.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocMethods.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocParameters.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocReturnValues.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocThrows.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocTypes.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneMethodAccess.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneOverride.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneableInterface.ql +ql/java/ql/src/Advisory/Java Objects/AvoidFinalizeOverride.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsConstants.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsMethods.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsPackages.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsVariables.ql +ql/java/ql/src/Advisory/Statements/MissingDefaultInSwitch.ql +ql/java/ql/src/Advisory/Statements/OneStatementPerLine.ql +ql/java/ql/src/Advisory/Statements/TerminateIfElseIfWithElse.ql +ql/java/ql/src/Advisory/Types/GenericsConstructor.ql +ql/java/ql/src/Advisory/Types/GenericsReturnType.ql +ql/java/ql/src/Advisory/Types/GenericsVariable.ql +ql/java/ql/src/AlertSuppression.ql +ql/java/ql/src/AlertSuppressionAnnotations.ql +ql/java/ql/src/Architecture/Dependencies/MutualDependency.ql +ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql +ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/DeeplyNestedClass.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/HubClasses.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql +ql/java/ql/src/Complexity/BlockWithTooManyStatements.ql +ql/java/ql/src/Complexity/ComplexCondition.ql +ql/java/ql/src/DeadCode/DeadClass.ql +ql/java/ql/src/DeadCode/DeadEnumConstant.ql +ql/java/ql/src/DeadCode/DeadField.ql +ql/java/ql/src/DeadCode/DeadMethod.ql +ql/java/ql/src/DeadCode/FLinesOfDeadCode.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbGraphics.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSocketAsServer.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbStaticFieldNonFinal.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSynchronization.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThis.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThreads.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UselessPropertyOverride.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ImportsFirst.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/NoBeanDescription.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseIdInsteadOfName.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseLocalRef.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseSetterInjection.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseShortcutForms.ql +ql/java/ql/src/Frameworks/Spring/XML Configuration Errors/MissingSetters.ql +ql/java/ql/src/Language Abuse/CastThisToTypeParameter.ql +ql/java/ql/src/Language Abuse/DubiousDowncastOfThis.ql +ql/java/ql/src/Language Abuse/DubiousTypeTestOfThis.ql +ql/java/ql/src/Language Abuse/EmptyMethod.ql +ql/java/ql/src/Language Abuse/EmptyStatement.ql +ql/java/ql/src/Language Abuse/EnumIdentifier.ql +ql/java/ql/src/Language Abuse/ImplementsAnnotation.ql +ql/java/ql/src/Language Abuse/MissedTernaryOpportunity.ql +ql/java/ql/src/Language Abuse/UselessUpcast.ql +ql/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql +ql/java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql +ql/java/ql/src/Likely Bugs/Arithmetic/OctalLiteral.ql +ql/java/ql/src/Likely Bugs/Comparison/BitwiseSignCheck.ql +ql/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql +ql/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.ql +ql/java/ql/src/Likely Bugs/Comparison/NoAssignInBooleanExprs.ql +ql/java/ql/src/Likely Bugs/Comparison/NoComparisonOnFloats.ql +ql/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql +ql/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql +ql/java/ql/src/Likely Bugs/Concurrency/EmptyRunMethodInThread.ql +ql/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql +ql/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql +ql/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql +ql/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql +ql/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql +ql/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql +ql/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TearDownNoSuper.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TestCaseNoTests.ql +ql/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql +ql/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ConstructorTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/NestedLoopsSameVariable.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableComparator.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql +ql/java/ql/src/Likely Bugs/Serialization/TransientNotSerializable.ql +ql/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql +ql/java/ql/src/Likely Bugs/Statements/EmptySynchronizedBlock.ql +ql/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql +ql/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql +ql/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql +ql/java/ql/src/Likely Bugs/Statements/StaticFieldWrittenByInstance.ql +ql/java/ql/src/Metrics/Authors/AuthorsPerFile.ql +ql/java/ql/src/Metrics/Callables/CCyclomaticComplexity.ql +ql/java/ql/src/Metrics/Callables/CLinesOfCode.ql +ql/java/ql/src/Metrics/Callables/CLinesOfComment.ql +ql/java/ql/src/Metrics/Callables/CNumberOfCalls.ql +ql/java/ql/src/Metrics/Callables/CNumberOfParameters.ql +ql/java/ql/src/Metrics/Callables/CNumberOfStatements.ql +ql/java/ql/src/Metrics/Callables/StatementNestingDepth.ql +ql/java/ql/src/Metrics/Dependencies/ExternalDependencies.ql +ql/java/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql +ql/java/ql/src/Metrics/Files/FAfferentCoupling.ql +ql/java/ql/src/Metrics/Files/FCommentRatio.ql +ql/java/ql/src/Metrics/Files/FCyclomaticComplexity.ql +ql/java/ql/src/Metrics/Files/FEfferentCoupling.ql +ql/java/ql/src/Metrics/Files/FLines.ql +ql/java/ql/src/Metrics/Files/FLinesOfCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfComment.ql +ql/java/ql/src/Metrics/Files/FLinesOfCommentedCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfDuplicatedCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfSimilarCode.ql +ql/java/ql/src/Metrics/Files/FNumberOfClasses.ql +ql/java/ql/src/Metrics/Files/FNumberOfInterfaces.ql +ql/java/ql/src/Metrics/Files/FNumberOfTests.ql +ql/java/ql/src/Metrics/Files/FSelfContainedness.ql +ql/java/ql/src/Metrics/RefTypes/TAfferentCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TEfferentCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TEfferentSourceCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TInheritanceDepth.ql +ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionCK.ql +ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionHS.ql +ql/java/ql/src/Metrics/RefTypes/TLinesOfCode.ql +ql/java/ql/src/Metrics/RefTypes/TLinesOfComment.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfCallables.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfFields.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfStatements.ql +ql/java/ql/src/Metrics/RefTypes/TPercentageOfComments.ql +ql/java/ql/src/Metrics/RefTypes/TPercentageOfComplexCode.ql +ql/java/ql/src/Metrics/RefTypes/TResponse.ql +ql/java/ql/src/Metrics/RefTypes/TSelfContainedness.ql +ql/java/ql/src/Metrics/RefTypes/TSizeOfAPI.ql +ql/java/ql/src/Metrics/RefTypes/TSpecialisationIndex.ql +ql/java/ql/src/Metrics/Summaries/FrameworkCoverage.ql +ql/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql +ql/java/ql/src/Performance/ConcatenationInLoops.ql +ql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +ql/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql +ql/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +ql/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +ql/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql +ql/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql +ql/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql +ql/java/ql/src/Violations of Best Practice/Comments/CommentedCode.ql +ql/java/ql/src/Violations of Best Practice/Comments/TodoComments.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/AssignmentInReturn.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocalUnread.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/EmptyFinalize.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/FinalizerNullsFields.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/LocalInitialisedButNotUsed.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/LocalNotRead.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedField.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql +ql/java/ql/src/Violations of Best Practice/Declarations/BreakInSwitchCase.ql +ql/java/ql/src/Violations of Best Practice/Declarations/MakeImportsExplicit.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/DroppedExceptions.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsNumbers.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicNumbersUseConstant.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicStringsUseConstant.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverridesNames.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsField.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql +ql/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql +ql/java/ql/src/Violations of Best Practice/legacy/FinallyMayNotComplete.ql +ql/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql +ql/java/ql/src/Violations of Best Practice/legacy/ParameterAssignment.ql +ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryCast.ql +ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryImport.ql +ql/java/ql/src/definitions.ql +ql/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +ql/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +ql/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql +ql/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +ql/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +ql/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +ql/java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +ql/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +ql/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +ql/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql +ql/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +ql/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql +ql/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +ql/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql +ql/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql +ql/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +ql/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql +ql/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +ql/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +ql/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql +ql/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql +ql/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +ql/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql +ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +ql/java/ql/src/external/DuplicateAnonymous.ql +ql/java/ql/src/external/DuplicateBlock.ql +ql/java/ql/src/external/DuplicateMethod.ql +ql/java/ql/src/external/MostlyDuplicateClass.ql +ql/java/ql/src/external/MostlyDuplicateFile.ql +ql/java/ql/src/external/MostlyDuplicateMethod.ql +ql/java/ql/src/external/MostlySimilarFile.ql +ql/java/ql/src/filters/ClassifyFiles.ql +ql/java/ql/src/meta/frameworks/Coverage.ql +ql/java/ql/src/meta/ssa/AmbiguousToString.ql +ql/java/ql/src/meta/ssa/TooFewPhiInputs.ql +ql/java/ql/src/meta/ssa/UncertainDefWithoutPrior.ql +ql/java/ql/src/meta/ssa/UseWithoutUniqueSsaVariable.ql +ql/java/ql/src/utils/modelconverter/ExtractNeutrals.ql +ql/java/ql/src/utils/modelconverter/ExtractSinks.ql +ql/java/ql/src/utils/modelconverter/ExtractSources.ql +ql/java/ql/src/utils/modelconverter/ExtractSummaries.ql +ql/java/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +ql/java/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +ql/java/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureTypeBasedSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql +ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql +ql/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py index c829eb9ffa01..83551ecfc19c 100644 --- a/java/ql/integration-tests/java/query-suite/test.py +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -2,12 +2,28 @@ import runs_on import pytest -@runs_on.linux -@pytest.mark.parametrize("query_suite", ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']) +well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] + +@runs_on.posix +@pytest.mark.parametrize("query_suite", well_known_query_suites) def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite): - actual = codeql.resolve.queries(query_suite, _capture=True).strip() - actual = sorted(actual.splitlines()) - actual = [os.path.relpath(q, semmle_code_dir) for q in actual] - actual_file_name = query_suite + '.actual' - expected_files.add(actual_file_name) - (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') + actual = codeql.resolve.queries(query_suite, _capture=True).strip() + actual = sorted(actual.splitlines()) + actual = [os.path.relpath(q, semmle_code_dir) for q in actual] + actual_file_name = query_suite + '.actual' + expected_files.add(actual_file_name) + (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') + +@runs_on.posix +def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir): + all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines() + + included_in_qls = set() + for query_suite in well_known_query_suites: + included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines()) + + not_included = sorted(set(all_queries) - included_in_qls) + not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included] + not_included_file_name = 'not_included_in_qls.actual' + expected_files.add(not_included_file_name) + (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n') From 25bd0c3b21a8c4edc3606b7ca59e4155778bcac6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 8 Apr 2025 17:27:16 +0200 Subject: [PATCH 319/409] Rust: add test setup script --- rust/ql/test/setup.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 rust/ql/test/setup.sh diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh new file mode 100755 index 000000000000..822097140bbd --- /dev/null +++ b/rust/ql/test/setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +# This script is run by the CI to set up the test environment for the Rust QL tests +# We run this as rustup is not meant to be run in parallel, and will this setup will be run by rust-analyzer in the +# parallel QL tests unless we do the setup prior to launching the tests. +# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust`) + +cd "$(dirname "$0")" + +rustup install +rustup component add rust-src + +find . -name rust-toolchain.toml \ + -execdir rustup install \; \ + -execdir rustup component add rust-src \; From 2e75dbd51971df73546a0c5552544624f0a9c5ee Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 8 Apr 2025 19:30:02 -0700 Subject: [PATCH 320/409] Actions: Fix invocation of autobuild PowerShell script Pass the quoted script path to PowerShell using `-File`. This ensures the path is treated as a string rather than a command, and correctly handles file paths that contain spaces, unblocking integration tests. Add logging to autobuild.cmd for easier debugging. --- actions/extractor/tools/autobuild.cmd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/extractor/tools/autobuild.cmd b/actions/extractor/tools/autobuild.cmd index cd05b9791109..3118347d2797 100644 --- a/actions/extractor/tools/autobuild.cmd +++ b/actions/extractor/tools/autobuild.cmd @@ -1,3 +1,4 @@ @echo off rem All of the work is done in the PowerShell script -powershell.exe "%~dp0autobuild-impl.ps1" +echo "Running PowerShell script at '%~dp0autobuild-impl.ps1'" +powershell.exe -File "%~dp0autobuild-impl.ps1" From 35f9157e429c2337a006d9a081ed5f4c241a0710 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 09:28:55 +0200 Subject: [PATCH 321/409] Ruby: Fix bad join in `DeadStoreOfLocal.ql` --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index 8717047e9954..547d7d3cd899 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -11,15 +11,20 @@ */ import codeql.ruby.AST +import codeql.ruby.CFG import codeql.ruby.dataflow.SSA import codeql.ruby.ApiGraphs +pragma[nomagic] +private predicate hasErbResultCall(CfgScope scope) { + scope = API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() +} + class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess { RelevantLocalVariableWriteAccess() { not this.getVariable().getName().charAt(0) = "_" and not this = any(Parameter p).getAVariable().getDefiningAccess() and - not API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() = - this.getCfgScope() and + not hasErbResultCall(this.getCfgScope()) and not exists(RetryStmt r | r.getCfgScope() = this.getCfgScope()) and not exists(MethodCall c | c.getReceiver() instanceof SelfVariableAccess and From da7d6d33468e642c704a12faf983790dd5ed2ec7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 9 Apr 2025 11:28:21 +0200 Subject: [PATCH 322/409] JS: Change note --- javascript/ql/src/change-notes/2025-04-09-web-response.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-09-web-response.md diff --git a/javascript/ql/src/change-notes/2025-04-09-web-response.md b/javascript/ql/src/change-notes/2025-04-09-web-response.md new file mode 100644 index 000000000000..3afebf1b6a76 --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-09-web-response.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. From 4bc3e9e736e112c7d2950857b0f768b904bce388 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 12:16:53 +0200 Subject: [PATCH 323/409] Addressed comments Co-authored-by: Asgerf --- .../internal/flow_summaries/Decoders.qll | 3 +-- .../internal/flow_summaries/TypedArrays.qll | 22 ++++++------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll index 567a0403bcf5..7e75d6482c5c 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -17,8 +17,7 @@ class DecodeLike extends SummarizedCallable { DecodeLike() { this = "TextDecoder#decode" } override InstanceCall getACall() { - result = - textDecoderConstructorRef().getAnInstantiation().getReturn().getMember("decode").getACall() + result = textDecoderConstructorRef().getInstance().getMember("decode").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 81e84d806fd4..9f3140497ab2 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -37,11 +37,11 @@ class BufferTypedArray extends DataFlow::AdditionalFlowStep { } } -class SetLike extends SummarizedCallable { - SetLike() { this = "TypedArray#set" } +class TypedArraySet extends SummarizedCallable { + TypedArraySet() { this = "TypedArray#set" } override InstanceCall getACall() { - result = typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("set").getACall() + result = typedArrayConstructorRef().getInstance().getMember("set").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { @@ -51,13 +51,10 @@ class SetLike extends SummarizedCallable { } } -class SubArrayLike extends SummarizedCallable { - SubArrayLike() { this = "TypedArray#subarray" } +class TypedArraySubarray extends SummarizedCallable { + TypedArraySubarray() { this = "TypedArray#subarray" } - override InstanceCall getACall() { - result = - typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("subarray").getACall() - } + override InstanceCall getACall() { result.getMethodName() = "subarray" } override predicate propagatesFlow(string input, string output, boolean preservesValue) { preservesValue = true and @@ -95,12 +92,7 @@ class TransferLike extends SummarizedCallable { TransferLike() { this = "ArrayBuffer#transfer" } override InstanceCall getACall() { - result = - arrayBufferConstructorRef() - .getAnInstantiation() - .getReturn() - .getMember(["transfer", "transferToFixedLength"]) - .getACall() + result.getMethodName() = ["transfer", "transferToFixedLength"] } override predicate propagatesFlow(string input, string output, boolean preservesValue) { From 0a293cf357be62d4e32cc4cf2257f16d078225df Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:12:35 +0100 Subject: [PATCH 324/409] Add EnumType to SimpleTypeSanitizer --- java/ql/lib/semmle/code/java/security/Sanitizers.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/Sanitizers.qll b/java/ql/lib/semmle/code/java/security/Sanitizers.qll index 6035b068bd04..5340ba344823 100644 --- a/java/ql/lib/semmle/code/java/security/Sanitizers.qll +++ b/java/ql/lib/semmle/code/java/security/Sanitizers.qll @@ -23,6 +23,7 @@ class SimpleTypeSanitizer extends DataFlow::Node { this.getType() .(RefType) .getASourceSupertype*() - .hasQualifiedName("java.time.temporal", "TemporalAccessor") + .hasQualifiedName("java.time.temporal", "TemporalAccessor") or + this.getType() instanceof EnumType } } From a3e4e62eacb3279bf8b30b6087bca0e023365bd3 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 13:27:13 +0200 Subject: [PATCH 325/409] Removed taint from `ArrayBuffer` constructor as it accepts `length` --- .../internal/flow_summaries/TypedArrays.qll | 14 ------------ .../TaintTracking/BasicTaintTracking.expected | 22 ++++++++----------- .../TaintTracking/typed-arrays.js | 14 +++++++----- 3 files changed, 17 insertions(+), 33 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 9f3140497ab2..19a28036db49 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -74,20 +74,6 @@ private class ArrayBufferEntryPoint extends API::EntryPoint { pragma[nomagic] API::Node arrayBufferConstructorRef() { result = any(ArrayBufferEntryPoint a).getANode() } -class ArrayBufferConstructorSummary extends SummarizedCallable { - ArrayBufferConstructorSummary() { this = "ArrayBuffer constructor" } - - override DataFlow::InvokeNode getACall() { - result = arrayBufferConstructorRef().getAnInstantiation() - } - - override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and - input = "Argument[0].ArrayElement" and - output = "ReturnValue.ArrayElement" - } -} - class TransferLike extends SummarizedCallable { TransferLike() { this = "ArrayBuffer#transfer" } diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index e0cbc7b3b2eb..b82fdc8d1ee5 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,18 +40,18 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:23 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:28 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:32 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:36 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:42 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -342,12 +342,8 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index d2dc8b2168c4..e3eed25dd87f 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -17,21 +17,23 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK - const buffer = new ArrayBuffer(x); + const buffer = new ArrayBuffer(8); const view = new Uint8Array(buffer); - sink(view); // NOT OK + view.set(x, 3); + sink(buffer); // NOT OK -- Should be flagged but it is not. - const sharedBuffer = new SharedArrayBuffer(x); + const sharedBuffer = new SharedArrayBuffer(8); const view1 = new Uint8Array(sharedBuffer); - sink(view1); // NOT OK + view1.set(x, 3); + sink(sharedBuffer); // NOT OK -- Should be flagged but it is not. const transfered = buffer.transfer(); const transferedView = new Uint8Array(transfered); - sink(transferedView); // NOT OK + sink(transferedView); // NOT OK -- Should be flagged but it is not. const transfered2 = buffer.transferToFixedLength(); const transferedView2 = new Uint8Array(transfered2); - sink(transferedView2); // NOT OK + sink(transferedView2); // NOT OK -- Should be flagged but it is not. var typedArrayToString = (function () { return function (a) { return String.fromCharCode.apply(null, a); }; From 3373c2457c3e8915e48e7bf38bd85c90807ba283 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:27:48 +0100 Subject: [PATCH 326/409] Update test expectation --- .../diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected index 8e5fb7fc737e..9dd6b8297e61 100644 --- a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected @@ -13,7 +13,7 @@ } } { - "markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", + "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", "severity": "warning", "source": { "extractorName": "java", From 5c7a4eb51176516ecd3e0fb857b255c8bfc259a0 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:51:18 +0100 Subject: [PATCH 327/409] Reorder test expectations --- .../diagnostics.expected | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected index 9dd6b8297e61..f40920e10d63 100644 --- a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected @@ -1,10 +1,10 @@ { - "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.", - "severity": "note", + "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", + "severity": "warning", "source": { "extractorName": "java", - "id": "java/autobuilder/buildless/classpath-from-tool-failed", - "name": "Failed to extract dependency information from build tool tool Gradle" + "id": "java/autobuilder/guessed-gradle-version", + "name": "Required Gradle version not specified" }, "visibility": { "cliSummaryTable": true, @@ -13,12 +13,12 @@ } } { - "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", - "severity": "warning", + "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.", + "severity": "note", "source": { "extractorName": "java", - "id": "java/autobuilder/guessed-gradle-version", - "name": "Required Gradle version not specified" + "id": "java/autobuilder/buildless/classpath-from-tool-failed", + "name": "Failed to extract dependency information from build tool tool Gradle" }, "visibility": { "cliSummaryTable": true, From 0c52b5ad9596b6bc8d5e4227f6205991e3672628 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:24:43 +0200 Subject: [PATCH 328/409] Added summary flow for `StringFromCharCode` --- .../internal/flow_summaries/Strings.qll | 16 ++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 3 ++- .../library-tests/TaintTracking/typed-arrays.js | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll index 154668cde080..8c8ab1ac4acf 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -99,3 +99,19 @@ class StringSplitHashOrQuestionMark extends SummarizedCallable { ) } } + +class StringFromCharCode extends SummarizedCallable { + StringFromCharCode() { this = "String#fromCharCode" } + + override DataFlow::CallNode getACall() { + result = DataFlow::globalVarRef("String").getAPropertyRead("fromCharCode").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0..]" and + output = "ReturnValue" + ) + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b82fdc8d1ee5..0083e55e642e 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,6 +40,7 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:42:10:42:30 | typedAr ... ring(y) | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | @@ -51,7 +52,6 @@ consistencyIssue | typed-arrays.js:28 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | | typed-arrays.js:32 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | | typed-arrays.js:36 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | -| typed-arrays.js:42 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -342,6 +342,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:42:10:42:30 | typedAr ... ring(y) | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index e3eed25dd87f..0118c2ae6904 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -39,7 +39,7 @@ function test() { return function (a) { return String.fromCharCode.apply(null, a); }; })(); - sink(typedArrayToString(y)); // NOT OK -- Should be flagged but it is not. + sink(typedArrayToString(y)); // NOT OK let str = ''; for (let i = 0; i < y.length; i++) From 2dca95af9220bf0adbfa567edc3af2d114289c35 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 9 Apr 2025 14:26:00 +0200 Subject: [PATCH 329/409] Update javascript/ql/lib/change-notes/2025-04-07-websocket.md Co-authored-by: Asger F --- javascript/ql/lib/change-notes/2025-04-07-websocket.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md index a6f6e214f3af..1d6cdb8e6b11 100644 --- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md +++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md @@ -1,5 +1,5 @@ --- category: minorAnalysis --- -* Improved `WebSocket` analysis by refactoring the model to use API graphs. +* Improved detection of `WebSocket` and `SockJS` usage. * Added data received from `WebSocket` clients as a remote flow source. From 674f40b35fdf4ea6aaf22c31b7a76d1f23c6d65a Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:39:09 +0200 Subject: [PATCH 330/409] Added test cases for `make-dir` package. --- .../Security/CWE-022/TaintedPath/make-dir.js | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js new file mode 100644 index 000000000000..a91287bb0b0e --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -0,0 +1,11 @@ +import { makeDirectory, makeDirectorySync } from 'make-dir'; + +const express = require('express'); +const app = express(); + +app.get('/makedir', (req, res) => { + const file = req.query.file; // $ MISSING: Source + + makeDirectory(file); // $ MISSING: Alert + makeDirectorySync(file); // $ MISSING: Alert +}); From ce2fc25cdbd0c21bb40845f0ac317f6d1d47ddb2 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:40:28 +0200 Subject: [PATCH 331/409] Added `make-dir` model as data --- javascript/ql/lib/ext/make-dir.model.yml | 6 ++++++ .../Security/CWE-022/TaintedPath/TaintedPath.expected | 9 +++++++++ .../query-tests/Security/CWE-022/TaintedPath/make-dir.js | 6 +++--- 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/ext/make-dir.model.yml diff --git a/javascript/ql/lib/ext/make-dir.model.yml b/javascript/ql/lib/ext/make-dir.model.yml new file mode 100644 index 000000000000..512259126a66 --- /dev/null +++ b/javascript/ql/lib/ext/make-dir.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["make-dir", "Member[makeDirectory,makeDirectorySync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 4fa0dbd3a2a4..02fc6c0ce954 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,6 +52,8 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | +| make-dir.js:9:19:9:22 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:19:9:22 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | +| make-dir.js:10:23:10:26 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:10:23:10:26 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:13:23:13:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:13:23:13:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | @@ -403,6 +405,9 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:9:19:9:22 | file | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:10:23:10:26 | file | provenance | | +| make-dir.js:7:18:7:31 | req.query.file | make-dir.js:7:11:7:31 | file | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:13:23:13:29 | dirPath | provenance | | @@ -949,6 +954,10 @@ nodes | hapi.js:14:19:14:51 | filepath | semmle.label | filepath | | hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath | | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | +| make-dir.js:7:11:7:31 | file | semmle.label | file | +| make-dir.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | +| make-dir.js:9:19:9:22 | file | semmle.label | file | +| make-dir.js:10:23:10:26 | file | semmle.label | file | | mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | | mkdirp.js:9:42:9:59 | req.query.filename | semmle.label | req.query.filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js index a91287bb0b0e..59b0cfe8d8c5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -4,8 +4,8 @@ const express = require('express'); const app = express(); app.get('/makedir', (req, res) => { - const file = req.query.file; // $ MISSING: Source + const file = req.query.file; // $ Source - makeDirectory(file); // $ MISSING: Alert - makeDirectorySync(file); // $ MISSING: Alert + makeDirectory(file); // $ Alert + makeDirectorySync(file); // $ Alert }); From 5ec71ab9af33fe00bc2e9eb673c67e0bac80da02 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:40:36 +0200 Subject: [PATCH 332/409] Added change note --- javascript/ql/lib/change-notes/2025-04-09-make-dir.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-09-make-dir.md diff --git a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md new file mode 100644 index 000000000000..fd056bbc98d3 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for the `make-dir` package. From 0acccf240ad10ccc5f146332440b88bdb888f1b1 Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Wed, 9 Apr 2025 13:45:21 +0100 Subject: [PATCH 333/409] Update codeql-library-for-actions.rst --- .../codeql-language-guides/codeql-library-for-actions.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 7be7f3c8cfe7..aa37abc57844 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -121,9 +121,9 @@ See the GitHub Actions documentation on `workflows Date: Wed, 9 Apr 2025 14:56:24 +0200 Subject: [PATCH 334/409] Brought back old methods and marked them as `deprecated` --- .../javascript/frameworks/WebSocket.qll | 44 +++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 5e40360a4d85..f71b1cf9e0d6 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -70,10 +70,35 @@ module ClientWebSocket { /** * A class that can be used to instantiate a WebSocket instance. */ - class SocketClass extends API::Node { + deprecated class SocketClass extends DataFlow::SourceNode { LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. SocketClass() { + this = DataFlow::globalVarRef("WebSocket") and library = websocket() + or + this = DataFlow::moduleImport("ws") and library = ws() + or + // the sockjs-client library:https://www.npmjs.com/package/sockjs-client + library = sockjs() and + ( + this = DataFlow::moduleImport("sockjs-client") or + this = DataFlow::globalVarRef("SockJS") + ) + } + + /** + * Gets the WebSocket library name. + */ + LibraryName getLibrary() { result = library } + } + + /** + * A class that can be used to instantiate a WebSocket instance. + */ + class WebSocketClass extends API::Node { + LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. + + WebSocketClass() { this = any(WebSocketEntryPoint e).getANode() and library = websocket() or this = API::moduleImport("ws") and library = ws() @@ -96,7 +121,7 @@ module ClientWebSocket { * A client WebSocket instance. */ class ClientSocket extends EventEmitter::Range, API::NewNode, ClientRequest::Range { - SocketClass socketClass; + WebSocketClass socketClass; ClientSocket() { this = socketClass.getAnInvocation() } @@ -212,7 +237,18 @@ module ServerWebSocket { /** * Gets a server created by a library named `library`. */ - API::InvokeNode getAServer(LibraryName library) { + deprecated DataFlow::SourceNode getAServer(LibraryName library) { + library = ws() and + result = DataFlow::moduleImport("ws").getAConstructorInvocation("Server") + or + library = sockjs() and + result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer") + } + + /** + * Gets a server created by a library named `library`. + */ + API::InvokeNode getAServerInvocation(LibraryName library) { library = ws() and result = API::moduleImport("ws").getMember("Server").getAnInvocation() or @@ -224,7 +260,7 @@ module ServerWebSocket { * Gets a `socket.on("connection", (msg, req) => {})` call. */ private DataFlow::CallNode getAConnectionCall(LibraryName library) { - result = getAServer(library).getReturn().getMember(EventEmitter::on()).getACall() and + result = getAServerInvocation(library).getReturn().getMember(EventEmitter::on()).getACall() and result.getArgument(0).mayHaveStringValue("connection") } From 84aa2e8627abcf3ca1dceb1d4ebfaaf16033b8e6 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Wed, 9 Apr 2025 14:07:38 +0100 Subject: [PATCH 335/409] Apply review suggestion - Tweak wording of example comment Co-authored-by: Taus --- python/ql/src/Variables/LoopVariableCapture/examples/good2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py index 1a2469b42202..7047e11d0b69 100644 --- a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py @@ -1,5 +1,5 @@ import functools -# GOOD: A default parameter is used, so the variable `i` is not being captured. +# GOOD: `functools.partial` takes care of capturing the _value_ of `i`. tasks = [] for i in range(5): tasks.append(functools.partial(lambda i: print(i), i)) From fbab715cb6a17a69cd2766075c0928b4a905b3bc Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 15:20:33 +0200 Subject: [PATCH 336/409] Rust: Allow for crate self-references in crate graph paths --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c6..00257238f213 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -764,6 +764,10 @@ private predicate crateDependencyEdge(ModuleLikeNode m, string name, CrateItemNo // entry/transitive source file m = c.getASourceFile() ) + or + // paths inside the crate graph use the name of the crate itself as prefix, + // although that is not valid in Rust + dep = any(Crate c | name = c.getName() and m = c.getModule()) } private predicate useTreeDeclares(UseTree tree, string name) { From f31b49b022637d8c00b8b7fa13d33694c4858813 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 15:41:48 +0100 Subject: [PATCH 337/409] Change note --- java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md new file mode 100644 index 000000000000..9c4e7b574d72 --- /dev/null +++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return less results where an enum value is used in a sensitive context, e.g. pasted into a query string. From 7a8dfdb97157d7efc6c8ab2cf7e18e6fb86bd288 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 15:52:48 +0100 Subject: [PATCH 338/409] Grammar --- java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md index 9c4e7b574d72..9b120e84ff7b 100644 --- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md +++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Enum-typed values are now assumed to be safe by most queries. This means that queries may return less results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. From 52401aaa735cc623e293e195cb391cdc477eaa5a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 17:19:25 +0200 Subject: [PATCH 339/409] Address review comments --- .../codeql/rust/internal/PathResolution.qll | 9 ++++++-- shared/util/codeql/util/FileSystem.qll | 21 ++++++++++++------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index ad64e50d009f..9a73d8d035c7 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -655,6 +655,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { ) } +/** + * Gets the `Meta` of the module `m`'s [path attribute][1]. + * + * [1]: https://doc.rust-lang.org/reference/items/modules.html#r-items.mod.outlined.path + */ private Meta getPathAttrMeta(Module m) { result = m.getAnAttr().getMeta() and result.getPath().getText() = "path" @@ -725,7 +730,7 @@ private predicate pathAttrImport(Folder f, Module m, string relativePath) { ) } -private predicate append(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } +private predicate shouldAppend(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { @@ -743,7 +748,7 @@ private predicate fileImport(Module m, SourceFile f) { or exists(Folder folder, string relativePath | pathAttrImport(folder, m, relativePath) and - f.getFile() = Folder::Append::append(folder, relativePath) + f.getFile() = Folder::Append::append(folder, relativePath) ) } diff --git a/shared/util/codeql/util/FileSystem.qll b/shared/util/codeql/util/FileSystem.qll index 261139dcf41b..ea58db929c51 100644 --- a/shared/util/codeql/util/FileSystem.qll +++ b/shared/util/codeql/util/FileSystem.qll @@ -222,20 +222,27 @@ module Make { /** Provides logic related to `Folder`s. */ module Folder { /** Holds if `relativePath` needs to be appended to `f`. */ - signature predicate appendSig(Folder f, string relativePath); + signature predicate shouldAppendSig(Folder f, string relativePath); /** Provides the `append` predicate for appending a relative path onto a folder. */ - module Append { + module Append { pragma[nomagic] private string getComponent(string relativePath, int i) { - app(_, relativePath) and + shouldAppend(_, relativePath) and result = relativePath.replaceAll("\\", "/").regexpFind("[^/]+", i, _) } + private int getNumberOfComponents(string relativePath) { + result = strictcount(int i | exists(getComponent(relativePath, i)) | i) + or + relativePath = "" and + result = 0 + } + pragma[nomagic] private Container appendStep(Folder f, string relativePath, int i) { i = -1 and - app(f, relativePath) and + shouldAppend(f, relativePath) and result = f or exists(Container mid, string comp | @@ -258,9 +265,9 @@ module Make { */ pragma[nomagic] Container append(Folder f, string relativePath) { - exists(int components | - components = (-1).maximum(max(int comp | exists(getComponent(relativePath, comp)) | comp)) and - result = appendStep(f, relativePath, components) + exists(int last | + last = getNumberOfComponents(relativePath) - 1 and + result = appendStep(f, relativePath, last) ) } } From bd3342af8aa071ca6c53cea1656ba301964bb750 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 9 Apr 2025 20:59:40 -0700 Subject: [PATCH 340/409] Actions: Update integration test for default filters Create a common file structure to be shared among multiple tests for path filters, and rename accordingly. Update test expectations with additional files. Use pytest markers to indicate the expected outputs. Add source archive checking in addition to checking query output. This allows us to test which YAML files were extracted separately from whether they are semantically meaningful to the Actions analysis. --- actions/ql/integration-tests/filters-default/test.py | 2 -- .../actions.default-filters.expected} | 2 ++ actions/ql/integration-tests/filters/actions.ql | 5 +++++ .../filters/source_archive.default-filters.expected | 6 ++++++ .../src/.github/action.yaml | 0 .../src/.github/actions/action-name/action.yml | 0 .../src/.github/unreachable-workflow.yml | 0 .../src/.github/workflows/workflow.yml | 0 .../{filters-default => filters}/src/action.yml | 0 .../filters/src/excluded/action.yml | 11 +++++++++++ .../src/excluded}/unreachable-workflow.yml | 0 .../filters/src/included/action.yml | 11 +++++++++++ .../filters/src/included/not-an-action.yml | 1 + .../filters/src/included/unreachable-workflow.yml | 12 ++++++++++++ .../filters/src/unreachable-workflow.yml | 12 ++++++++++++ actions/ql/integration-tests/filters/test.py | 6 ++++++ 16 files changed, 66 insertions(+), 2 deletions(-) delete mode 100755 actions/ql/integration-tests/filters-default/test.py rename actions/ql/integration-tests/{filters-default/actions.expected => filters/actions.default-filters.expected} (68%) create mode 100644 actions/ql/integration-tests/filters/actions.ql create mode 100644 actions/ql/integration-tests/filters/source_archive.default-filters.expected rename actions/ql/integration-tests/{filters-default => filters}/src/.github/action.yaml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/actions/action-name/action.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/unreachable-workflow.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/workflows/workflow.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/action.yml (100%) create mode 100644 actions/ql/integration-tests/filters/src/excluded/action.yml rename actions/ql/integration-tests/{filters-default/src => filters/src/excluded}/unreachable-workflow.yml (100%) create mode 100644 actions/ql/integration-tests/filters/src/included/action.yml create mode 100644 actions/ql/integration-tests/filters/src/included/not-an-action.yml create mode 100644 actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml create mode 100644 actions/ql/integration-tests/filters/src/unreachable-workflow.yml create mode 100755 actions/ql/integration-tests/filters/test.py diff --git a/actions/ql/integration-tests/filters-default/test.py b/actions/ql/integration-tests/filters-default/test.py deleted file mode 100755 index c0ac8d191b9f..000000000000 --- a/actions/ql/integration-tests/filters-default/test.py +++ /dev/null @@ -1,2 +0,0 @@ -def test(codeql, actions): - codeql.database.create(source_root="src") diff --git a/actions/ql/integration-tests/filters-default/actions.expected b/actions/ql/integration-tests/filters/actions.default-filters.expected similarity index 68% rename from actions/ql/integration-tests/filters-default/actions.expected rename to actions/ql/integration-tests/filters/actions.default-filters.expected index 376c71bad6d4..c2b8216dfa61 100644 --- a/actions/ql/integration-tests/filters-default/actions.expected +++ b/actions/ql/integration-tests/filters/actions.default-filters.expected @@ -2,3 +2,5 @@ | src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | | src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | | src/action.yml:1:1:11:32 | name: ' ... action' | +| src/excluded/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters/actions.ql b/actions/ql/integration-tests/filters/actions.ql new file mode 100644 index 000000000000..f0a3e0ab297d --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.ql @@ -0,0 +1,5 @@ +import actions + +from AstNode n +where n instanceof Workflow or n instanceof CompositeAction +select n diff --git a/actions/ql/integration-tests/filters/source_archive.default-filters.expected b/actions/ql/integration-tests/filters/source_archive.default-filters.expected new file mode 100644 index 000000000000..647b180890a4 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.default-filters.expected @@ -0,0 +1,6 @@ +src/.github/action.yaml +src/.github/actions/action-name/action.yml +src/.github/workflows/workflow.yml +src/action.yml +src/excluded/action.yml +src/included/action.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/action.yaml b/actions/ql/integration-tests/filters/src/.github/action.yaml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/action.yaml rename to actions/ql/integration-tests/filters/src/.github/action.yaml diff --git a/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml b/actions/ql/integration-tests/filters/src/.github/actions/action-name/action.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml rename to actions/ql/integration-tests/filters/src/.github/actions/action-name/action.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/.github/unreachable-workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml rename to actions/ql/integration-tests/filters/src/.github/unreachable-workflow.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml b/actions/ql/integration-tests/filters/src/.github/workflows/workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml rename to actions/ql/integration-tests/filters/src/.github/workflows/workflow.yml diff --git a/actions/ql/integration-tests/filters-default/src/action.yml b/actions/ql/integration-tests/filters/src/action.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/action.yml rename to actions/ql/integration-tests/filters/src/action.yml diff --git a/actions/ql/integration-tests/filters/src/excluded/action.yml b/actions/ql/integration-tests/filters/src/excluded/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters/src/excluded/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/excluded/unreachable-workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml rename to actions/ql/integration-tests/filters/src/excluded/unreachable-workflow.yml diff --git a/actions/ql/integration-tests/filters/src/included/action.yml b/actions/ql/integration-tests/filters/src/included/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters/src/included/not-an-action.yml b/actions/ql/integration-tests/filters/src/included/not-an-action.yml new file mode 100644 index 000000000000..78449e5c4845 --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/not-an-action.yml @@ -0,0 +1 @@ +name: 'Not an action, just a YAML file' diff --git a/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters/src/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/test.py b/actions/ql/integration-tests/filters/test.py new file mode 100755 index 000000000000..a2abcf90b035 --- /dev/null +++ b/actions/ql/integration-tests/filters/test.py @@ -0,0 +1,6 @@ +import pytest + +@pytest.mark.ql_test(expected=".default-filters.expected") +def test_default_filters(codeql, actions, check_source_archive): + check_source_archive.expected_suffix = ".default-filters.expected" + codeql.database.create(source_root="src") \ No newline at end of file From 800dd168c2c9e33f8408c8bc9dd99594a13bded5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:19:26 +0200 Subject: [PATCH 341/409] JS: Add failing TRAP test for trailing comma --- .../tests/json/input/array-trailing-comma.json | 6 ++++++ .../output/trap/array-trailing-comma.json.trap | 15 +++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 javascript/extractor/tests/json/input/array-trailing-comma.json create mode 100644 javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap diff --git a/javascript/extractor/tests/json/input/array-trailing-comma.json b/javascript/extractor/tests/json/input/array-trailing-comma.json new file mode 100644 index 000000000000..5658e96a3d0a --- /dev/null +++ b/javascript/extractor/tests/json/input/array-trailing-comma.json @@ -0,0 +1,6 @@ +{ + "array": [ + "foo", + "bar", + ] +} diff --git a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap new file mode 100644 index 000000000000..042bf630e8f8 --- /dev/null +++ b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap @@ -0,0 +1,15 @@ +#10000=@"/array-trailing-comma.json;sourcefile" +files(#10000,"/array-trailing-comma.json") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=* +json_errors(#20000,"Error: Omitted elements are not allowed in JSON.") +#20001=@"loc,{#10000},5,4,5,4" +locations_default(#20001,#10000,5,4,5,4) +hasLocation(#20000,#20001) +numlines(#10000,6,0,0) +filetype(#10000,"json") From 1434f7acd2a7cb696ac80c87e511815ed9f83e00 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 9 Apr 2025 23:14:56 +0200 Subject: [PATCH 342/409] JS: Tolerate trailing comma in JSON array Previously we'd fail to extract some tsconfig.json files because of this. --- .../src/com/semmle/js/parser/JSONParser.java | 3 --- .../trap/array-trailing-comma.json.trap | 26 ++++++++++++++++--- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/javascript/extractor/src/com/semmle/js/parser/JSONParser.java b/javascript/extractor/src/com/semmle/js/parser/JSONParser.java index 26af68b0cd3c..be55eb8397e0 100644 --- a/javascript/extractor/src/com/semmle/js/parser/JSONParser.java +++ b/javascript/extractor/src/com/semmle/js/parser/JSONParser.java @@ -205,9 +205,6 @@ private JSONArray readArray(int startoff, Position start) throws ParseError { char c = peek(); switch (c) { case ']': - if (!needsComma) { - raise("Omitted elements are not allowed in JSON."); - } next(); break out; case ',': diff --git a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap index 042bf630e8f8..77d36908a3be 100644 --- a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap +++ b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap @@ -7,9 +7,27 @@ containerparent(#10001,#10000) locations_default(#10002,#10000,0,0,0,0) hasLocation(#10000,#10002) #20000=* -json_errors(#20000,"Error: Omitted elements are not allowed in JSON.") -#20001=@"loc,{#10000},5,4,5,4" -locations_default(#20001,#10000,5,4,5,4) -hasLocation(#20000,#20001) +json(#20000,5,#10000,0,"{\n "" ... ]\n}") +#20001=@"loc,{#10000},1,1,6,1" +locations_default(#20001,#10000,1,1,6,1) +json_locations(#20000,#20001) +#20002=* +json(#20002,4,#20000,0,"[\n ... ,\n ]") +#20003=@"loc,{#10000},2,14,5,5" +locations_default(#20003,#10000,2,14,5,5) +json_locations(#20002,#20003) +#20004=* +json(#20004,3,#20002,0,"""foo""") +#20005=@"loc,{#10000},3,9,3,13" +locations_default(#20005,#10000,3,9,3,13) +json_locations(#20004,#20005) +json_literals("foo","""foo""",#20004) +#20006=* +json(#20006,3,#20002,1,"""bar""") +#20007=@"loc,{#10000},4,9,4,13" +locations_default(#20007,#10000,4,9,4,13) +json_locations(#20006,#20007) +json_literals("bar","""bar""",#20006) +json_properties(#20000,"array",#20002) numlines(#10000,6,0,0) filetype(#10000,"json") From cfa1a9b603ce16b00d0fdb9d92b102a8790f90fe Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:14:38 +0200 Subject: [PATCH 343/409] JS: Update extractor version string --- javascript/extractor/src/com/semmle/js/extractor/Main.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java index 0b92711b01da..45691d1d7f42 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/Main.java +++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java @@ -42,7 +42,7 @@ public class Main { * A version identifier that should be updated every time the extractor changes in such a way that * it may produce different tuples for the same file under the same {@link ExtractorConfig}. */ - public static final String EXTRACTOR_VERSION = "2025-03-20"; + public static final String EXTRACTOR_VERSION = "2025-04-10"; public static final Pattern NEWLINE = Pattern.compile("\n"); From 3da1f261f7e51b50181f457a6a3902efb2f9c54e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:21:48 +0200 Subject: [PATCH 344/409] JS: Change note --- .../src/change-notes/2025-04-10-json-array-trailing-comma.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md diff --git a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md new file mode 100644 index 000000000000..7a0acd541e10 --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. From 00999baf9ae4f7ecad7c2bb627ab6f715a79dfba Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 10 Apr 2025 09:06:01 +0100 Subject: [PATCH 345/409] Apply docs review suggestion - Reword query description. Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 514a6790ea08..034ac05ee946 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -1,6 +1,6 @@ /** * @name Loop variable capture - * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. + * @description Capturing a loop variable is not the same as capturing its value, and can lead to unexpected behavior or bugs. * @kind path-problem * @tags correctness * quality From 6802037c892b51ecb1758d0d4d884135e71eb6e2 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 10 Apr 2025 09:52:18 +0100 Subject: [PATCH 346/409] Update qhelp formatting --- .../Variables/LoopVariableCapture/LoopVariableCapture.qhelp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index b902f976a537..2f3beeb2e9fc 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -22,11 +22,11 @@ To capture the value of a loop variable at the time the closure is created, use

    -In the following (BAD) example, a `tasks` list is created, but each task captures the loop variable i, and reads the same value when run. +In the following (BAD) example, a tasks list is created, but each task captures the loop variable i, and reads the same value when run.

    -In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. +In the following (GOOD) example, each closure has an i default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created.

    From 041adcd63a567d28e769c1578f37991b42ff738f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 21 Mar 2025 16:28:20 +0000 Subject: [PATCH 347/409] Java: Add initial version of string replaceAll with no regex query --- .../StringReplaceAllWithNonRegex.md | 28 +++++++++++++++++++ .../StringReplaceAllWithNonRegex.ql | 20 +++++++++++++ .../StringReplaceAllWithNonRegex.expected | 1 + .../StringReplaceAllWithNonRegex.qlref | 1 + .../StringReplaceAllWithNonRegex/Test.java | 7 +++++ 5 files changed, 57 insertions(+) create mode 100644 java/ql/src/Performance/StringReplaceAllWithNonRegex.md create mode 100644 java/ql/src/Performance/StringReplaceAllWithNonRegex.ql create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md new file mode 100644 index 000000000000..b38ee002f979 --- /dev/null +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -0,0 +1,28 @@ +# J-STR-001: Use of `String.replaceAll` with a first argument of a non regular expression + +Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. + +## Overview + +The underlying implementation of `String.replaceAll` uses `Pattern.compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String.replace` may be more performant as it does not need to compile the regular expression. + +## Recommendation + +Use `String.replace` instead where a `replaceAll` call uses a trivial string as its first argument. + +## Example + +```java +public class Test { + void f() { + String s1 = "test"; + s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT + } +} + +``` + +## References + +- [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql new file mode 100644 index 000000000000..d5d4c63cc6e5 --- /dev/null +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -0,0 +1,20 @@ +/** + * @id java/string-replace-all-with-non-regex + * @name J-STR-001: Use of `String#replaceAll` with a first argument of a non regular expression + * @description Using `String#replaceAll` is less performant than `String#replace` when the first + * argument is not a regular expression. + * @kind problem + * @precision very-high + * @problem.severity recommendation + * @tags performance + */ + +import java + +from MethodCall replaceAllCall +where + replaceAllCall.getMethod().hasQualifiedName("java.lang", "String", "replaceAll") and + //only contains characters that could be a simple string + replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") +select replaceAllCall, + "Call to 'replaceAll' uses an argument comprised of plain string characters only." diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected new file mode 100644 index 000000000000..f47e86d1f0e3 --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -0,0 +1 @@ +| Test.java:4:14:4:36 | replaceAll(...) | Call to 'replaceAll' uses an argument comprised of plain string characters only. | diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref new file mode 100644 index 000000000000..c82994caef5a --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref @@ -0,0 +1 @@ +Performance/StringReplaceAllWithNonRegex.ql diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java new file mode 100644 index 000000000000..e2734f101350 --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -0,0 +1,7 @@ +public class Test { + void f() { + String s1 = "test"; + s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT + } +} From ff2947a0e5da92daf993aa32cb8bbe71f4d861cb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:34:39 +0000 Subject: [PATCH 348/409] Adjust query name --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index b38ee002f979..d9e8c722782d 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -1,4 +1,4 @@ -# J-STR-001: Use of `String.replaceAll` with a first argument of a non regular expression +# Use of `String#replaceAll` with a first argument which is not a regular expression Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index d5d4c63cc6e5..02768d6817e5 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -1,6 +1,6 @@ /** * @id java/string-replace-all-with-non-regex - * @name J-STR-001: Use of `String#replaceAll` with a first argument of a non regular expression + * @name Use of `String#replaceAll` with a first argument which is not a regular expression * @description Using `String#replaceAll` is less performant than `String#replace` when the first * argument is not a regular expression. * @kind problem From b5b252b10f7f8ae735c093a03c3ce3feadb83cee Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:36:37 +0000 Subject: [PATCH 349/409] Convert test to inline expectations --- .../StringReplaceAllWithNonRegex.qlref | 3 ++- .../test/query-tests/StringReplaceAllWithNonRegex/Test.java | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref index c82994caef5a..7737507b19e9 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref @@ -1 +1,2 @@ -Performance/StringReplaceAllWithNonRegex.ql +query: Performance/StringReplaceAllWithNonRegex.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java index e2734f101350..e3d9dafb5312 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -1,7 +1,7 @@ public class Test { void f() { String s1 = "test"; - s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT - s1 = s1.replaceAll(".*", "x"); // COMPLIANT + s1 = s1.replaceAll("t", "x"); // $ Alert + s1 = s1.replaceAll(".*", "x"); } } From 441c79ebdf999dfb4802dcf2a418770da72eff17 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:38:07 +0000 Subject: [PATCH 350/409] Use existing class StringReplaceAllCall --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 02768d6817e5..a5918c642ea3 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -11,9 +11,8 @@ import java -from MethodCall replaceAllCall +from StringReplaceAllCall replaceAllCall where - replaceAllCall.getMethod().hasQualifiedName("java.lang", "String", "replaceAll") and //only contains characters that could be a simple string replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, From fea3d10b97a7d8659b22ce46778f5d550786024b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:41:59 +0000 Subject: [PATCH 351/409] Update qhelp --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index d9e8c722782d..b5b35fcceff4 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -1,14 +1,14 @@ # Use of `String#replaceAll` with a first argument which is not a regular expression -Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. +Using `String#replaceAll` is less performant than `String#replace` when the first argument is not a regular expression. ## Overview -The underlying implementation of `String.replaceAll` uses `Pattern.compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String.replace` may be more performant as it does not need to compile the regular expression. +The underlying implementation of `String#replaceAll` uses `Pattern#compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String#replace` may be more performant as it does not need to compile the regular expression. ## Recommendation -Use `String.replace` instead where a `replaceAll` call uses a trivial string as its first argument. +Use `String#replace` instead where a `replaceAll` call uses a trivial string as its first argument. ## Example @@ -25,4 +25,4 @@ public class Test { ## References -- [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)) +- Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). From 042fe074944033bb6d0ce7ff2fe7ab3cb96b382b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:50:42 +0000 Subject: [PATCH 352/409] Adjust alert message --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 8 +++++--- .../StringReplaceAllWithNonRegex.expected | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index a5918c642ea3..49198bc5219a 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -11,9 +11,11 @@ import java -from StringReplaceAllCall replaceAllCall +from StringReplaceAllCall replaceAllCall, StringLiteral firstArg where + firstArg = replaceAllCall.getArgument(0) and //only contains characters that could be a simple string - replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") + firstArg.getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, - "Call to 'replaceAll' uses an argument comprised of plain string characters only." + "This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression.", + firstArg, "first argument" diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected index f47e86d1f0e3..c64ee0db3343 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -1 +1 @@ -| Test.java:4:14:4:36 | replaceAll(...) | Call to 'replaceAll' uses an argument comprised of plain string characters only. | +| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | From c4e56b1ec8cf4911577cc72f9d6809c3e18efe3e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 13:44:21 +0000 Subject: [PATCH 353/409] Add quality and cwe tag to query CWE-1176: Inefficient CPU Computation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 1 + java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 ++ 2 files changed, 3 insertions(+) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index b5b35fcceff4..4b14303bd7a2 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -26,3 +26,4 @@ public class Test { ## References - Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). +- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 49198bc5219a..3f0fb5829dde 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -7,6 +7,8 @@ * @precision very-high * @problem.severity recommendation * @tags performance + * quality + * external/cwe/cwe-1176 */ import java From 626a7d50074befe1092981198c7ca7d8d67ac310 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Mar 2025 10:19:31 +0000 Subject: [PATCH 354/409] Fix punctuation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index 4b14303bd7a2..a297ad519f84 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -26,4 +26,4 @@ public class Test { ## References - Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). -- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html) +- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html). diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 3f0fb5829dde..d02a7ff0a08a 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -19,5 +19,5 @@ where //only contains characters that could be a simple string firstArg.getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, - "This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression.", + "This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression.", firstArg, "first argument" From 04ec1d783062d709442d60fa9789977139ebff45 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Mar 2025 11:01:09 +0000 Subject: [PATCH 355/409] Update test expectations --- .../StringReplaceAllWithNonRegex.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected index c64ee0db3343..944dd3d23a3d 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -1 +1 @@ -| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | +| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | From e1c5517de71b8f73338c9dcd02582ddb20a03dcb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 11:40:53 +0000 Subject: [PATCH 356/409] Keep COMPLIANT and NON_COMPLIANT comments in test --- .../test/query-tests/StringReplaceAllWithNonRegex/Test.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java index e3d9dafb5312..1465343b8c2e 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -1,7 +1,7 @@ public class Test { void f() { String s1 = "test"; - s1 = s1.replaceAll("t", "x"); // $ Alert - s1 = s1.replaceAll(".*", "x"); + s1 = s1.replaceAll("t", "x"); // $ Alert // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT } } From 3ea5cc1b66670181d96e5cd7e28ca69933f06d13 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 16:00:05 +0000 Subject: [PATCH 357/409] Add query to code-quality query suite --- java/ql/src/codeql-suites/java-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/src/codeql-suites/java-code-quality.qls b/java/ql/src/codeql-suites/java-code-quality.qls index ac1f52624c4f..0f6151a5e8d4 100644 --- a/java/ql/src/codeql-suites/java-code-quality.qls +++ b/java/ql/src/codeql-suites/java-code-quality.qls @@ -11,4 +11,5 @@ - java/unused-container - java/input-resource-leak - java/output-resource-leak - - java/type-variable-hides-type \ No newline at end of file + - java/type-variable-hides-type + - java/string-replace-all-with-non-regex From ad89e7980ef1d3eb05bd5917de0aad9db81da668 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 31 Mar 2025 22:45:02 +0100 Subject: [PATCH 358/409] Tweak documentation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index a297ad519f84..6e298b4955b6 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -4,7 +4,7 @@ Using `String#replaceAll` is less performant than `String#replace` when the firs ## Overview -The underlying implementation of `String#replaceAll` uses `Pattern#compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String#replace` may be more performant as it does not need to compile the regular expression. +The `String#replaceAll` method is designed to work with regular expressions as its first parameter. When you use a simple string without any regex patterns (like special characters or syntax), it's more efficient to use `String#replace` instead. This is because `replaceAll` has to compile the input as a regular expression first, which adds unnecessary overhead when you are just replacing literal text. ## Recommendation diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index d02a7ff0a08a..3f662b60cf3b 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -1,8 +1,8 @@ /** * @id java/string-replace-all-with-non-regex * @name Use of `String#replaceAll` with a first argument which is not a regular expression - * @description Using `String#replaceAll` is less performant than `String#replace` when the first - * argument is not a regular expression. + * @description Using `String#replaceAll` with a first argument which is not a regular expression + * is less efficient than using `String#replace`. * @kind problem * @precision very-high * @problem.severity recommendation From 576f4cf19f92f82960ff55283229763c432a2576 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 12:20:31 +0100 Subject: [PATCH 359/409] Update tags --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 3f662b60cf3b..bc05b3bf063b 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -6,8 +6,9 @@ * @kind problem * @precision very-high * @problem.severity recommendation - * @tags performance - * quality + * @tags quality + * reliability + * performance * external/cwe/cwe-1176 */ From acfcc6d490b985e3726a0a29d9748a686df8368f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 12:35:42 +0100 Subject: [PATCH 360/409] Sort ids in `java-code-quality.qls` --- java/ql/src/codeql-suites/java-code-quality.qls | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/java/ql/src/codeql-suites/java-code-quality.qls b/java/ql/src/codeql-suites/java-code-quality.qls index 0f6151a5e8d4..2eafe785532e 100644 --- a/java/ql/src/codeql-suites/java-code-quality.qls +++ b/java/ql/src/codeql-suites/java-code-quality.qls @@ -1,15 +1,15 @@ - queries: . - include: id: - - java/suspicious-date-format - - java/integer-multiplication-cast-to-long - - java/equals-on-unrelated-types - java/contradictory-type-checks - - java/reference-equality-of-boxed-types + - java/equals-on-unrelated-types - java/inconsistent-equals-and-hashcode - - java/unchecked-cast-in-equals - - java/unused-container - java/input-resource-leak + - java/integer-multiplication-cast-to-long - java/output-resource-leak - - java/type-variable-hides-type + - java/reference-equality-of-boxed-types - java/string-replace-all-with-non-regex + - java/suspicious-date-format + - java/type-variable-hides-type + - java/unchecked-cast-in-equals + - java/unused-container From 78a26cfdb2bb06c4fc3120f2b94762238a157367 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 10 Apr 2025 13:09:51 +0100 Subject: [PATCH 361/409] Update index.rst --- docs/codeql/query-help/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/query-help/index.rst b/docs/codeql/query-help/index.rst index f9408d1913ce..685b7551ea3c 100644 --- a/docs/codeql/query-help/index.rst +++ b/docs/codeql/query-help/index.rst @@ -29,9 +29,9 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove :hidden: :titlesonly: - actions cpp csharp + actions go java javascript From 171a84609e4ad54ae6cb6dc66fc680ee33883a59 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 10 Apr 2025 14:13:48 +0200 Subject: [PATCH 362/409] Applied copilot suggestion. --- .../Security/CWE-022/TaintedPath/TaintedPath.expected | 6 +++--- .../query-tests/Security/CWE-022/TaintedPath/make-dir.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 02fc6c0ce954..08bf15800dad 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,7 +52,7 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | -| make-dir.js:9:19:9:22 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:19:9:22 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | +| make-dir.js:9:25:9:28 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:25:9:28 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | make-dir.js:10:23:10:26 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:10:23:10:26 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | @@ -405,7 +405,7 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | -| make-dir.js:7:11:7:31 | file | make-dir.js:9:19:9:22 | file | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:9:25:9:28 | file | provenance | | | make-dir.js:7:11:7:31 | file | make-dir.js:10:23:10:26 | file | provenance | | | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:7:11:7:31 | file | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | @@ -956,7 +956,7 @@ nodes | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | | make-dir.js:7:11:7:31 | file | semmle.label | file | | make-dir.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | -| make-dir.js:9:19:9:22 | file | semmle.label | file | +| make-dir.js:9:25:9:28 | file | semmle.label | file | | make-dir.js:10:23:10:26 | file | semmle.label | file | | mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js index 59b0cfe8d8c5..2306e00bcae7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -3,9 +3,9 @@ import { makeDirectory, makeDirectorySync } from 'make-dir'; const express = require('express'); const app = express(); -app.get('/makedir', (req, res) => { +app.get('/makedir', async (req, res) => { const file = req.query.file; // $ Source - makeDirectory(file); // $ Alert + await makeDirectory(file); // $ Alert makeDirectorySync(file); // $ Alert }); From 81cba7fa2f8e873ec8532004426aa17efafa2410 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 31 Mar 2025 13:50:56 +0200 Subject: [PATCH 363/409] Added test cases with missing alerts for `Request` and `NextRequest`. --- .../Request/app/api/proxy/route.serverSide.ts | 5 +++++ .../Request/app/api/proxy/route2.serverSide.ts | 8 ++++++++ .../Security/CWE-918/Request/package.json | 13 +++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/package.json diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts new file mode 100644 index 000000000000..bfee2442afb0 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts @@ -0,0 +1,5 @@ +export async function POST(req: Request) { + const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] + const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + return new Response(res.body, { headers: res.headers }); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts new file mode 100644 index 000000000000..7b212a73542c --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts @@ -0,0 +1,8 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function POST(req: NextRequest) { + const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] + const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text(); + return new NextResponse(data, { headers: res.headers }); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json b/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json new file mode 100644 index 000000000000..329c7acb8239 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json @@ -0,0 +1,13 @@ +{ + "name": "next-edge-proxy-app", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start" + }, + "dependencies": { + "next": "15.1.7" + } +} From 63a3953b0cdab643d356ad4234c4f18510cfbc03 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 31 Mar 2025 13:57:43 +0200 Subject: [PATCH 364/409] Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. --- .../lib/semmle/javascript/frameworks/Next.qll | 58 ++++++++++++++++++- .../Request/app/api/proxy/route.serverSide.ts | 4 +- .../app/api/proxy/route2.serverSide.ts | 4 +- .../Security/CWE-918/RequestForgery.expected | 20 +++++++ 4 files changed, 80 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 8fce608a9704..6333c9442d85 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -213,10 +213,12 @@ module NextJS { /** * Gets a folder that contains API endpoints for a Next.js application. * These API endpoints act as Express-like route-handlers. + * It matches both the Pages Router (`pages/api/`) Next.js 12 or earlier and + * the App Router (`app/api/`) Next.js 13+ structures. */ Folder apiFolder() { - result = getANextPackage().getFile().getParentContainer().getFolder("pages").getFolder("api") - or + result = + getANextPackage().getFile().getParentContainer().getFolder(["pages", "app"]).getFolder("api") or result = apiFolder().getAFolder() } @@ -271,4 +273,56 @@ module NextJS { override string getCredentialsKind() { result = "jwt key" } } } + + /** + * A route handler for Next.js 13+ App Router API endpoints, which are defined by exporting + * HTTP method functions (like `GET`, `POST`, `PUT`, `DELETE`) from route.js files inside + * the `app/api/` directory. + */ + class NextAppRouteHandler extends DataFlow::FunctionNode, Http::Servers::StandardRouteHandler { + NextAppRouteHandler() { + exists(Module mod | mod.getFile().getParentContainer() = apiFolder() | + this = mod.getAnExportedValue(any(Http::RequestMethodName m)).getAFunctionValue() and + ( + this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") + or + this.getParameter(0).hasUnderlyingType("Request") + ) + ) + } + + /** + * Gets the request parameter, which is either a `NextRequest` object (from `next/server`) or a standard web `Request` object. + */ + DataFlow::SourceNode getRequest() { result = this.getParameter(0) } + } + + /** + * A source of user-controlled data from a `NextRequest` object (from `next/server`) or a standard web `Request` object + * in a Next.js App Router route handler. + */ + class NextAppRequestSource extends Http::RequestInputAccess { + NextAppRouteHandler handler; + string kind; + + NextAppRequestSource() { + ( + this = + handler.getRequest().getAMethodCall(["json", "formData", "blob", "arrayBuffer", "text"]) + or + this = handler.getRequest().getAPropertyRead("body") + ) and + kind = "body" + or + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" + or + this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" + } + + override string getKind() { result = kind } + + override Http::RouteHandler getRouteHandler() { result = handler } + + override string getSourceType() { result = "Next.js App Router request" } + } } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts index bfee2442afb0..f3d05b7e5aa2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts @@ -1,5 +1,5 @@ export async function POST(req: Request) { - const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] - const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const { url } = await req.json(); // $ Source[js/request-forgery] + const res = await fetch(url); // $ Alert[js/request-forgery] Sink[js/request-forgery] return new Response(res.body, { headers: res.headers }); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts index 7b212a73542c..051ba67e401f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts @@ -1,8 +1,8 @@ import { NextRequest, NextResponse } from 'next/server'; export async function POST(req: NextRequest) { - const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] - const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const { url } = await req.json(); // $ Source[js/request-forgery] + const res = await fetch(url); // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text(); return new NextResponse(data, { headers: res.headers }); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 78b02c5f7db4..b8436fa6722e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,4 +1,6 @@ #select +| Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | +| Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -27,6 +29,14 @@ | serverSide.js:125:5:128:6 | axios({ ... \\n }) | serverSide.js:123:29:123:35 | req.url | serverSide.js:127:14:127:20 | tainted | The $@ of this request depends on a $@. | serverSide.js:127:14:127:20 | tainted | URL | serverSide.js:123:29:123:35 | req.url | user-provided value | | serverSide.js:131:5:131:20 | axios.get(myUrl) | serverSide.js:123:29:123:35 | req.url | serverSide.js:131:15:131:19 | myUrl | The $@ of this request depends on a $@. | serverSide.js:131:15:131:19 | myUrl | URL | serverSide.js:123:29:123:35 | req.url | user-provided value | edges +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -91,6 +101,16 @@ edges | serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | provenance | | | serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | provenance | | nodes +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | semmle.label | { url } | +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | semmle.label | url | +| Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | semmle.label | await req.json() | +| Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | semmle.label | req.json() | +| Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | semmle.label | url | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | semmle.label | { url } | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | semmle.label | url | +| Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | semmle.label | await req.json() | +| Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | semmle.label | req.json() | +| Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From a1dc87496a02c1eeb538630fd867c8a189256fd9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 13:56:38 +0100 Subject: [PATCH 365/409] Shared: Replace a 'count' with a 'strictcount' to prevent a CP when testing on C++. --- .../codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 0678d07e7f47..61b6b2434dc0 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -687,7 +687,7 @@ module MakeModelGenerator< private DataFlow::ParameterNode parameter; ContentDataFlowSummaryTargetApi() { - count(string input, string output | + strictcount(string input, string output | exists( PropagateContentFlow::AccessPath reads, ReturnNodeExt returnNodeExt, PropagateContentFlow::AccessPath stores From 8acb0243ada91759d96d24121dc625d5b39db9a2 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 1 Apr 2025 14:14:27 +0200 Subject: [PATCH 366/409] Added test cases for `NextResponse` and `Response` --- .../ReflectedXss/ReflectedXss.expected | 17 ++++++++++ .../ReflectedXssWithCustomSanitizer.expected | 4 +++ .../CWE-079/ReflectedXss/app/api/route.ts | 30 +++++++++++++++++ .../ReflectedXss/app/api/routeNextRequest.ts | 32 +++++++++++++++++++ 4 files changed, 83 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index 75bef3e1b3b3..d4462e6064b5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -27,6 +27,10 @@ | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value | | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to a $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value | +| app/api/route.ts:5:18:5:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:5:18:5:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:13:18:13:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:25:18:25:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:29:25:29:28 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to a $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | @@ -128,6 +132,12 @@ edges | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | | | ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | | | ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:5:18:5:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:13:18:13:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:25:18:25:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:29:25:29:28 | body | provenance | | +| app/api/route.ts:2:18:2:33 | await req.json() | app/api/route.ts:2:11:2:33 | body | provenance | | +| app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:2:18:2:33 | await req.json() | provenance | | | etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | | formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | @@ -309,6 +319,13 @@ nodes | ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | | ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| app/api/route.ts:2:11:2:33 | body | semmle.label | body | +| app/api/route.ts:2:18:2:33 | await req.json() | semmle.label | await req.json() | +| app/api/route.ts:2:24:2:33 | req.json() | semmle.label | req.json() | +| app/api/route.ts:5:18:5:21 | body | semmle.label | body | +| app/api/route.ts:13:18:13:21 | body | semmle.label | body | +| app/api/route.ts:25:18:25:21 | body | semmle.label | body | +| app/api/route.ts:29:25:29:28 | body | semmle.label | body | | etherpad.js:9:5:9:53 | response | semmle.label | response | | etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | | etherpad.js:11:12:11:19 | response | semmle.label | response | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index 5532af3cf116..8fb9524ff45a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -26,6 +26,10 @@ | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value | | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value | +| app/api/route.ts:5:18:5:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | live-server.js:6:13:6:50 | ` ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:4:21:4:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts new file mode 100644 index 000000000000..467f02a8ff8e --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts @@ -0,0 +1,30 @@ +export async function POST(req: Request) { + const body = await req.json(); // $ Source + + new Response(body, {headers: { 'Content-Type': 'application/json' }}); + new Response(body, {headers: { 'Content-Type': 'text/html' }}); // $ Alert + + const headers2 = new Headers(req.headers); + headers2.append('Content-Type', 'application/json'); + new Response(body, { headers: headers2 }); + + const headers3 = new Headers(req.headers); + headers3.append('Content-Type', 'text/html'); + new Response(body, { headers: headers3 }); // $ Alert + + const headers4 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'application/json' + }); + new Response(body, { headers: headers4 }); + + const headers5 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'text/html' + }); + new Response(body, { headers: headers5 }); // $ Alert + + const headers = new Headers(req.headers); + headers.set('Content-Type', 'text/html'); + return new Response(body, { headers }); // $ Alert +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts new file mode 100644 index 000000000000..758b91e1caa0 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts @@ -0,0 +1,32 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function POST(req: NextRequest) { + const body = await req.json(); // $ MISSING: Source + + new NextResponse(body, {headers: { 'Content-Type': 'application/json' }}); + new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ MISSING: Alert + + const headers2 = new Headers(req.headers); + headers2.append('Content-Type', 'application/json'); + new NextResponse(body, { headers: headers2 }); + + const headers3 = new Headers(req.headers); + headers3.append('Content-Type', 'text/html'); + new NextResponse(body, { headers: headers3 }); // $ MISSING: Alert + + const headers4 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'application/json' + }); + new NextResponse(body, { headers: headers4 }); + + const headers5 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'text/html' + }); + new NextResponse(body, { headers: headers5 }); // $ MISSING: Alert + + const headers = new Headers(req.headers); + headers.set('Content-Type', 'text/html'); + return new NextResponse(body, { headers }); // $ MISSING: Alert +} From 732fcbf1c908abbe7f6976e7aff17712eca8ab89 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 13:58:59 +0100 Subject: [PATCH 367/409] Shared: Move 'asParameter' out of the class signature. --- .../modelgenerator/internal/ModelGeneratorImpl.qll | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 61b6b2434dc0..270301f361d3 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -55,11 +55,8 @@ signature module ModelGeneratorInputSig */ Callable getAsExprEnclosingCallable(); - /** - * Gets the parameter corresponding to this node, if any. - */ - Parameter asParameter(); - } + /** Gets the parameter corresponding to this node, if any. */ + Parameter asParameter(NodeExtended n); /** * A class of callables that are potentially relevant for generating summary or @@ -390,7 +387,7 @@ module MakeModelGenerator< * Gets the MaD string representation of the parameter node `p`. */ string parameterNodeAsInput(DataFlow::ParameterNode p) { - result = parameterAccess(p.(NodeExtended).asParameter()) + result = parameterAccess(asParameter(p)) or result = qualifierString() and p instanceof InstanceParameterNode } @@ -613,7 +610,7 @@ module MakeModelGenerator< * when used in content flow. */ private string parameterNodeAsContentInput(DataFlow::ParameterNode p) { - result = parameterContentAccess(p.(NodeExtended).asParameter()) + result = parameterContentAccess(asParameter(p)) or result = qualifierString() and p instanceof InstanceParameterNode } From c484945f395d31e7c6c131ef373baf467ca8b555 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:00:11 +0100 Subject: [PATCH 368/409] Shared: Move 'getEnclosingCallable' and 'getAsExprEnclosingCallable' out of the class signature. --- .../internal/ModelGeneratorImpl.qll | 47 ++++++++++--------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 270301f361d3..da06e74e10f0 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -44,16 +44,15 @@ signature module ModelGeneratorInputSig * Gets the type of this node. */ Type getType(); + } - /** - * Gets the enclosing callable of this node. - */ - Callable getEnclosingCallable(); + /** Gets the enclosing callable of `node`. */ + Callable getEnclosingCallable(NodeExtended node); - /** - * Gets the enclosing callable of this node, when considered as an expression. - */ - Callable getAsExprEnclosingCallable(); + /** + * Gets the enclosing callable of `node`, when considered as an expression. + */ + Callable getAsExprEnclosingCallable(NodeExtended node); /** Gets the parameter corresponding to this node, if any. */ Parameter asParameter(NodeExtended n); @@ -462,7 +461,7 @@ module MakeModelGenerator< predicate isSource(DataFlow::Node source, FlowState state) { source instanceof DataFlow::ParameterNode and exists(Callable c | - c = source.(NodeExtended).getEnclosingCallable() and + c = getEnclosingCallable(source) and c instanceof DataFlowSummaryTargetApi and not isUninterestingForHeuristicDataFlowModels(c) ) and @@ -472,7 +471,7 @@ module MakeModelGenerator< predicate isSink(DataFlow::Node sink, FlowState state) { sink instanceof ReturnNodeExt and not isOwnInstanceAccessNode(sink) and - not exists(captureQualifierFlow(sink.(NodeExtended).getAsExprEnclosingCallable())) and + not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and (state instanceof TaintRead or state instanceof TaintStore) } @@ -516,8 +515,8 @@ module MakeModelGenerator< DataFlowSummaryTargetApi api, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt ) { exists(string input, string output | - p.(NodeExtended).getEnclosingCallable() = api and - returnNodeExt.getEnclosingCallable() = api and + getEnclosingCallable(p) = api and + getEnclosingCallable(returnNodeExt) = api and input = parameterNodeAsInput(p) and output = getOutput(returnNodeExt) and input != output and @@ -567,11 +566,12 @@ module MakeModelGenerator< private module PropagateContentFlowConfig implements ContentDataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode and - source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSummaryTargetApi + getEnclosingCallable(source) instanceof DataFlowSummaryTargetApi } predicate isSink(DataFlow::Node sink) { - sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSummaryTargetApi + sink instanceof ReturnNodeExt and + getEnclosingCallable(sink) instanceof DataFlowSummaryTargetApi } predicate isAdditionalFlowStep = isAdditionalContentFlowStep/2; @@ -664,8 +664,8 @@ module MakeModelGenerator< PropagateContentFlow::AccessPath stores, boolean preservesValue ) { PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and - returnNodeExt.getEnclosingCallable() = api and - p.(NodeExtended).getEnclosingCallable() = api + getEnclosingCallable(returnNodeExt) = api and + getEnclosingCallable(p) = api } /** @@ -709,8 +709,8 @@ module MakeModelGenerator< PropagateContentFlow::AccessPath stores, boolean preservesValue ) { PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and - returnNodeExt.getEnclosingCallable() = api and - p.(NodeExtended).getEnclosingCallable() = api and + getEnclosingCallable(returnNodeExt) = api and + getEnclosingCallable(p) = api and p = api.getARelevantParameterNode() } @@ -982,7 +982,8 @@ module MakeModelGenerator< } predicate isSink(DataFlow::Node sink) { - sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSourceTargetApi + sink instanceof ReturnNodeExt and + getEnclosingCallable(sink) instanceof DataFlowSourceTargetApi } DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext } @@ -1005,8 +1006,8 @@ module MakeModelGenerator< exists(NodeExtended source, ReturnNodeExt sink, string kind | PropagateFromSource::flow(source, sink) and sourceNode(source, kind) and - api = sink.getEnclosingCallable() and - not irrelevantSourceSinkApi(source.getEnclosingCallable(), api) and + api = getEnclosingCallable(sink) and + not irrelevantSourceSinkApi(getEnclosingCallable(source), api) and result = ModelPrinting::asSourceModel(api, getOutput(sink), kind) ) } @@ -1021,7 +1022,7 @@ module MakeModelGenerator< module PropagateToSinkConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { apiSource(source) and - source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSinkTargetApi + getEnclosingCallable(source) instanceof DataFlowSinkTargetApi } predicate isSink(DataFlow::Node sink) { @@ -1050,7 +1051,7 @@ module MakeModelGenerator< exists(NodeExtended src, NodeExtended sink, string kind | PropagateToSink::flow(src, sink) and sinkNode(sink, kind) and - api = src.getEnclosingCallable() and + api = getEnclosingCallable(src) and result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind) ) } From 04bf908a4bcb26179988550f84bdf4f4c2cb2635 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:01:00 +0100 Subject: [PATCH 369/409] C#: Fixup MaD input. --- .../utils/modelgenerator/internal/CaptureModels.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 125204d7c5bd..ce83369df077 100644 --- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -22,10 +22,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig`. */ From b6c658767e23f0c74d7825bbcf65fd9584948d24 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:01:11 +0100 Subject: [PATCH 370/409] Java: Fixup MaD input. --- .../utils/modelgenerator/internal/CaptureModels.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 1f96d8ad296d..9dd317b30067 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -32,10 +32,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig Date: Thu, 10 Apr 2025 14:01:20 +0100 Subject: [PATCH 371/409] Rust: Fixup MaD input. --- .../utils/modelgenerator/internal/CaptureModels.qll | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 3a14f6a4a489..237da46750bd 100644 --- a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -20,15 +20,17 @@ module ModelGeneratorInput implements ModelGeneratorInputSig Date: Thu, 10 Apr 2025 14:02:31 +0100 Subject: [PATCH 372/409] Shared: Provide a hook to MaD generation to modify the 'ReturnValue' string. --- .../internal/ModelGeneratorImpl.qll | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index da06e74e10f0..37934b921147 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -222,6 +222,14 @@ signature module ModelGeneratorInputSig */ default Lang::ParameterPosition getReturnKindParamPosition(Lang::ReturnKind node) { none() } + /** + * Gets the string that represents the return value corresponding to the + * return kind `kind`. + * + * For most languages this will be the string "ReturnValue". + */ + default string getReturnValueString(Lang::ReturnKind kind) { result = "ReturnValue" } + /** * Holds if it is irrelevant to generate models for `api` based on data flow analysis. * @@ -317,9 +325,11 @@ module MakeModelGenerator< private module PrintReturnNodeExt { string getOutput(ReturnNodeExt node) { - node.getKind() instanceof DataFlow::ValueReturnKind and - not exists(node.getPosition()) and - result = "ReturnValue" + exists(DataFlow::ValueReturnKind valueReturnKind | + valueReturnKind = node.getKind() and + not exists(node.getPosition()) and + result = getReturnValueString(valueReturnKind.getKind()) + ) or exists(DataFlow::ParameterPosition pos | pos = node.getPosition() and From 86b64afa13848bdc9bb6cdeeb1a7dee7fc2778d4 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 10 Apr 2025 15:06:44 +0200 Subject: [PATCH 373/409] Added `NextResponse` to the `ResponseCall` class it models similar near idential behaviour. --- .../javascript/frameworks/WebResponse.qll | 7 +++++-- .../CWE-079/ReflectedXss/ReflectedXss.expected | 17 +++++++++++++++++ .../ReflectedXssWithCustomSanitizer.expected | 4 ++++ .../ReflectedXss/app/api/routeNextRequest.ts | 10 +++++----- 4 files changed, 31 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll index 0e3f93d8099b..dfdee73c9d90 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -19,10 +19,13 @@ private class HeadersEntryPoint extends API::EntryPoint { } /** - * A call to the `Response` constructor. + * A call to the `Response` and `NextResponse` constructor. */ private class ResponseCall extends API::InvokeNode { - ResponseCall() { this = any(ResponseEntryPoint e).getANode().getAnInstantiation() } + ResponseCall() { + this = any(ResponseEntryPoint e).getANode().getAnInstantiation() or + this = API::moduleImport("next/server").getMember("NextResponse").getAnInstantiation() + } } /** diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index d4462e6064b5..5681ae99aa85 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -31,6 +31,10 @@ | app/api/route.ts:13:18:13:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:25:18:25:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:29:25:29:28 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:7:20:7:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:7:20:7:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:15:20:15:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:15:20:15:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:27:20:27:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:27:20:27:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:31:27:31:30 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:31:27:31:30 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | | etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to a $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | @@ -138,6 +142,12 @@ edges | app/api/route.ts:2:11:2:33 | body | app/api/route.ts:29:25:29:28 | body | provenance | | | app/api/route.ts:2:18:2:33 | await req.json() | app/api/route.ts:2:11:2:33 | body | provenance | | | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:2:18:2:33 | await req.json() | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:7:20:7:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:15:20:15:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:27:20:27:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:31:27:31:30 | body | provenance | | +| app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | app/api/routeNextRequest.ts:4:9:4:31 | body | provenance | | +| app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | provenance | | | etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | | formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | @@ -326,6 +336,13 @@ nodes | app/api/route.ts:13:18:13:21 | body | semmle.label | body | | app/api/route.ts:25:18:25:21 | body | semmle.label | body | | app/api/route.ts:29:25:29:28 | body | semmle.label | body | +| app/api/routeNextRequest.ts:4:9:4:31 | body | semmle.label | body | +| app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | semmle.label | await req.json() | +| app/api/routeNextRequest.ts:4:22:4:31 | req.json() | semmle.label | req.json() | +| app/api/routeNextRequest.ts:7:20:7:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:15:20:15:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:27:20:27:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:31:27:31:30 | body | semmle.label | body | | etherpad.js:9:5:9:53 | response | semmle.label | response | | etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | | etherpad.js:11:12:11:19 | response | semmle.label | response | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index 8fb9524ff45a..b57d294c7a7f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -30,6 +30,10 @@ | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:7:20:7:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:15:20:15:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:27:20:27:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:31:27:31:30 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | live-server.js:6:13:6:50 | ` ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:4:21:4:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts index 758b91e1caa0..91d9f4ecb51a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts @@ -1,10 +1,10 @@ import { NextRequest, NextResponse } from 'next/server'; export async function POST(req: NextRequest) { - const body = await req.json(); // $ MISSING: Source + const body = await req.json(); // $ Source new NextResponse(body, {headers: { 'Content-Type': 'application/json' }}); - new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ MISSING: Alert + new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ Alert const headers2 = new Headers(req.headers); headers2.append('Content-Type', 'application/json'); @@ -12,7 +12,7 @@ export async function POST(req: NextRequest) { const headers3 = new Headers(req.headers); headers3.append('Content-Type', 'text/html'); - new NextResponse(body, { headers: headers3 }); // $ MISSING: Alert + new NextResponse(body, { headers: headers3 }); // $ Alert const headers4 = new Headers({ ...Object.fromEntries(req.headers), @@ -24,9 +24,9 @@ export async function POST(req: NextRequest) { ...Object.fromEntries(req.headers), 'Content-Type': 'text/html' }); - new NextResponse(body, { headers: headers5 }); // $ MISSING: Alert + new NextResponse(body, { headers: headers5 }); // $ Alert const headers = new Headers(req.headers); headers.set('Content-Type', 'text/html'); - return new NextResponse(body, { headers }); // $ MISSING: Alert + return new NextResponse(body, { headers }); // $ Alert } From 94e08e318de8d73c35ab126ee4fc437ae9dbe863 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:18:47 +0100 Subject: [PATCH 374/409] C++: Expose a few predicates from 'ExternalFlow'. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 9e335dbcbfed..456768081a11 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -465,7 +465,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { } /** Gets the fully templated version of `f`. */ -private Function getFullyTemplatedFunction(Function f) { +Function getFullyTemplatedFunction(Function f) { not f.isFromUninstantiatedTemplate(_) and ( exists(Class c, Class templateClass, int i | @@ -559,12 +559,15 @@ private string getTypeName(Type t, boolean needsSpace) { /** * Gets a type name for the `n`'th parameter of `f` without any template - * arguments. The result may be a string representing a type for which the - * typedefs have been resolved. + * arguments. + * + * If `canonical = false` then the result may be a string representing a type + * for which the typedefs have been resolved. If `canonical = true` then the + * result will be a string representing a type without resolving `typedefs`. */ bindingset[f] pragma[inline_late] -string getParameterTypeWithoutTemplateArguments(Function f, int n) { +string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canonical) { exists(string s, string base, string specifiers, Type t | t = f.getParameter(n).getType() and // The name of the string can either be the possibly typedefed name @@ -572,14 +575,19 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n) { // `getTypeName(t, _)` is almost equal to `t.resolveTypedefs().getName()`, // except that `t.resolveTypedefs()` doesn't have a result when the // resulting type doesn't appear in the database. - s = [t.getName(), getTypeName(t, _)] and + ( + s = t.getName() and canonical = true + or + s = getTypeName(t, _) and canonical = false + ) and parseAngles(s, base, _, specifiers) and result = base + specifiers ) or f.isVarargs() and n = f.getNumberOfParameters() and - result = "..." + result = "..." and + canonical = true } /** @@ -590,7 +598,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain exists(Function templateFunction | templateFunction = getFullyTemplatedFunction(f) and remaining = templateFunction.getNumberOfTemplateArguments() and - result = getParameterTypeWithoutTemplateArguments(templateFunction, n) + result = getParameterTypeWithoutTemplateArguments(templateFunction, n, _) ) or exists(string mid, TypeTemplateParameter tp, Function templateFunction | @@ -627,7 +635,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining } /** Gets the string representation of the `i`'th parameter of `c`. */ -private string getParameterTypeName(Function c, int i) { +string getParameterTypeName(Function c, int i) { result = getTypeNameWithoutClassTemplates(c, i, 0) } From 960e9900af2bacc094d64e162adfbac931e7e3b7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:20:56 +0100 Subject: [PATCH 375/409] C++: Move the 'getArgumentIndex' into the abstract 'Position' class. It is implemented in all subclasses anyway. --- .../cpp/ir/dataflow/internal/DataFlowPrivate.qll | 14 +++++++++++--- .../code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 6 +++--- .../cpp/ir/dataflow/internal/TaintTrackingUtil.qll | 4 ++-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 8a5155239304..fdfbb07f2a7c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -371,7 +371,7 @@ private class PrimaryArgumentNode extends ArgumentNode, OperandNode { PrimaryArgumentNode() { exists(CallInstruction call | op = call.getAnArgumentOperand()) } override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { - op = call.getArgumentOperand(pos.(DirectPosition).getIndex()) + op = call.getArgumentOperand(pos.(DirectPosition).getArgumentIndex()) } } @@ -410,8 +410,16 @@ class ParameterPosition = Position; class ArgumentPosition = Position; abstract class Position extends TPosition { + /** Gets a textual representation of this position. */ abstract string toString(); + /** + * Gets the argument index of this position. The qualifier of a call has + * argument index `-1`. + */ + abstract int getArgumentIndex(); + + /** Gets the indirection index of this position. */ abstract int getIndirectionIndex(); } @@ -428,7 +436,7 @@ class DirectPosition extends Position, TDirectPosition { result = index.toString() } - int getIndex() { result = index } + override int getArgumentIndex() { result = index } final override int getIndirectionIndex() { result = 0 } } @@ -445,7 +453,7 @@ class IndirectionPosition extends Position, TIndirectionPosition { else result = repeatStars(indirectionIndex) + argumentIndex.toString() } - int getArgumentIndex() { result = argumentIndex } + override int getArgumentIndex() { result = argumentIndex } final override int getIndirectionIndex() { result = indirectionIndex } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 3b6e190cc981..62ad9f02fe29 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1445,7 +1445,7 @@ private class ExplicitParameterInstructionNode extends AbstractExplicitParameter ExplicitParameterInstructionNode() { exists(instr.getParameter()) } override predicate isSourceParameterOf(Function f, ParameterPosition pos) { - f.getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter() + f.getParameter(pos.(DirectPosition).getArgumentIndex()) = instr.getParameter() } override string toStringImpl() { result = instr.getParameter().toString() } @@ -1460,7 +1460,7 @@ class ThisParameterInstructionNode extends AbstractExplicitParameterNode, ThisParameterInstructionNode() { instr.getIRVariable() instanceof IRThisVariable } override predicate isSourceParameterOf(Function f, ParameterPosition pos) { - pos.(DirectPosition).getIndex() = -1 and + pos.(DirectPosition).getArgumentIndex() = -1 and instr.getEnclosingFunction() = f } @@ -1494,7 +1494,7 @@ private class DirectBodyLessParameterNode extends AbstractExplicitParameterNode, override predicate isSourceParameterOf(Function f, ParameterPosition pos) { this.getFunction() = f and - f.getParameter(pos.(DirectPosition).getIndex()) = p + f.getParameter(pos.(DirectPosition).getArgumentIndex()) = p } override Parameter getParameter() { result = p } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index b6d332e3d4c2..83fac3ebb49a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -229,11 +229,11 @@ private module SpeculativeTaintFlow { not exists(DataFlowDispatch::viableCallable(call)) and src.(DataFlowPrivate::ArgumentNode).argumentOf(call, argpos) | - not argpos.(DirectPosition).getIndex() = -1 and + not argpos.(DirectPosition).getArgumentIndex() = -1 and sink.(PostUpdateNode) .getPreUpdateNode() .(DataFlowPrivate::ArgumentNode) - .argumentOf(call, any(DirectPosition qualpos | qualpos.getIndex() = -1)) + .argumentOf(call, any(DirectPosition qualpos | qualpos.getArgumentIndex() = -1)) or sink.(DataFlowPrivate::OutNode).getCall() = call ) From b678112f4d1d82facf6de22654e22b403994888f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:21:50 +0100 Subject: [PATCH 376/409] C++: Add a few predicates to 'ReturnKind'. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index fdfbb07f2a7c..44d7a6d725a0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -509,6 +509,15 @@ class ReturnKind extends TReturnKind { /** Gets a textual representation of this return kind. */ abstract string toString(); + + /** Holds if this `ReturnKind` is generated from a `return` statement. */ + abstract predicate isNormalReturn(); + + /** + * Holds if this `ReturnKind` is generated from a write to the parameter with + * index `argumentIndex` + */ + abstract predicate isIndirectReturn(int argumentIndex); } /** @@ -522,6 +531,10 @@ class NormalReturnKind extends ReturnKind, TNormalReturnKind { override int getIndirectionIndex() { result = indirectionIndex } override string toString() { result = "indirect return" } + + override predicate isNormalReturn() { any() } + + override predicate isIndirectReturn(int argumentIndex) { none() } } /** @@ -536,6 +549,10 @@ private class IndirectReturnKind extends ReturnKind, TIndirectReturnKind { override int getIndirectionIndex() { result = indirectionIndex } override string toString() { result = "indirect outparam[" + argumentIndex.toString() + "]" } + + override predicate isNormalReturn() { none() } + + override predicate isIndirectReturn(int argumentIndex_) { argumentIndex_ = argumentIndex } } /** A data flow node that occurs as the result of a `ReturnStmt`. */ From 3bb249f580eb28c84f6e523d9428fb0abca32ac6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:23:38 +0100 Subject: [PATCH 377/409] C++: Ensure we always have 'Position's even if there are no calls in the DB. --- .../cpp/ir/dataflow/internal/DataFlowPrivate.qll | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 44d7a6d725a0..1cf67dba1ee5 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -459,10 +459,23 @@ class IndirectionPosition extends Position, TIndirectionPosition { } newtype TPosition = - TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) } or + TDirectPosition(int argumentIndex) { + exists(any(CallInstruction c).getArgument(argumentIndex)) + or + // Handle the rare case where the is a function definition but no call to + // the function. + exists(any(Cpp::Function f).getParameter(argumentIndex)) + } or TIndirectionPosition(int argumentIndex, int indirectionIndex) { Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex), indirectionIndex) + or + // Handle the rare case where the is a function definition but no call to + // the function. + exists(Cpp::Function f, Cpp::Parameter p | + p = f.getParameter(argumentIndex) and + indirectionIndex = [1 .. Ssa::getMaxIndirectionsForType(p.getUnspecifiedType()) - 1] + ) } private newtype TReturnKind = From 4f5bdbb5174dbecf06e848493185756abf866732 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 14:37:11 +0100 Subject: [PATCH 378/409] Add new query to java-code-quality.qls.expected --- .../java/query-suite/java-code-quality.qls.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected index 6f396573aa16..2cff4a3eaa62 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -9,3 +9,4 @@ ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql From 30ce0c5cbfd3d8c8a9626bbf72cc32ce96283970 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 9 Apr 2025 21:18:58 -0700 Subject: [PATCH 379/409] Actions: Add integration tests for configured path filters Use the common structure from the existing test for default filters. Check both query output finding workflows and actions, and source archive output showing all extracted YAML files. The test for only `paths-ignore` fails in this commit, demonstrating a bug: we start with all YAML files rather than starting with the default includes. The tests for `paths` reflect current behaviour which is consistent with other languages: `paths` overrides the default inclusions, and only files under `paths` are included. This may not be the best user experience for Actions, since we want to scan all workflow and action files even in the presence of `paths`, but that is not currently addressed. --- .../actions.paths-and-paths-ignore.expected | 2 ++ .../filters/actions.paths-ignore-only.expected | 5 +++++ .../filters/actions.paths-only.expected | 2 ++ .../codeql-config.paths-and-paths-ignore.yml | 4 ++++ .../filters/codeql-config.paths-ignore-only.yml | 2 ++ .../filters/codeql-config.paths-only.yml | 2 ++ .../source_archive.paths-and-paths-ignore.expected | 3 +++ .../source_archive.paths-ignore-only.expected | 5 +++++ .../filters/source_archive.paths-only.expected | 3 +++ actions/ql/integration-tests/filters/test.py | 14 +++++++++++++- 10 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected create mode 100644 actions/ql/integration-tests/filters/actions.paths-ignore-only.expected create mode 100644 actions/ql/integration-tests/filters/actions.paths-only.expected create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-only.yml create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-only.expected diff --git a/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected b/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected new file mode 100644 index 000000000000..b521ff6b9303 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected @@ -0,0 +1,2 @@ +| src/included/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow | \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected b/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected new file mode 100644 index 000000000000..2fd8f3a05206 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected @@ -0,0 +1,5 @@ +| src/.github/action.yaml:1:1:11:32 | name: ' ... action' | +| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | +| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | +| src/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters/actions.paths-only.expected b/actions/ql/integration-tests/filters/actions.paths-only.expected new file mode 100644 index 000000000000..f90744eddb5c --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-only.expected @@ -0,0 +1,2 @@ +| src/included/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow | diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml b/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml new file mode 100644 index 000000000000..aad4e6f2af7f --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml @@ -0,0 +1,4 @@ +paths: + - 'included' +paths-ignore: + - 'excluded' diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml b/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml new file mode 100644 index 000000000000..a1664407f5bd --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml @@ -0,0 +1,2 @@ +paths-ignore: + - 'excluded' diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-only.yml b/actions/ql/integration-tests/filters/codeql-config.paths-only.yml new file mode 100644 index 000000000000..e07472255bff --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-only.yml @@ -0,0 +1,2 @@ +paths: + - 'included' diff --git a/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected b/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected new file mode 100644 index 000000000000..70fb47e93a66 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected @@ -0,0 +1,3 @@ +src/included/action.yml +src/included/not-an-action.yml +src/included/unreachable-workflow.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected b/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected new file mode 100644 index 000000000000..4abf239fa344 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected @@ -0,0 +1,5 @@ +src/.github/action.yaml +src/.github/actions/action-name/action.yml +src/.github/workflows/workflow.yml +src/action.yml +src/included/action.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/source_archive.paths-only.expected b/actions/ql/integration-tests/filters/source_archive.paths-only.expected new file mode 100644 index 000000000000..70fb47e93a66 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-only.expected @@ -0,0 +1,3 @@ +src/included/action.yml +src/included/not-an-action.yml +src/included/unreachable-workflow.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/test.py b/actions/ql/integration-tests/filters/test.py index a2abcf90b035..8ad37c16487d 100755 --- a/actions/ql/integration-tests/filters/test.py +++ b/actions/ql/integration-tests/filters/test.py @@ -3,4 +3,16 @@ @pytest.mark.ql_test(expected=".default-filters.expected") def test_default_filters(codeql, actions, check_source_archive): check_source_archive.expected_suffix = ".default-filters.expected" - codeql.database.create(source_root="src") \ No newline at end of file + codeql.database.create(source_root="src") + +@pytest.mark.ql_test(expected=".paths-only.expected") +def test_config_paths_only(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-only.yml") + +@pytest.mark.ql_test(expected=".paths-ignore-only.expected") +def test_config_paths_ignore_only(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-ignore-only.yml") + +@pytest.mark.ql_test(expected=".paths-and-paths-ignore.expected") +def test_config_paths_and_paths_ignore(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-and-paths-ignore.yml") \ No newline at end of file From 283503b06d80c6a3f5cfaac3e77d6f8f553a2aab Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Thu, 10 Apr 2025 11:07:14 -0700 Subject: [PATCH 380/409] Actions: Fix handling of paths-ignore in autobuild scripts Always concatenate the default filters with the user-provided filters. This ensures that when `paths-ignore` is provided, we begin with the default path inclusions, not all YAML files. This makes the `paths-ignore-only` integration test variant under `filters` pass. The handling of `paths` is unchanged: if provided, this overrides the default filters. --- actions/extractor/tools/autobuild-impl.ps1 | 41 +++++++++++++--------- actions/extractor/tools/autobuild.sh | 18 ++++++++-- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/actions/extractor/tools/autobuild-impl.ps1 b/actions/extractor/tools/autobuild-impl.ps1 index 5a5aa1ab53aa..e232cd3cc545 100644 --- a/actions/extractor/tools/autobuild-impl.ps1 +++ b/actions/extractor/tools/autobuild-impl.ps1 @@ -1,21 +1,28 @@ -if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) { - Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' -} else { - Write-Output 'No path filters set. Using the default filters.' - # Note: We're adding the `reusable_workflows` subdirectories to proactively - # record workflows that were called cross-repo, check them out locally, - # and enable an interprocedural analysis across the workflow files. - # These workflows follow the convention `.github/reusable_workflows//*.ya?ml` - $DefaultPathFilters = @( - 'exclude:**/*', - 'include:.github/workflows/*.yml', - 'include:.github/workflows/*.yaml', - 'include:.github/reusable_workflows/**/*.yml', - 'include:.github/reusable_workflows/**/*.yaml', - 'include:**/action.yml', - 'include:**/action.yaml' - ) +# Note: We're adding the `reusable_workflows` subdirectories to proactively +# record workflows that were called cross-repo, check them out locally, +# and enable an interprocedural analysis across the workflow files. +# These workflows follow the convention `.github/reusable_workflows//*.ya?ml` +$DefaultPathFilters = @( + 'exclude:**/*', + 'include:.github/workflows/*.yml', + 'include:.github/workflows/*.yaml', + 'include:.github/reusable_workflows/**/*.yml', + 'include:.github/reusable_workflows/**/*.yaml', + 'include:**/action.yml', + 'include:**/action.yaml' +) +if ($null -ne $env:LGTM_INDEX_FILTERS) { + Write-Output 'LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor.' + # Begin with the default path inclusions only, + # followed by the user-provided filters. + # If the user provided `paths`, those patterns override the default inclusions + # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`). + # If the user provided `paths-ignore`, those patterns are excluded. + $PathFilters = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS + $env:LGTM_INDEX_FILTERS = $PathFilters +} else { + Write-Output 'LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor.' $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n" } diff --git a/actions/extractor/tools/autobuild.sh b/actions/extractor/tools/autobuild.sh index 703154f99c9b..f2cbb7ddfa7e 100755 --- a/actions/extractor/tools/autobuild.sh +++ b/actions/extractor/tools/autobuild.sh @@ -17,10 +17,22 @@ include:**/action.yaml END ) -if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then - echo "Path filters set. Passing them through to the JavaScript extractor." +if [ -n "${LGTM_INDEX_FILTERS:-}" ]; then + echo "LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor." + # Begin with the default path inclusions only, + # followed by the user-provided filters. + # If the user provided `paths`, those patterns override the default inclusions + # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`). + # If the user provided `paths-ignore`, those patterns are excluded. + PATH_FILTERS="$(cat << END +${DEFAULT_PATH_FILTERS} +${LGTM_INDEX_FILTERS} +END +)" + LGTM_INDEX_FILTERS="${PATH_FILTERS}" + export LGTM_INDEX_FILTERS else - echo "No path filters set. Using the default filters." + echo "LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor." LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}" export LGTM_INDEX_FILTERS fi From 1ca25b2ccb7da1942d5c2c52d905e1dcc8fd8102 Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 9 Apr 2025 16:49:36 +0200 Subject: [PATCH 381/409] ruby: add test of `rb/uninitialized-local-variable` --- .../UninitializedLocal.expected | 14 ++++++ .../UninitializedLocal.qlref | 2 + .../UninitializedLocal/UninitializedLocal.rb | 46 +++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected new file mode 100644 index 000000000000..206af4ee3b4a --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -0,0 +1,14 @@ +| UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | +| UninitializedLocal.rb:17:16:17:16 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:17:7:17:7 | a | a | +| UninitializedLocal.rb:30:3:30:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:31:3:31:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:32:3:32:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:32:8:32:8 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:3:33:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:14:33:14 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:20:33:20 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:3:34:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:15:34:15 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:21:34:21 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:44:13:44:13 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | +| UninitializedLocal.rb:45:3:45:3 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref new file mode 100644 index 000000000000..e37501dffbff --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref @@ -0,0 +1,2 @@ +query: queries/variables/UninitializedLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb new file mode 100644 index 000000000000..bf591be50052 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -0,0 +1,46 @@ +def m + puts "m" +end + +def foo + m # calls m above + if false + m = 0 + m # reads local variable m + else + end + m #$ Alert + m2 # undefined local variable or method 'm2' for main (NameError) +end + +def test_guards + if (a = 3 && a) #$ Alert + a + end + if (a = 3) && a # OK - a is assigned in the previous conjunct + a + end + if !(a = 3) or a # OK - a is assigned in the previous conjunct + a + end + if false + b = 0 + end + b.nil? + b || 0 #$ SPURIOUS: Alert + b&.m #$ SPURIOUS: Alert + b if b #$ SPURIOUS: Alert + b.close if b && !b.closed #$ SPURIOUS: Alert + b.blowup if b || !b.blownup #$ Alert +end + +def test_loop + begin + if false + a = 0 + else + set_a + end + end until a #$ SPURIOUS: Alert + a #$ SPURIOUS: Alert +end \ No newline at end of file From 53c88da91ba08a10eefe832648d16db2c5eb5073 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:21:54 +0200 Subject: [PATCH 382/409] ruby: refine query for uninitialised local variables - there are places where uninitialised reads are intentional - there are also some places where they are impossible --- .../variables/UninitializedLocal.qhelp | 36 +++++++++ .../queries/variables/UninitializedLocal.ql | 63 +++++++++++++-- .../variables/examples/UninitializedLocal.rb | 14 ++++ .../UninitializedLocal.expected | 15 +--- .../UninitializedLocal/UninitializedLocal.rb | 76 ++++++++++++------- 5 files changed, 159 insertions(+), 45 deletions(-) create mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.qhelp create mode 100644 ruby/ql/src/queries/variables/examples/UninitializedLocal.rb diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp new file mode 100644 index 000000000000..d06bdc7087f0 --- /dev/null +++ b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp @@ -0,0 +1,36 @@ + + + +

    +In Ruby, raw identifiers like x can be both local variable accesses and method calls. It is a local variable access iff it is syntactically preceded by something that binds it (like an assignment). +Consider the following example: +

    + + + +

    +This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. +

    + +     + + +

    +Ensure that you check the control and data flow in the method carefully. +Check that the variable reference is spelled correctly, perhaps the variable has been renamed and the reference needs to be updated. +Another possibility is that an exception may be raised before the variable is assigned, in which case the read should be protected by a check for nil. +

    + +     + + + + +
  • Wikipedia: Dead store.
    • + + + +     + diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index df8a275431a4..5f0fb77872a8 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -5,20 +5,71 @@ * @kind problem * @problem.severity error * @id rb/uninitialized-local-variable - * @tags reliability + * @tags quality + * reliability * correctness - * @precision low + * @precision high */ import codeql.ruby.AST import codeql.ruby.dataflow.SSA +private import codeql.ruby.dataflow.internal.DataFlowPublic +import codeql.ruby.controlflow.internal.Guards as Guards +import codeql.ruby.controlflow.CfgNodes + +predicate isInBooleanContext(Expr e) { + e = any(ConditionalExpr c).getCondition() + or + e = any(ConditionalLoop l).getCondition() + or + e = any(LogicalAndExpr n).getAnOperand() + or + e = any(LogicalOrExpr n).getAnOperand() + or + e = any(NotExpr n).getOperand() +} + +predicate isGuarded(LocalVariableReadAccess read) { + exists(AstCfgNode guard, boolean branch | + Guards::guardControlsBlock(guard, read.getAControlFlowNode().getBasicBlock(), branch) + | + // guard is `var` + guard.getAstNode() = read.getVariable().getAnAccess() and + branch = true + or + // guard is `!var` + guard.getAstNode().(NotExpr).getOperand() = read.getVariable().getAnAccess() and + branch = false + or + // guard is `var.nil?` + exists(MethodCall c | guard.getAstNode() = c | + c.getReceiver() = read.getVariable().getAnAccess() and + c.getMethodName() = "nil?" + ) and + branch = false + or + // guard is `!var.nil?` + exists(MethodCall c | guard.getAstNode().(NotExpr).getOperand() = c | + c.getReceiver() = read.getVariable().getAnAccess() and + c.getMethodName() = "nil?" + ) and + branch = true + ) +} + +predicate isNilChecked(LocalVariableReadAccess read) { + exists(MethodCall c | c.getReceiver() = read | + c.getMethodName() = "nil?" + or + c.isSafeNavigation() + ) +} class RelevantLocalVariableReadAccess extends LocalVariableReadAccess { RelevantLocalVariableReadAccess() { - not exists(MethodCall c | - c.getReceiver() = this and - c.getMethodName() = "nil?" - ) + not isInBooleanContext(this) and + not isNilChecked(this) and + not isGuarded(this) } } diff --git a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb new file mode 100644 index 000000000000..f7c79410ffc3 --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb @@ -0,0 +1,14 @@ +def m + puts "m" +end + +def foo + m # calls m above + if false + m = 0 + m # reads local variable m + else + end + m # reads uninitialized local variable m, `nil` + m2 # undefined local variable or method 'm2' for main (NameError) +end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index 206af4ee3b4a..e8ab42107602 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,14 +1,3 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | -| UninitializedLocal.rb:17:16:17:16 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:17:7:17:7 | a | a | -| UninitializedLocal.rb:30:3:30:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:31:3:31:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:32:3:32:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:32:8:32:8 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:3:33:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:14:33:14 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:20:33:20 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:3:34:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:15:34:15 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:21:34:21 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:44:13:44:13 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | -| UninitializedLocal.rb:45:3:45:3 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | +| UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | +| UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index bf591be50052..6682a4bc1e03 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -14,33 +14,57 @@ def foo end def test_guards - if (a = 3 && a) #$ Alert - a - end - if (a = 3) && a # OK - a is assigned in the previous conjunct - a - end - if !(a = 3) or a # OK - a is assigned in the previous conjunct - a - end - if false - b = 0 - end - b.nil? - b || 0 #$ SPURIOUS: Alert - b&.m #$ SPURIOUS: Alert - b if b #$ SPURIOUS: Alert - b.close if b && !b.closed #$ SPURIOUS: Alert - b.blowup if b || !b.blownup #$ Alert + if (a = 3 && a) # OK - a is in a Boolean context + a + end + if (a = 3) && a # OK - a is assigned in the previous conjunct + a + end + if !(a = 3) or a # OK - a is assigned in the previous conjunct + a + end + if false + b = 0 + end + b.nil? + b || 0 # OK + b&.m # OK - safe navigation + b if b # OK + b.close if b && !b.closed # OK + b.blowup if b || !b.blownup #$ Alert + + if false + c = 0 + end + unless c + return + end + c # OK - given above unless + + if false + d = 0 + end + if (d.nil?) + return + end + d # OK - given above check + + if false + e = 0 + end + unless (!e.nil?) + return + end + e # OK - given above unless end def test_loop - begin - if false - a = 0 - else - set_a - end - end until a #$ SPURIOUS: Alert - a #$ SPURIOUS: Alert + begin + if false + a = 0 + else + set_a + end + end until a # OK + a # OK - given previous until end \ No newline at end of file From 8555e8c8c817e97218fb11ffe58c13e6e62cd334 Mon Sep 17 00:00:00 2001 From: yoff Date: Thu, 3 Apr 2025 12:12:44 +0200 Subject: [PATCH 383/409] ruby: add change notes --- .../2025-04-02-adjust-uninitialized-local-alert-message.md | 4 ++++ .../2025-04-02-adjust-uninitialized-local-metadata.md | 4 ++++ ruby/ql/src/queries/variables/UninitializedLocal.ql | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md create mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md new file mode 100644 index 000000000000..201e6e8928af --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `rb/uninitialized-local-variable` now take various guards into account and should produce fewer false positives. It also now comes with a help file. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md new file mode 100644 index 000000000000..d6c5f353a53e --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* The query `rb/uninitialized-local-variable` now only produces alerts when it can find local flow; we have adjusted the precision to 'medium'. diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 5f0fb77872a8..aa001ac9bc4d 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -8,7 +8,7 @@ * @tags quality * reliability * correctness - * @precision high + * @precision medium */ import codeql.ruby.AST From becea89a473cd891f1e3405d12213d5c5931c9c6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 08:26:48 +0200 Subject: [PATCH 384/409] Rust: refine `ql/test/setup.sh` --- rust/ql/test/setup.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 822097140bbd..1c12456107a9 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -5,13 +5,13 @@ set -euo pipefail # This script is run by the CI to set up the test environment for the Rust QL tests # We run this as rustup is not meant to be run in parallel, and will this setup will be run by rust-analyzer in the # parallel QL tests unless we do the setup prior to launching the tests. -# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust`) +# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust` last, so it becomes the +# default). +# Notice that we do not need to explicitly add the rust-std component as it's listed in ql/rust/rust-toolchain.toml. cd "$(dirname "$0")" -rustup install -rustup component add rust-src - find . -name rust-toolchain.toml \ - -execdir rustup install \; \ - -execdir rustup component add rust-src \; + -execdir rustup install \; + +rustup install From 208487f23618f3ca7249cba692537d72b18a7d14 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:39:47 +0200 Subject: [PATCH 385/409] Added `middleware` test --- .../Security/CWE-918/Request/middleware.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts new file mode 100644 index 000000000000..259e17d289dd --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -0,0 +1,12 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function middleware(req: NextRequest) { + const target = req.nextUrl // $ MISSING : Source[js/request-forgery] + if (target) { + const res = await fetch(target) // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text() + return new NextResponse(data) + } + return NextResponse.next() +} + \ No newline at end of file From 734ad2d767597c57bf71847f3db0034c5619507a Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:43:08 +0200 Subject: [PATCH 386/409] Removed legacy `Consistency` check as it is redundant now with inline test expectations. --- .../Security/CWE-918/Consistency.expected | 2 -- .../Security/CWE-918/Consistency.ql | 25 ------------------- 2 files changed, 27 deletions(-) delete mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected delete mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected deleted file mode 100644 index c2b63d9c9427..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -consistencyIssue -resultInWrongFile diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql deleted file mode 100644 index 5ae582db4915..000000000000 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql +++ /dev/null @@ -1,25 +0,0 @@ -import javascript -import semmle.javascript.security.dataflow.RequestForgeryQuery as RequestForgery -import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery as ClientSideRequestForgery -deprecated import utils.test.ConsistencyChecking - -query predicate resultInWrongFile(DataFlow::Node node) { - exists(string filePattern | - RequestForgery::RequestForgeryFlow::flowTo(node) and - filePattern = ".*serverSide.*" - or - ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(node) and - filePattern = ".*clientSide.*" - | - not node.getFile().getRelativePath().regexpMatch(filePattern) - ) -} - -deprecated class Consistency extends ConsistencyConfiguration { - Consistency() { this = "Consistency" } - - override DataFlow::Node getAnAlert() { - RequestForgery::RequestForgeryFlow::flowTo(result) or - ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(result) - } -} From 6e09a65da07fd6cbaa7b887327fa6d2935e5f086 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:43:36 +0200 Subject: [PATCH 387/409] Added support for `NextRequest` `middleware` SSRF. --- javascript/ql/lib/semmle/javascript/frameworks/Next.qll | 8 ++++++-- .../query-tests/Security/CWE-918/Request/middleware.ts | 4 ++-- .../query-tests/Security/CWE-918/RequestForgery.expected | 6 ++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 6333c9442d85..fad4f25e5f57 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -281,8 +281,12 @@ module NextJS { */ class NextAppRouteHandler extends DataFlow::FunctionNode, Http::Servers::StandardRouteHandler { NextAppRouteHandler() { - exists(Module mod | mod.getFile().getParentContainer() = apiFolder() | - this = mod.getAnExportedValue(any(Http::RequestMethodName m)).getAFunctionValue() and + exists(Module mod | + mod.getFile().getParentContainer() = apiFolder() or + mod.getFile().getBaseName() = ["middleware.ts", "middleware.js"] + | + this = + mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and ( this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") or diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index 259e17d289dd..e6bb7f8db60f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -1,9 +1,9 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { - const target = req.nextUrl // $ MISSING : Source[js/request-forgery] + const target = req.nextUrl // $ Source[js/request-forgery] if (target) { - const res = await fetch(target) // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index b8436fa6722e..cf3b225e3223 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,6 +1,7 @@ #select | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | +| Request/middleware.ts:6:25:6:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:6:31:6:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:6:31:6:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -37,6 +38,8 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | +| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:6:31:6:36 | target | provenance | | +| Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -111,6 +114,9 @@ nodes | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | semmle.label | await req.json() | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | semmle.label | req.json() | | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | +| Request/middleware.ts:4:11:4:30 | target | semmle.label | target | +| Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | +| Request/middleware.ts:6:31:6:36 | target | semmle.label | target | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From db1203acb3a1a80f528b3168e223e99af07fa369 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 08:56:35 +0200 Subject: [PATCH 388/409] Rust: reinstate adding `rust-src` for test toolchains --- rust/ql/test/setup.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 1c12456107a9..9b2d6b4f344c 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -7,11 +7,12 @@ set -euo pipefail # parallel QL tests unless we do the setup prior to launching the tests. # We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust` last, so it becomes the # default). -# Notice that we do not need to explicitly add the rust-std component as it's listed in ql/rust/rust-toolchain.toml. cd "$(dirname "$0")" find . -name rust-toolchain.toml \ - -execdir rustup install \; + -execdir rustup install \; \ + -execdir rustup component add rust-src \; +# no to install rust-src explicitly, it's listedin ql/rust/rust-toolchain.toml rustup install From 8674b61e5a886af7bd8f4d1c91cd5ed4670291ca Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:26:16 +0200 Subject: [PATCH 389/409] Added SSRF test case with `searchParams` for `NextRequest` --- .../test/query-tests/Security/CWE-918/Request/middleware.ts | 6 ++++++ .../query-tests/Security/CWE-918/RequestForgery.expected | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index e6bb7f8db60f..2e6aa2746d6a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -2,11 +2,17 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { const target = req.nextUrl // $ Source[js/request-forgery] + const target2 = target.searchParams.get('target'); // $ MISSING: Source[js/request-forgery] if (target) { const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } + if (target2) { + const res = await fetch(target2); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text(); + return new NextResponse(data); + } return NextResponse.next() } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index cf3b225e3223..387a6590fbdc 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,7 +1,7 @@ #select | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | -| Request/middleware.ts:6:25:6:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:6:31:6:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:6:31:6:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | +| Request/middleware.ts:7:25:7:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:7:31:7:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:7:31:7:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -38,7 +38,7 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | -| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:6:31:6:36 | target | provenance | | +| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:7:31:7:36 | target | provenance | | | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | @@ -116,7 +116,7 @@ nodes | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | Request/middleware.ts:4:11:4:30 | target | semmle.label | target | | Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | -| Request/middleware.ts:6:31:6:36 | target | semmle.label | target | +| Request/middleware.ts:7:31:7:36 | target | semmle.label | target | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From 678eccb417b32aa38d6b3a0426b448bc4c99612d Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:27:54 +0200 Subject: [PATCH 390/409] Added `searchParams.get` as potential source for SSRF --- .../ql/lib/semmle/javascript/frameworks/Next.qll | 12 +++++++++++- .../Security/CWE-918/Request/middleware.ts | 4 ++-- .../Security/CWE-918/RequestForgery.expected | 6 ++++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index fad4f25e5f57..2921b6c48503 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -318,7 +318,17 @@ module NextJS { ) and kind = "body" or - this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" + ( + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) + or + this = + handler + .getRequest() + .getAPropertyRead("nextUrl") + .getAPropertyRead("searchParams") + .getAMemberCall("get") + ) and + kind = "url" or this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index 2e6aa2746d6a..3db3a4bae3b4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -2,14 +2,14 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { const target = req.nextUrl // $ Source[js/request-forgery] - const target2 = target.searchParams.get('target'); // $ MISSING: Source[js/request-forgery] + const target2 = target.searchParams.get('target'); // $ Source[js/request-forgery] if (target) { const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } if (target2) { - const res = await fetch(target2); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const res = await fetch(target2); // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text(); return new NextResponse(data); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 387a6590fbdc..b3d3055cd868 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -2,6 +2,7 @@ | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | | Request/middleware.ts:7:25:7:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:7:31:7:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:7:31:7:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | +| Request/middleware.ts:12:27:12:40 | fetch(target2) | Request/middleware.ts:5:21:5:53 | target. ... arget') | Request/middleware.ts:12:33:12:39 | target2 | The $@ of this request depends on a $@. | Request/middleware.ts:12:33:12:39 | target2 | URL | Request/middleware.ts:5:21:5:53 | target. ... arget') | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -40,6 +41,8 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | | Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:7:31:7:36 | target | provenance | | | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | +| Request/middleware.ts:5:11:5:53 | target2 | Request/middleware.ts:12:33:12:39 | target2 | provenance | | +| Request/middleware.ts:5:21:5:53 | target. ... arget') | Request/middleware.ts:5:11:5:53 | target2 | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -116,7 +119,10 @@ nodes | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | Request/middleware.ts:4:11:4:30 | target | semmle.label | target | | Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | +| Request/middleware.ts:5:11:5:53 | target2 | semmle.label | target2 | +| Request/middleware.ts:5:21:5:53 | target. ... arget') | semmle.label | target. ... arget') | | Request/middleware.ts:7:31:7:36 | target | semmle.label | target | +| Request/middleware.ts:12:33:12:39 | target2 | semmle.label | target2 | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From 2c4b3527b4bee7f97b071614d97b6a544911c5a6 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:38:23 +0200 Subject: [PATCH 391/409] Added change note --- javascript/ql/lib/change-notes/2025-04-11-nextrequest.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-11-nextrequest.md diff --git a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md new file mode 100644 index 000000000000..9db5c34e51b2 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. From 85940484ab91edf97eca320b927bb017cf384ada Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 11 Apr 2025 09:57:50 +0200 Subject: [PATCH 392/409] Update rust/ql/test/setup.sh --- rust/ql/test/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 9b2d6b4f344c..f087e7bc32bf 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -14,5 +14,5 @@ find . -name rust-toolchain.toml \ -execdir rustup install \; \ -execdir rustup component add rust-src \; -# no to install rust-src explicitly, it's listedin ql/rust/rust-toolchain.toml +# no to install rust-src explicitly, it's listed in ql/rust/rust-toolchain.toml rustup install From e3f1720f9c532d4afd24cb8de2beb5f173b890c1 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 10:04:09 +0200 Subject: [PATCH 393/409] Renamed`DecodeLike` to `Decode` and updated `propagatesFlow` --- .../javascript/internal/flow_summaries/Decoders.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll index 7e75d6482c5c..2866c8926087 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -13,16 +13,16 @@ private class TextDecoderEntryPoint extends API::EntryPoint { pragma[nomagic] API::Node textDecoderConstructorRef() { result = any(TextDecoderEntryPoint e).getANode() } -class DecodeLike extends SummarizedCallable { - DecodeLike() { this = "TextDecoder#decode" } +class Decode extends SummarizedCallable { + Decode() { this = "TextDecoder#decode" } override InstanceCall getACall() { result = textDecoderConstructorRef().getInstance().getMember("decode").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and - input = "Argument[0]" and + preservesValue = false and + input = "Argument[0].ArrayElement" and output = "ReturnValue" } } From f675a143d6f62140318b299c4eecd33fa7f0a290 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 10:48:41 +0200 Subject: [PATCH 394/409] ruby: remove redundant cases The CFG handles the negation --- ruby/ql/src/queries/variables/UninitializedLocal.ql | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index aa001ac9bc4d..1633e20bee01 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -37,23 +37,12 @@ predicate isGuarded(LocalVariableReadAccess read) { guard.getAstNode() = read.getVariable().getAnAccess() and branch = true or - // guard is `!var` - guard.getAstNode().(NotExpr).getOperand() = read.getVariable().getAnAccess() and - branch = false - or // guard is `var.nil?` exists(MethodCall c | guard.getAstNode() = c | c.getReceiver() = read.getVariable().getAnAccess() and c.getMethodName() = "nil?" ) and branch = false - or - // guard is `!var.nil?` - exists(MethodCall c | guard.getAstNode().(NotExpr).getOperand() = c | - c.getReceiver() = read.getVariable().getAnAccess() and - c.getMethodName() = "nil?" - ) and - branch = true ) } From 4167e960580bc9692734451e202143d10ea85722 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 11:00:22 +0200 Subject: [PATCH 395/409] ruby: more complete impleemntation of `isInBooleanContext` Co-authored-by: Tom Hvitved --- .../queries/variables/UninitializedLocal.ql | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 1633e20bee01..93e5c9b3adb3 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -17,19 +17,37 @@ private import codeql.ruby.dataflow.internal.DataFlowPublic import codeql.ruby.controlflow.internal.Guards as Guards import codeql.ruby.controlflow.CfgNodes -predicate isInBooleanContext(Expr e) { - e = any(ConditionalExpr c).getCondition() +private predicate isInBooleanContext(AstNode n) { + exists(ConditionalExpr i | + n = i.getCondition() + or + isInBooleanContext(i) and + n = i.getBranch(_) + ) + or + n = any(ConditionalLoop parent).getCondition() + or + n = any(InClause parent).getCondition() or - e = any(ConditionalLoop l).getCondition() + n = any(LogicalAndExpr op).getAnOperand() or - e = any(LogicalAndExpr n).getAnOperand() + n = any(LogicalOrExpr op).getAnOperand() or - e = any(LogicalOrExpr n).getAnOperand() + n = any(NotExpr op).getOperand() or - e = any(NotExpr n).getOperand() + n = any(StmtSequence parent | isInBooleanContext(parent)).getLastStmt() + or + exists(CaseExpr c, WhenClause w | + not exists(c.getValue()) and + c.getABranch() = w + | + w.getPattern(_) = n + or + w = n + ) } -predicate isGuarded(LocalVariableReadAccess read) { +private predicate isGuarded(LocalVariableReadAccess read) { exists(AstCfgNode guard, boolean branch | Guards::guardControlsBlock(guard, read.getAControlFlowNode().getBasicBlock(), branch) | @@ -46,7 +64,7 @@ predicate isGuarded(LocalVariableReadAccess read) { ) } -predicate isNilChecked(LocalVariableReadAccess read) { +private predicate isNilChecked(LocalVariableReadAccess read) { exists(MethodCall c | c.getReceiver() = read | c.getMethodName() = "nil?" or From d0dcf897cb82b4f44ccfd3edebeb048346b551cc Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 11 Apr 2025 11:04:08 +0200 Subject: [PATCH 396/409] Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll Co-authored-by: Asger F --- .../lib/semmle/javascript/internal/flow_summaries/Strings.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll index 8c8ab1ac4acf..d18e21819653 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -108,7 +108,7 @@ class StringFromCharCode extends SummarizedCallable { } override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and + preservesValue = false and ( input = "Argument[0..]" and output = "ReturnValue" From 92e4f112c01256d7bde118ce3e30c4a7b4b7e418 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 11 Apr 2025 11:08:40 +0200 Subject: [PATCH 397/409] Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll Co-authored-by: Asger F --- javascript/ql/lib/semmle/javascript/frameworks/Next.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 2921b6c48503..b31da84a3419 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -283,7 +283,7 @@ module NextJS { NextAppRouteHandler() { exists(Module mod | mod.getFile().getParentContainer() = apiFolder() or - mod.getFile().getBaseName() = ["middleware.ts", "middleware.js"] + mod.getFile().getStem() = "middleware" | this = mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and From 11abbf8c4ae5267a17d3b4692c991a5a316c971d Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 11:19:12 +0200 Subject: [PATCH 398/409] Now `nextUrl` is of type `parameter` and loosen the restriction for `NextAppRouteHandler` --- .../lib/semmle/javascript/frameworks/Next.qll | 26 +++++++------------ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index b31da84a3419..551d325f26af 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -286,12 +286,7 @@ module NextJS { mod.getFile().getStem() = "middleware" | this = - mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and - ( - this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") - or - this.getParameter(0).hasUnderlyingType("Request") - ) + mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() ) } @@ -318,18 +313,17 @@ module NextJS { ) and kind = "body" or - ( - this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) - or - this = - handler - .getRequest() - .getAPropertyRead("nextUrl") - .getAPropertyRead("searchParams") - .getAMemberCall("get") - ) and + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" or + this = + handler + .getRequest() + .getAPropertyRead("nextUrl") + .getAPropertyRead("searchParams") + .getAMemberCall("get") and + kind = "parameter" + or this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" } From 6e2cfab7b226e0c845ee36eb1deb31215000b4ce Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 12:46:25 +0200 Subject: [PATCH 399/409] ruby: add test for `for` found during triage --- .../UninitializedLocal/UninitializedLocal.expected | 2 ++ .../variables/UninitializedLocal/UninitializedLocal.rb | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index e8ab42107602..5d0cdddf964f 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,3 +1,5 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | | UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | | UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | +| UninitializedLocal.rb:73:9:73:9 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | +| UninitializedLocal.rb:76:5:76:5 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 6682a4bc1e03..9761baac1da2 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -67,4 +67,11 @@ def test_loop end end until a # OK a # OK - given previous until +end + +def test_for + for i in 0..10 #$ SPURIOUS: Alert + i + end + i #$ SPURIOUS: Alert end \ No newline at end of file From b641d5f177637cf4ac6cfbca3a97fb934a7cb5c4 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 13:22:42 +0200 Subject: [PATCH 400/409] ruby: fix FP --- ruby/ql/src/queries/variables/UninitializedLocal.ql | 5 +++-- .../variables/UninitializedLocal/UninitializedLocal.expected | 1 - .../variables/UninitializedLocal/UninitializedLocal.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 93e5c9b3adb3..0e819cf8a902 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -13,9 +13,9 @@ import codeql.ruby.AST import codeql.ruby.dataflow.SSA -private import codeql.ruby.dataflow.internal.DataFlowPublic import codeql.ruby.controlflow.internal.Guards as Guards import codeql.ruby.controlflow.CfgNodes +import codeql.ruby.ast.internal.Variable private predicate isInBooleanContext(AstNode n) { exists(ConditionalExpr i | @@ -72,7 +72,8 @@ private predicate isNilChecked(LocalVariableReadAccess read) { ) } -class RelevantLocalVariableReadAccess extends LocalVariableReadAccess { +class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof TVariableAccessReal +{ RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index 5d0cdddf964f..174d0d348a2a 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,5 +1,4 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | | UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | | UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | -| UninitializedLocal.rb:73:9:73:9 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | | UninitializedLocal.rb:76:5:76:5 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 9761baac1da2..9f4dc720ed08 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -70,7 +70,7 @@ def test_loop end def test_for - for i in 0..10 #$ SPURIOUS: Alert + for i in 0..10 # OK - since 0..10 cannot raise i end i #$ SPURIOUS: Alert From bfc494c0e1d08da309bf0c6872b677531ab409b1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 11 Apr 2025 12:43:51 +0100 Subject: [PATCH 401/409] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 1cf67dba1ee5..6c096d098cd0 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -462,7 +462,7 @@ newtype TPosition = TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) or - // Handle the rare case where the is a function definition but no call to + // Handle the rare case where there is a function definition but no call to // the function. exists(any(Cpp::Function f).getParameter(argumentIndex)) } or From deef95d3847c899e20deb9cb80794966860f06b6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 11 Apr 2025 12:43:59 +0100 Subject: [PATCH 402/409] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 6c096d098cd0..c5024d07dcb4 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -470,7 +470,7 @@ newtype TPosition = Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex), indirectionIndex) or - // Handle the rare case where the is a function definition but no call to + // Handle the rare case where there is a function definition but no call to // the function. exists(Cpp::Function f, Cpp::Parameter p | p = f.getParameter(argumentIndex) and From 2477233508ef3db2671182f45cf699ec4097dae3 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 15:01:57 +0200 Subject: [PATCH 403/409] ruby: only report on method calls Interviewing a Ruby developer, I learned that dealing with nil is common practice. So alerts are mostly useful, if we can point to a place where this has gone wrong. --- .../variables/UninitializedLocal.qhelp | 9 ++-- .../queries/variables/UninitializedLocal.ql | 3 +- .../variables/examples/UninitializedLocal.rb | 4 +- .../UninitializedLocal/UninitializedLocal.rb | 42 +++++++++---------- 4 files changed, 30 insertions(+), 28 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp index d06bdc7087f0..078775e803fc 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp +++ b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp @@ -12,6 +12,8 @@ Consider the following example:

    This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. +In fact, the last access to m is a method call, and the value of the local variable is nil, +so this will raise a NoMethodError.

    @@ -19,8 +21,7 @@ This will generate an alert on the last access to m, where it is no

    Ensure that you check the control and data flow in the method carefully. -Check that the variable reference is spelled correctly, perhaps the variable has been renamed and the reference needs to be updated. -Another possibility is that an exception may be raised before the variable is assigned, in which case the read should be protected by a check for nil. +Add a check for nil before the read, or rewrite the code to ensure that the variable is always initialized before being read.

    @@ -28,8 +29,8 @@ Another possibility is that an exception may be raised before the variable is as -
  • Wikipedia: Dead store.
    • - +
  • https://www.rubyguides.com/: Nil.
    • +
  • https://ruby-doc.org/: NoMethodError.
    •  diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 0e819cf8a902..1cd496c86bec 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -77,7 +77,8 @@ class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and - not isGuarded(this) + not isGuarded(this) and + this = any(MethodCall m).getReceiver() } } diff --git a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb index f7c79410ffc3..56172f4df706 100644 --- a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb +++ b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb @@ -5,10 +5,10 @@ def m def foo m # calls m above if false - m = 0 + m = "0" m # reads local variable m else end - m # reads uninitialized local variable m, `nil` + m.strip # reads uninitialized local variable m, `nil`, and crashes m2 # undefined local variable or method 'm2' for main (NameError) end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 9f4dc720ed08..7c82c8bf69e0 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -5,57 +5,57 @@ def m def foo m # calls m above if false - m = 0 + m = "0" m # reads local variable m else end - m #$ Alert + m.strip #$ Alert m2 # undefined local variable or method 'm2' for main (NameError) end def test_guards - if (a = 3 && a) # OK - a is in a Boolean context - a + if (a = "3" && a) # OK - a is in a Boolean context + a.strip end - if (a = 3) && a # OK - a is assigned in the previous conjunct - a + if (a = "3") && a # OK - a is assigned in the previous conjunct + a.strip end - if !(a = 3) or a # OK - a is assigned in the previous conjunct - a + if !(a = "3") or a # OK - a is assigned in the previous conjunct + a.strip end if false - b = 0 + b = "0" end b.nil? b || 0 # OK - b&.m # OK - safe navigation - b if b # OK + b&.strip # OK - safe navigation + b.strip if b # OK b.close if b && !b.closed # OK b.blowup if b || !b.blownup #$ Alert if false - c = 0 + c = "0" end unless c return end - c # OK - given above unless + c.strip # OK - given above unless if false - d = 0 + d = "0" end if (d.nil?) return end - d # OK - given above check + d.strip # OK - given above check if false - e = 0 + e = "0" end unless (!e.nil?) return end - e # OK - given above unless + e.strip # OK - given above unless end def test_loop @@ -66,12 +66,12 @@ def test_loop set_a end end until a # OK - a # OK - given previous until + a.strip # OK - given previous until end def test_for - for i in 0..10 # OK - since 0..10 cannot raise - i + for i in ["foo", "bar"] # OK - since 0..10 cannot raise + puts i.strip end - i #$ SPURIOUS: Alert + i.strip #$ SPURIOUS: Alert end \ No newline at end of file From 6a76a40cf4385d2cd1b163a918cc16d795bc6c06 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 16:18:03 +0200 Subject: [PATCH 404/409] ruby: adjust change notes --- .../2025-04-02-adjust-uninitialized-local-alert-message.md | 4 ++-- .../2025-04-02-adjust-uninitialized-local-metadata.md | 2 +- ruby/ql/src/queries/variables/UninitializedLocal.ql | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md index 201e6e8928af..87b92ee51ce3 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md @@ -1,4 +1,4 @@ --- -category: minorAnalysis +category: majorAnalysis --- -* The query `rb/uninitialized-local-variable` now take various guards into account and should produce fewer false positives. It also now comes with a help file. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md index d6c5f353a53e..61c223981d57 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md @@ -1,4 +1,4 @@ --- category: queryMetadata --- -* The query `rb/uninitialized-local-variable` now only produces alerts when it can find local flow; we have adjusted the precision to 'medium'. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call; we have adjusted the precision to 'high'. diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 1cd496c86bec..c5b4fa18d62f 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -8,7 +8,7 @@ * @tags quality * reliability * correctness - * @precision medium + * @precision high */ import codeql.ruby.AST From eb0f8e9572cca851f296c9b5cc427a10a4fe18b1 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 16:27:21 +0200 Subject: [PATCH 405/409] ruby: add `rb/uninitialized-local-variable` to quality suite --- ruby/ql/src/codeql-suites/ruby-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/codeql-suites/ruby-code-quality.qls b/ruby/ql/src/codeql-suites/ruby-code-quality.qls index 33be91082d09..2111c6979ef9 100644 --- a/ruby/ql/src/codeql-suites/ruby-code-quality.qls +++ b/ruby/ql/src/codeql-suites/ruby-code-quality.qls @@ -2,4 +2,5 @@ - include: id: - rb/database-query-in-loop - - rb/useless-assignment-to-local \ No newline at end of file + - rb/useless-assignment-to-local + - rb/uninitialized-local-variable \ No newline at end of file From b988be8ff62ca0cfb544e557fae889c65d41ab98 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 21:29:01 +0200 Subject: [PATCH 406/409] ruby: improve help file This has improved autofixes I hope it also helps humans --- .../queries/variables/UninitializedLocal.md | 41 +++++++++++++++++++ .../variables/UninitializedLocal.qhelp | 37 ----------------- .../queries/variables/UninitializedLocal.ql | 13 +++++- 3 files changed, 53 insertions(+), 38 deletions(-) create mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.md delete mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.qhelp diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.md b/ruby/ql/src/queries/variables/UninitializedLocal.md new file mode 100644 index 000000000000..c99b24b11013 --- /dev/null +++ b/ruby/ql/src/queries/variables/UninitializedLocal.md @@ -0,0 +1,41 @@ +# Method call on `nil` + +## Description +In Ruby, it is not necessary to explicitly initialize variables. +If a local variable has not been explicitly initialized, it will have the value `nil`. If this happens unintended, though, the variable will not represent an object with the expected methods, and a method call on the variable will raise a `NoMethodError`. + +## Recommendation + +Ensure that the variable cannot be `nil` at the point hightligted by the alert. +This can be achieved by using a safe navigation or adding a check for `nil`. + +Note: You do not need to explicitly initialize the variable, if you can make the program deal with the possible `nil` value. In particular, initializing the variable to `nil` will have no effect, as this is already the value of the variable. If `nil` is the only possibly default value, you need to handle the `nil` value instead of initializing the variable. + +## Examples + +In the following code, the call to `create_file` may fail and then the call `f.close` will raise a `NoMethodError` since `f` will be `nil` at that point. + +```ruby +def dump(x) + f = create_file + f.puts(x) +ensure + f.close +end +``` + +We can fix this by using safe navigation: +```ruby +def dump(x) + f = create_file + f.puts(x) +ensure + f&.close +end +``` + +## References + +- https://www.rubyguides.com/: [Nil](https://www.rubyguides.com/2018/01/ruby-nil/) +- https://ruby-doc.org/: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html) + diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp deleted file mode 100644 index 078775e803fc..000000000000 --- a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp +++ /dev/null @@ -1,37 +0,0 @@ - - - -

    -In Ruby, raw identifiers like x can be both local variable accesses and method calls. It is a local variable access iff it is syntactically preceded by something that binds it (like an assignment). -Consider the following example: -

    - - - -

    -This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. -In fact, the last access to m is a method call, and the value of the local variable is nil, -so this will raise a NoMethodError. -

    - -     - - -

    -Ensure that you check the control and data flow in the method carefully. -Add a check for nil before the read, or rewrite the code to ensure that the variable is always initialized before being read. -

    - -     - - - - -
  • https://www.rubyguides.com/: Nil.
    • -
  • https://ruby-doc.org/: NoMethodError.
    • - - -     -     diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index c5b4fa18d62f..2f5a4b875aa1 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -72,13 +72,24 @@ private predicate isNilChecked(LocalVariableReadAccess read) { ) } +/** + * Holds if `name` is the name of a method defined on `nil`. + * See https://ruby-doc.org/core-2.5.8/NilClass.html + */ +private predicate isNilMethodName(string name) { + name in [ + "inspect", "instance_of?", "is_a?", "kind_of?", "method", "nil?", "rationalize", "to_a", + "to_c", "to_f", "to_h", "to_i", "to_r", "to_s" + ] +} + class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof TVariableAccessReal { RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and not isGuarded(this) and - this = any(MethodCall m).getReceiver() + this = any(MethodCall m | not isNilMethodName(m.getMethodName())).getReceiver() } } From 7517272d34dcd965ba31c75eca363d87d38aabf4 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 23:01:15 +0200 Subject: [PATCH 407/409] ruby: remove repetitive change note --- .../2025-04-02-adjust-uninitialized-local-metadata.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md deleted file mode 100644 index 61c223981d57..000000000000 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call; we have adjusted the precision to 'high'. From b961c5961da1158d79db48da7f1248d8ea11b10b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 14 Apr 2025 09:53:06 +0000 Subject: [PATCH 408/409] Release preparation for version 2.21.1 --- actions/ql/lib/CHANGELOG.md | 4 ++++ actions/ql/lib/change-notes/released/0.4.7.md | 3 +++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 6 ++++++ .../0.5.4.md} | 9 +++++---- actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 7 +++++++ .../4.2.0.md} | 7 ++++--- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.3.8.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.7.38.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.7.38.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 7 +++++++ ...3-08-blazor-parameter-passing-string-literal.md | 4 ---- .../5.1.4.md} | 8 +++++--- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 7 +++++++ .../src/change-notes/2025-03-26-dotnet-models.md | 4 ---- .../1.1.1.md} | 8 +++++--- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.21.md | 3 +++ go/ql/consistency-queries/codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 ++++++ .../4.2.3.md} | 7 ++++--- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.1.12.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 7 +++++++ .../change-notes/2025-04-01-jakarta-persistence.md | 4 ---- .../7.1.3.md} | 8 +++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.4.1.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 14 ++++++++++++++ .../ql/lib/change-notes/2025-04-02-mkdirp.md | 4 ---- .../ql/lib/change-notes/2025-04-02-rimraf.md | 4 ---- .../ql/lib/change-notes/2025-04-07-open-package.md | 4 ---- .../ql/lib/change-notes/2025-04-07-typed-arrays.md | 4 ---- .../ql/lib/change-notes/2025-04-07-websocket.md | 5 ----- .../ql/lib/change-notes/2025-04-09-make-dir.md | 4 ---- .../ql/lib/change-notes/2025-04-11-nextrequest.md | 5 ----- javascript/ql/lib/change-notes/released/2.6.1.md | 13 +++++++++++++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 11 +++++++++++ ...2025-04-02-name-resolution-independent-fixes.md | 4 ---- .../ql/src/change-notes/2025-04-09-web-response.md | 4 ---- .../2025-04-10-json-array-trailing-comma.md | 4 ---- javascript/ql/src/change-notes/released/1.5.3.md | 10 ++++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/1.0.21.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 4 ++++ python/ql/lib/change-notes/released/4.0.5.md | 3 +++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 ++++++ .../1.4.7.md} | 6 +++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 ++++++ .../4.1.4.md} | 7 ++++--- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 7 +++++++ .../change-notes/2025-04-04-refine-deadstore.md | 4 ---- .../1.2.0.md} | 8 +++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 4 ++++ rust/ql/lib/change-notes/released/0.1.6.md | 3 +++ rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 4 ++++ rust/ql/src/change-notes/released/0.1.6.md | 3 +++ rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/2.0.5.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ shared/dataflow/change-notes/released/2.0.5.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.21.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../rangeanalysis/change-notes/released/1.0.21.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.21.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 6 ++++++ .../1.1.0.md} | 7 ++++--- shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../threat-models/change-notes/released/1.0.21.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/1.0.21.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ shared/typeflow/change-notes/released/1.0.21.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../typeinference/change-notes/released/0.0.2.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ shared/typetracking/change-notes/released/2.0.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.21.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.8.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.21.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.21.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 4 ++++ swift/ql/lib/change-notes/released/4.1.4.md | 3 +++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.1.1.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 170 files changed, 424 insertions(+), 167 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.7.md rename actions/ql/src/change-notes/{2025-02-04-suggest-actions-permissions.md => released/0.5.4.md} (83%) rename cpp/ql/lib/change-notes/{2025-03-31-calling-convention.md => released/4.2.0.md} (91%) create mode 100644 cpp/ql/src/change-notes/released/1.3.8.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md delete mode 100644 csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md rename csharp/ql/lib/change-notes/{2025-03-21-string-interpolation.md => released/5.1.4.md} (56%) delete mode 100644 csharp/ql/src/change-notes/2025-03-26-dotnet-models.md rename csharp/ql/src/change-notes/{2025-04-02-simple-type-enum.md => released/1.1.1.md} (57%) create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.21.md rename go/ql/lib/change-notes/{2025-03-27-database-local-source-models.md => released/4.2.3.md} (76%) create mode 100644 go/ql/src/change-notes/released/1.1.12.md delete mode 100644 java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md rename java/ql/lib/change-notes/{2025-04-09-enum-type-exclusion.md => released/7.1.3.md} (56%) create mode 100644 java/ql/src/change-notes/released/1.4.1.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-02-mkdirp.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-02-rimraf.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-open-package.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-websocket.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-09-make-dir.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-11-nextrequest.md create mode 100644 javascript/ql/lib/change-notes/released/2.6.1.md delete mode 100644 javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md delete mode 100644 javascript/ql/src/change-notes/2025-04-09-web-response.md delete mode 100644 javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md create mode 100644 javascript/ql/src/change-notes/released/1.5.3.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.21.md create mode 100644 python/ql/lib/change-notes/released/4.0.5.md rename python/ql/src/change-notes/{2025-03-27-modernize-mixed-tuple-returns-query.md => released/1.4.7.md} (79%) rename ruby/ql/lib/change-notes/{2025-04-07-implicit-super-args.md => released/4.1.4.md} (80%) delete mode 100644 ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md rename ruby/ql/src/change-notes/{2025-04-02-adjust-uninitialized-local-alert-message.md => released/1.2.0.md} (54%) create mode 100644 rust/ql/lib/change-notes/released/0.1.6.md create mode 100644 rust/ql/src/change-notes/released/0.1.6.md create mode 100644 shared/controlflow/change-notes/released/2.0.5.md create mode 100644 shared/dataflow/change-notes/released/2.0.5.md create mode 100644 shared/mad/change-notes/released/1.0.21.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.21.md create mode 100644 shared/regex/change-notes/released/1.0.21.md rename shared/ssa/change-notes/{2025-04-03-definitionext-deprecation.md => released/1.1.0.md} (91%) create mode 100644 shared/threat-models/change-notes/released/1.0.21.md create mode 100644 shared/tutorial/change-notes/released/1.0.21.md create mode 100644 shared/typeflow/change-notes/released/1.0.21.md create mode 100644 shared/typeinference/change-notes/released/0.0.2.md create mode 100644 shared/typetracking/change-notes/released/2.0.5.md create mode 100644 shared/typos/change-notes/released/1.0.21.md create mode 100644 shared/util/change-notes/released/2.0.8.md create mode 100644 shared/xml/change-notes/released/1.0.21.md create mode 100644 shared/yaml/change-notes/released/1.0.21.md create mode 100644 swift/ql/lib/change-notes/released/4.1.4.md create mode 100644 swift/ql/src/change-notes/released/1.1.1.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 6b69ddec1aa0..dff1b84f1ada 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.7 + +No user-facing changes. + ## 0.4.6 ### Bug Fixes diff --git a/actions/ql/lib/change-notes/released/0.4.7.md b/actions/ql/lib/change-notes/released/0.4.7.md new file mode 100644 index 000000000000..e9bb7a76bcb1 --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.7.md @@ -0,0 +1,3 @@ +## 0.4.7 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 2b842473675e..c5db8c0b276c 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.6 +lastReleaseVersion: 0.4.7 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index aecd3607345d..361f8bf995d3 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.7-dev +version: 0.4.7 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index c2b0d353f185..4d8755d009ea 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.5.4 + +### Bug Fixes + +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. + ## 0.5.3 ### Bug Fixes diff --git a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md b/actions/ql/src/change-notes/released/0.5.4.md similarity index 83% rename from actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md rename to actions/ql/src/change-notes/released/0.5.4.md index c775b70274fb..d34090f9955c 100644 --- a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md +++ b/actions/ql/src/change-notes/released/0.5.4.md @@ -1,4 +1,5 @@ ---- -category: fix ---- -* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. \ No newline at end of file +## 0.5.4 + +### Bug Fixes + +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 2164e038a5d1..cd3f72e25138 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.3 +lastReleaseVersion: 0.5.4 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index f6eb8be1138c..6e59f29dd11f 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.5.4-dev +version: 0.5.4 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e958516a5a43..12e0280ec55e 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 4.2.0 + +### New Features + +* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. +* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. + ## 4.1.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md b/cpp/ql/lib/change-notes/released/4.2.0.md similarity index 91% rename from cpp/ql/lib/change-notes/2025-03-31-calling-convention.md rename to cpp/ql/lib/change-notes/released/4.2.0.md index 12d9547eb035..00f9dee720df 100644 --- a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md +++ b/cpp/ql/lib/change-notes/released/4.2.0.md @@ -1,5 +1,6 @@ ---- -category: feature ---- +## 4.2.0 + +### New Features + * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index d5b1bf88d10e..9fc6933b429f 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.0 +lastReleaseVersion: 4.2.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 5ee964c4b50f..6ce41fd3e93f 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 4.1.1-dev +version: 4.2.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index ab79d5cb46ef..300c4ce90644 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.8 + +No user-facing changes. + ## 1.3.7 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/released/1.3.8.md b/cpp/ql/src/change-notes/released/1.3.8.md new file mode 100644 index 000000000000..c7f5b27e47ec --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.3.8.md @@ -0,0 +1,3 @@ +## 1.3.8 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2f4b67be43f7..898725a6deb4 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.7 +lastReleaseVersion: 1.3.8 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 67293337da94..b6f5c9ad6426 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.8-dev +version: 1.3.8 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 38009248e963..1edcbdb24a9c 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.38 + +No user-facing changes. + ## 1.7.37 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md new file mode 100644 index 000000000000..a72e85a7f2da --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md @@ -0,0 +1,3 @@ +## 1.7.38 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 4d975f78ff6e..a51e8a3b31ec 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.37 +lastReleaseVersion: 1.7.38 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index eefe4e2fe57c..fbd64509040a 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.38-dev +version: 1.7.38 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 38009248e963..1edcbdb24a9c 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.38 + +No user-facing changes. + ## 1.7.37 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md new file mode 100644 index 000000000000..a72e85a7f2da --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md @@ -0,0 +1,3 @@ +## 1.7.38 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 4d975f78ff6e..a51e8a3b31ec 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.37 +lastReleaseVersion: 1.7.38 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a03f987c8c79..179247e4ef51 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.38-dev +version: 1.7.38 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 9b5f38e0ca51..a048eceacd56 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 5.1.4 + +### Minor Analysis Improvements + +* The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. + ## 5.1.3 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md deleted file mode 100644 index 66ebd26f653d..000000000000 --- a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md b/csharp/ql/lib/change-notes/released/5.1.4.md similarity index 56% rename from csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md rename to csharp/ql/lib/change-notes/released/5.1.4.md index 3507d35b5135..f99e1c2ca61f 100644 --- a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md +++ b/csharp/ql/lib/change-notes/released/5.1.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 5.1.4 + +### Minor Analysis Improvements + * The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 8ffbc76d58a0..bdf3511eb7af 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.3 +lastReleaseVersion: 5.1.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 647655511ea1..9d39196e6f6b 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.1.4-dev +version: 5.1.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 125e61622531..7b5bee182988 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. + ## 1.1.0 ### New Queries diff --git a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md deleted file mode 100644 index 3986145c5af0..000000000000 --- a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. diff --git a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md b/csharp/ql/src/change-notes/released/1.1.1.md similarity index 57% rename from csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md rename to csharp/ql/src/change-notes/released/1.1.1.md index ac93bd31b3e9..34d5e39c2443 100644 --- a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md +++ b/csharp/ql/src/change-notes/released/1.1.1.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 1.1.1 + +### Minor Analysis Improvements + * Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d6f04fe65759..f87c44597d33 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.1.1-dev +version: 1.1.1 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index b20db0162311..4ede7cf63b21 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.21.md b/go/ql/consistency-queries/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 78d52739d9ed..8cba3ce7a4f4 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.21-dev +version: 1.0.21 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 27ad374e3747..9193892f389c 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.2.3 + +### Minor Analysis Improvements + +* Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. + ## 4.2.2 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md b/go/ql/lib/change-notes/released/4.2.3.md similarity index 76% rename from go/ql/lib/change-notes/2025-03-27-database-local-source-models.md rename to go/ql/lib/change-notes/released/4.2.3.md index 95f08d00b9ca..e85de0badf85 100644 --- a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md +++ b/go/ql/lib/change-notes/released/4.2.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 4.2.3 + +### Minor Analysis Improvements + * Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 18bc07709932..5bf06624029f 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.2.2 +lastReleaseVersion: 4.2.3 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 34ba33332a27..4306f3f8b436 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.2.3-dev +version: 4.2.3 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index ff91b3d9ce83..46bb7c9055ff 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.12 + +No user-facing changes. + ## 1.1.11 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/released/1.1.12.md b/go/ql/src/change-notes/released/1.1.12.md new file mode 100644 index 000000000000..2d7f915e29b4 --- /dev/null +++ b/go/ql/src/change-notes/released/1.1.12.md @@ -0,0 +1,3 @@ +## 1.1.12 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 121f8cf035d3..f5b135d01938 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.11 +lastReleaseVersion: 1.1.12 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 3e3b248716d6..0804625f085e 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.12-dev +version: 1.1.12 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 4e5f40cbc844..8061e31bc38b 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 7.1.3 + +### Minor Analysis Improvements + +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. + ## 7.1.2 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md deleted file mode 100644 index 0a5759ec3dbc..000000000000 --- a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/released/7.1.3.md similarity index 56% rename from java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md rename to java/ql/lib/change-notes/released/7.1.3.md index 9b120e84ff7b..7ae2a7da4a70 100644 --- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md +++ b/java/ql/lib/change-notes/released/7.1.3.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 7.1.3 + +### Minor Analysis Improvements + * Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 547681cc4408..8c4f0b314335 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.2 +lastReleaseVersion: 7.1.3 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 1037ae7708a2..d1e431b431d5 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.1.3-dev +version: 7.1.3 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index d27571c724db..b81d3ca7bf9e 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.1 + +No user-facing changes. + ## 1.4.0 ### New Queries diff --git a/java/ql/src/change-notes/released/1.4.1.md b/java/ql/src/change-notes/released/1.4.1.md new file mode 100644 index 000000000000..38987aa49cd0 --- /dev/null +++ b/java/ql/src/change-notes/released/1.4.1.md @@ -0,0 +1,3 @@ +## 1.4.1 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index b8b2e97d5086..43ccf4467bed 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.0 +lastReleaseVersion: 1.4.1 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e7c3a7da88e4..1a1ed7fac405 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.4.1-dev +version: 1.4.1 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 995666b29160..b4d80c515da2 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 2.6.1 + +### Minor Analysis Improvements + +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. +* Added support for the `make-dir` package. +* Added support for the `open` package. +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. +* Improved detection of `WebSocket` and `SockJS` usage. +* Added data received from `WebSocket` clients as a remote flow source. +* Added support for additional `mkdirp` methods as sinks in path-injection queries. +* Added support for additional `rimraf` methods as sinks in path-injection queries. + ## 2.6.0 ### New Features diff --git a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md deleted file mode 100644 index 132bbf0cbe4f..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for additional `mkdirp` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md deleted file mode 100644 index 3d0521643d59..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for additional `rimraf` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/change-notes/2025-04-07-open-package.md b/javascript/ql/lib/change-notes/2025-04-07-open-package.md deleted file mode 100644 index a4c02f0d6d9e..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-open-package.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for the `open` package. diff --git a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md deleted file mode 100644 index f09e6831743b..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md deleted file mode 100644 index 1d6cdb8e6b11..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved detection of `WebSocket` and `SockJS` usage. -* Added data received from `WebSocket` clients as a remote flow source. diff --git a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md deleted file mode 100644 index fd056bbc98d3..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for the `make-dir` package. diff --git a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md deleted file mode 100644 index 9db5c34e51b2..000000000000 --- a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. -* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. diff --git a/javascript/ql/lib/change-notes/released/2.6.1.md b/javascript/ql/lib/change-notes/released/2.6.1.md new file mode 100644 index 000000000000..9356c1ea56ee --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.1.md @@ -0,0 +1,13 @@ +## 2.6.1 + +### Minor Analysis Improvements + +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. +* Added support for the `make-dir` package. +* Added support for the `open` package. +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. +* Improved detection of `WebSocket` and `SockJS` usage. +* Added data received from `WebSocket` clients as a remote flow source. +* Added support for additional `mkdirp` methods as sinks in path-injection queries. +* Added support for additional `rimraf` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 29308d702323..d9d6a8bbe18a 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.0 +lastReleaseVersion: 2.6.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 80004cfa6a03..5b5e10e0c0dc 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.1-dev +version: 2.6.1 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index fef8edd5c801..32be26faf9c6 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.5.3 + +### Minor Analysis Improvements + +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. + +### Bug Fixes + +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. + ## 1.5.2 ### Bug Fixes diff --git a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md deleted file mode 100644 index 4773744a984f..000000000000 --- a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. diff --git a/javascript/ql/src/change-notes/2025-04-09-web-response.md b/javascript/ql/src/change-notes/2025-04-09-web-response.md deleted file mode 100644 index 3afebf1b6a76..000000000000 --- a/javascript/ql/src/change-notes/2025-04-09-web-response.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. diff --git a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md deleted file mode 100644 index 7a0acd541e10..000000000000 --- a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. diff --git a/javascript/ql/src/change-notes/released/1.5.3.md b/javascript/ql/src/change-notes/released/1.5.3.md new file mode 100644 index 000000000000..3642084aaa8d --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.5.3.md @@ -0,0 +1,10 @@ +## 1.5.3 + +### Minor Analysis Improvements + +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. + +### Bug Fixes + +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 7eb901bae56a..232224b0e267 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.2 +lastReleaseVersion: 1.5.3 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 3a5ecb85b4f3..1239092b279b 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.5.3-dev +version: 1.5.3 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 03ff99634124..74c5e6933ed1 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.21.md b/misc/suite-helpers/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 28a36682869f..fa098c1e8055 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.21-dev +version: 1.0.21 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8ea99e00e054..1d7bcb46b1eb 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 4.0.5 + +No user-facing changes. + ## 4.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/released/4.0.5.md b/python/ql/lib/change-notes/released/4.0.5.md new file mode 100644 index 000000000000..dda2a2d3bf47 --- /dev/null +++ b/python/ql/lib/change-notes/released/4.0.5.md @@ -0,0 +1,3 @@ +## 4.0.5 + +No user-facing changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index b207094e2b39..b08843b96ce4 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.4 +lastReleaseVersion: 4.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 020415470fe4..a269f6ea9467 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.5-dev +version: 4.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 33e8046917e8..4b1ca7a734be 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.4.7 + +### Minor Analysis Improvements + +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. + ## 1.4.6 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/released/1.4.7.md similarity index 79% rename from python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md rename to python/ql/src/change-notes/released/1.4.7.md index 57cf5c69a139..bc5ef332ab05 100644 --- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md +++ b/python/ql/src/change-notes/released/1.4.7.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.4.7 + +### Minor Analysis Improvements - The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 3b00bbce928c..163362bd6321 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 2d3896cc57ff..88b09575d0c9 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.4.7-dev +version: 1.4.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 5eabfa99ba6d..527d5c3fd17c 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.1.4 + +### Minor Analysis Improvements + +* Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. + ## 4.1.3 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md b/ruby/ql/lib/change-notes/released/4.1.4.md similarity index 80% rename from ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md rename to ruby/ql/lib/change-notes/released/4.1.4.md index 7570dffb7407..1b944c56640a 100644 --- a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md +++ b/ruby/ql/lib/change-notes/released/4.1.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 4.1.4 + +### Minor Analysis Improvements + * Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index cdfb18533241..de92bc2ecc34 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.3 +lastReleaseVersion: 4.1.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 639f6fb35f17..4bc89e7863ab 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 4.1.4-dev +version: 4.1.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7877bdb6a79c..b06acc1c9df3 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.2.0 + +### Major Analysis Improvements + +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. + ## 1.1.15 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md deleted file mode 100644 index c0bff9adf211..000000000000 --- a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/released/1.2.0.md similarity index 54% rename from ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md rename to ruby/ql/src/change-notes/released/1.2.0.md index 87b92ee51ce3..61491d76fdee 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md +++ b/ruby/ql/src/change-notes/released/1.2.0.md @@ -1,4 +1,6 @@ ---- -category: majorAnalysis ---- +## 1.2.0 + +### Major Analysis Improvements + +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. * The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 9ec2e68cbd32..75430e73d1c4 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.15 +lastReleaseVersion: 1.2.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ca0617aa13e0..6003cc96ddfd 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.16-dev +version: 1.2.0 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 85c1fc61056f..2755640d9ead 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/rust/ql/lib/change-notes/released/0.1.6.md b/rust/ql/lib/change-notes/released/0.1.6.md new file mode 100644 index 000000000000..b856f15fe69b --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 157cff8108d3..d271632b3dde 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 603ede342c78..5a7ba107f7ad 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.6-dev +version: 0.1.6 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 85c1fc61056f..2755640d9ead 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/rust/ql/src/change-notes/released/0.1.6.md b/rust/ql/src/change-notes/released/0.1.6.md new file mode 100644 index 000000000000..b856f15fe69b --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index 157cff8108d3..d271632b3dde 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 4b0296c0af8f..f7afd1d4c99f 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.6-dev +version: 0.1.6 groups: - rust - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 06ae926fe116..ce221ede189e 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.5.md b/shared/controlflow/change-notes/released/2.0.5.md new file mode 100644 index 000000000000..8bce5b7ca756 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 0f306f8bd3bd..6c269316f278 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 5b1c8278c8a9..91c33675babb 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 19d6b3ed9099..ac1750c1e2f5 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.5.md b/shared/dataflow/change-notes/released/2.0.5.md new file mode 100644 index 000000000000..8bce5b7ca756 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 0f306f8bd3bd..6c269316f278 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 86a58593efd0..82b137f996d7 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 428eb375a90d..609a9cdaff69 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.21.md b/shared/mad/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0c7d0f8fb148..bd73c23bb126 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 8ca74122cc45..2757232c21a5 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.21.md b/shared/rangeanalysis/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 258e34f4416a..76a9eeb51964 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 06d3215edb5a..3ab9e968cc01 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.21.md b/shared/regex/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index fb48dd895fe4..b32c38cae91d 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index fb40fb4db741..cb86b03f5bff 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.0 + +### Deprecated APIs + +* All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. + ## 1.0.20 No user-facing changes. diff --git a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md b/shared/ssa/change-notes/released/1.1.0.md similarity index 91% rename from shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md rename to shared/ssa/change-notes/released/1.1.0.md index 0f0db7c81a17..1eedd5d911ca 100644 --- a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md +++ b/shared/ssa/change-notes/released/1.1.0.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 1.1.0 + +### Deprecated APIs + * All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 7af2d1347ffc..2ac15439f561 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.1.0 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index c5e5a1470858..1fa4f9cd7192 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.21-dev +version: 1.1.0 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index b20db0162311..4ede7cf63b21 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.21.md b/shared/threat-models/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 2698ba75fe47..ca7ab6760c8e 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.21-dev +version: 1.0.21 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 2f7a36a4d8b6..247021104749 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.21.md b/shared/tutorial/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 239783afe11b..0735fce8bb12 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 4c72a93118ed..3d66ee2aafa6 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.21.md b/shared/typeflow/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 243dbbefacc8..b918a6647d4c 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 59b60bad0f37..7668a5ba39d5 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.2 + +No user-facing changes. + ## 0.0.1 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.2.md b/shared/typeinference/change-notes/released/0.0.2.md new file mode 100644 index 000000000000..5ab250998ed4 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.2.md @@ -0,0 +1,3 @@ +## 0.0.2 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index c6933410b71c..55dc06fbd76a 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.1 +lastReleaseVersion: 0.0.2 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 4606888741ad..e53d74a0f0b0 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.2-dev +version: 0.0.2 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index c31f7b82d8bd..cb26fd517328 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.5.md b/shared/typetracking/change-notes/released/2.0.5.md new file mode 100644 index 000000000000..8bce5b7ca756 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 0f306f8bd3bd..6c269316f278 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 387f2df08500..3a49c1318701 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 4365eb52a388..236eb0d974a3 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.21.md b/shared/typos/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b84e528b13a9..9f9eb31e03fc 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index fa3c9ff7fb42..17de08023071 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.8 + +No user-facing changes. + ## 2.0.7 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.8.md b/shared/util/change-notes/released/2.0.8.md new file mode 100644 index 000000000000..4d6867c721bf --- /dev/null +++ b/shared/util/change-notes/released/2.0.8.md @@ -0,0 +1,3 @@ +## 2.0.8 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 08d5e9594498..7ffb2d9f65be 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.7 +lastReleaseVersion: 2.0.8 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index cec325c5327a..8f17062384d0 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.8-dev +version: 2.0.8 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 5551a042e155..a9a8e312ea2a 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.21.md b/shared/xml/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index ddd183347db4..36d5e9aaf98d 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 2aff70a053b4..430e21d3e508 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.21.md b/shared/yaml/change-notes/released/1.0.21.md new file mode 100644 index 000000000000..aeb4f416f698 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 7af2d1347ffc..81b5ecacf446 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index bfb8003b7451..2a582f48a94c 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index d11c1a7a7766..32abbe5cc8e7 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 4.1.4 + +No user-facing changes. + ## 4.1.3 No user-facing changes. diff --git a/swift/ql/lib/change-notes/released/4.1.4.md b/swift/ql/lib/change-notes/released/4.1.4.md new file mode 100644 index 000000000000..d2d878b34294 --- /dev/null +++ b/swift/ql/lib/change-notes/released/4.1.4.md @@ -0,0 +1,3 @@ +## 4.1.4 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index cdfb18533241..de92bc2ecc34 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.3 +lastReleaseVersion: 4.1.4 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index a8937945393d..a4a4492d599c 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 4.1.4-dev +version: 4.1.4 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index ee24a514d14f..6b5f800619e5 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### New Queries diff --git a/swift/ql/src/change-notes/released/1.1.1.md b/swift/ql/src/change-notes/released/1.1.1.md new file mode 100644 index 000000000000..7fb56d366105 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 2ac15439f561..1a19084be3f7 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 65d542ab524c..a99b65317ee1 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.1.1-dev +version: 1.1.1 groups: - swift - queries From b75e0ed02eaafb8b8f1830ce0541f986a2e3b412 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 15 Apr 2025 14:25:39 +0100 Subject: [PATCH 409/409] actions: Fix spelling error in UnmaskedSecretExposure.md Corrects "know" to "known" in the description of the UnmaskedSecretExposure document. --- actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md b/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md index 6c681856a7b3..3c56374f9931 100644 --- a/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md +++ b/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md @@ -2,7 +2,7 @@ ## Description -Secrets derived from other secrets are not know to the workflow runner and therefore not masked unless explicitly registered. +Secrets derived from other secrets are not known to the workflow runner and therefore not masked unless explicitly registered. ## Recommendations