From c02a73263236f38b1ca91acb6a351e3e3fb5645a Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Fri, 24 Nov 2023 16:52:32 +0100 Subject: [PATCH 01/31] C++: Remove `DefaultTaintTracking` library --- ...23-11-25-default-taint-tracking-removal.md | 4 + .../cpp/ir/dataflow/DefaultTaintTracking.qll | 21 - .../internal/DefaultTaintTrackingImpl.qll | 668 ------------------ .../code/cpp/security/TaintTracking.qll | 10 - .../code/cpp/security/TaintTrackingImpl.qll | 654 ----------------- .../annotate_path_to_sink/dispatch.cpp | 74 -- .../annotate_path_to_sink/tainted.expected | 4 - .../annotate_path_to_sink/tainted.ql | 100 --- .../annotate_path_to_sink/test_diff.cpp | 129 ---- .../defaulttainttracking.cpp | 237 ------- .../annotate_sinks_only/stl.cpp | 159 ----- .../annotate_sinks_only/tainted.expected | 4 - .../annotate_sinks_only/tainted.ql | 80 --- .../globals/global.expected | 4 - .../DefaultTaintTracking/globals/global.ql | 41 -- .../DefaultTaintTracking/globals/globals.cpp | 24 - .../dataflow/DefaultTaintTracking/shared.h | 17 - .../dataflow/security-taint/tainted.expected | 91 --- .../dataflow/security-taint/tainted.ql | 7 - .../security-taint/tainted_diff.expected | 51 -- .../dataflow/security-taint/tainted_diff.ql | 20 - .../security-taint/tainted_ir.expected | 48 -- .../dataflow/security-taint/tainted_ir.ql | 11 - .../dataflow/security-taint/test.cpp | 114 --- 24 files changed, 4 insertions(+), 2568 deletions(-) create mode 100644 cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md delete mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll delete mode 100644 cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/dispatch.cpp delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/test_diff.cpp delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/globals.cpp delete mode 100644 cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/shared.h delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.ql delete mode 100644 cpp/ql/test/library-tests/dataflow/security-taint/test.cpp diff --git a/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md b/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md new file mode 100644 index 00000000000..b5ff6a11d0d --- /dev/null +++ b/cpp/ql/lib/change-notes/2023-11-25-default-taint-tracking-removal.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The deprecated `DefaultTaintTracking` library has been removed. diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll deleted file mode 100644 index 8b559dbe932..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll +++ /dev/null @@ -1,21 +0,0 @@ -/** - * DEPRECATED: Use `semmle.code.cpp.ir.dataflow.TaintTracking` as a replacement. - * - * An IR taint tracking library that uses an IR DataFlow configuration to track - * taint from user inputs as defined by `semmle.code.cpp.security.Security`. - */ - -import cpp -import semmle.code.cpp.security.Security -private import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl as DefaultTaintTrackingImpl - -deprecated predicate predictableOnlyFlow = DefaultTaintTrackingImpl::predictableOnlyFlow/1; - -deprecated predicate tainted = DefaultTaintTrackingImpl::tainted/2; - -deprecated predicate taintedIncludingGlobalVars = - DefaultTaintTrackingImpl::taintedIncludingGlobalVars/3; - -deprecated predicate globalVarFromId = DefaultTaintTrackingImpl::globalVarFromId/1; - -deprecated module TaintedWithPath = DefaultTaintTrackingImpl::TaintedWithPath; diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll deleted file mode 100644 index ee70380224c..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DefaultTaintTrackingImpl.qll +++ /dev/null @@ -1,668 +0,0 @@ -/** - * INTERNAL: Do not use. - * - * An IR taint tracking library that uses an IR DataFlow configuration to track - * taint from user inputs as defined by `semmle.code.cpp.security.Security`. - */ - -import cpp -import semmle.code.cpp.security.Security -private import semmle.code.cpp.ir.dataflow.DataFlow -private import semmle.code.cpp.ir.dataflow.internal.DataFlowUtil -private import semmle.code.cpp.ir.IR -private import semmle.code.cpp.ir.dataflow.ResolveCall -private import semmle.code.cpp.controlflow.IRGuards -private import semmle.code.cpp.models.interfaces.Taint -private import semmle.code.cpp.models.interfaces.DataFlow -private import semmle.code.cpp.ir.dataflow.TaintTracking -private import semmle.code.cpp.ir.dataflow.TaintTracking2 -private import semmle.code.cpp.ir.dataflow.TaintTracking3 -private import semmle.code.cpp.ir.dataflow.internal.ModelUtil -private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate - -/** - * A predictable instruction is one where an external user can predict - * the value. For example, a literal in the source code is considered - * predictable. - */ -private predicate predictableInstruction(Instruction instr) { - instr instanceof ConstantInstruction - or - instr instanceof StringConstantInstruction - or - // This could be a conversion on a string literal - predictableInstruction(instr.(UnaryInstruction).getUnary()) -} - -/** - * Functions that we should only allow taint to flow through (to the return - * value) if all but the source argument are 'predictable'. This is done to - * emulate the old security library's implementation rather than due to any - * strong belief that this is the right approach. - * - * Note that the list itself is not very principled; it consists of all the - * functions listed in the old security library's [default] `isPureFunction` - * that have more than one argument, but are not in the old taint tracking - * library's `returnArgument` predicate. - */ -predicate predictableOnlyFlow(string name) { - name = - [ - "strcasestr", "strchnul", "strchr", "strchrnul", "strcmp", "strcspn", "strncmp", "strndup", - "strnlen", "strrchr", "strspn", "strstr", "strtod", "strtof", "strtol", "strtoll", "strtoq", - "strtoul" - ] -} - -private DataFlow::Node getNodeForSource(Expr source) { - isUserInput(source, _) and - result = getNodeForExpr(source) -} - -private DataFlow::Node getNodeForExpr(Expr node) { - node = DataFlow::ExprFlowCached::asExprInternal(result) - or - // Some of the sources in `isUserInput` are intended to match the value of - // an expression, while others (those modeled below) are intended to match - // the taint that propagates out of an argument, like the `char *` argument - // to `gets`. It's impossible here to tell which is which, but the "access - // to argv" source is definitely not intended to match an output argument, - // and it causes false positives if we let it. - // - // This case goes together with the similar (but not identical) rule in - // `nodeIsBarrierIn`. - result = DataFlow::definitionByReferenceNodeFromArgument(node) and - not argv(node.(VariableAccess).getTarget()) -} - -private predicate conflatePointerAndPointee(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - // Flow from `op` to `*op`. - exists(Operand operand, int indirectionIndex | - nodeHasOperand(nodeFrom, operand, indirectionIndex) and - nodeHasOperand(nodeTo, operand, indirectionIndex - 1) - ) - or - // Flow from `instr` to `*instr`. - exists(Instruction instr, int indirectionIndex | - nodeHasInstruction(nodeFrom, instr, indirectionIndex) and - nodeHasInstruction(nodeTo, instr, indirectionIndex - 1) - ) -} - -private module DefaultTaintTrackingConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) } - - predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) } - - predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) } - - predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } - - predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - conflatePointerAndPointee(nodeFrom, nodeTo) - } -} - -private module DefaultTaintTrackingFlow = TaintTracking::Global; - -private module ToGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source = getNodeForSource(_) } - - predicate isSink(DataFlow::Node sink) { sink.asVariable() instanceof GlobalOrNamespaceVariable } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable)) - or - readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable)) - } - - predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) } - - predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } -} - -private module ToGlobalVarTaintTrackingFlow = TaintTracking::Global; - -private module FromGlobalVarTaintTrackingConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - // This set of sources should be reasonably small, which is good for - // performance since the set of sinks is very large. - ToGlobalVarTaintTrackingFlow::flowTo(source) - } - - predicate isSink(DataFlow::Node sink) { exists(adjustedSink(sink)) } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - // Additional step for flow out of variables. There is no flow _into_ - // variables in this configuration, so this step only serves to take flow - // out of a variable that's a source. - readsVariable(n2.asInstruction(), n1.asVariable()) - } - - predicate isBarrier(DataFlow::Node node) { nodeIsBarrier(node) } - - predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } -} - -private module FromGlobalVarTaintTrackingFlow = - TaintTracking::Global; - -private predicate readsVariable(LoadInstruction load, Variable var) { - load.getSourceAddress().(VariableAddressInstruction).getAstVariable() = var -} - -private predicate writesVariable(StoreInstruction store, Variable var) { - store.getDestinationAddress().(VariableAddressInstruction).getAstVariable() = var -} - -/** - * A variable that has any kind of upper-bound check anywhere in the program. This is - * biased towards being inclusive because there are a lot of valid ways of doing an - * upper bounds checks if we don't consider where it occurs, for example: - * ``` - * if (x < 10) { sink(x); } - * - * if (10 > y) { sink(y); } - * - * if (z > 10) { z = 10; } - * sink(z); - * ``` - */ -// TODO: This coarse overapproximation, ported from the old taint tracking -// library, could be replaced with an actual semantic check that a particular -// variable _access_ is guarded by an upper-bound check. We probably don't want -// to do this right away since it could expose a lot of FPs that were -// previously suppressed by this predicate by coincidence. -private predicate hasUpperBoundsCheck(Variable var) { - exists(RelationalOperation oper, VariableAccess access | - oper.getAnOperand() = access and - access.getTarget() = var and - // Comparing to 0 is not an upper bound check - not oper.getAnOperand().getValue() = "0" - ) -} - -private predicate nodeIsBarrierEqualityCandidate( - DataFlow::Node node, Operand access, Variable checkedVar -) { - exists(Instruction instr | instr = node.asOperand().getDef() | - readsVariable(instr, checkedVar) and - any(IRGuardCondition guard).ensuresEq(access, _, _, instr.getBlock(), true) - ) -} - -cached -private module Cached { - cached - predicate nodeIsBarrier(DataFlow::Node node) { - exists(Variable checkedVar, Instruction instr | instr = node.asOperand().getDef() | - readsVariable(instr, checkedVar) and - hasUpperBoundsCheck(checkedVar) - ) - or - exists(Variable checkedVar, Operand access | - /* - * This node is guarded by a condition that forces the accessed variable - * to equal something else. For example: - * ``` - * x = taintsource() - * if (x == 10) { - * taintsink(x); // not considered tainted - * } - * ``` - */ - - nodeIsBarrierEqualityCandidate(node, access, checkedVar) and - readsVariable(access.getDef(), checkedVar) - ) - } - - cached - predicate nodeIsBarrierIn(DataFlow::Node node) { - // don't use dataflow into taint sources, as this leads to duplicate results. - exists(Expr source | isUserInput(source, _) | - source = DataFlow::ExprFlowCached::asExprInternal(node) - or - // This case goes together with the similar (but not identical) rule in - // `getNodeForSource`. - node = DataFlow::definitionByReferenceNodeFromArgument(source) - ) - or - // don't use dataflow into binary instructions if both operands are unpredictable - exists(BinaryInstruction iTo | - iTo = node.asInstruction() and - not predictableInstruction(iTo.getLeft()) and - not predictableInstruction(iTo.getRight()) and - // propagate taint from either the pointer or the offset, regardless of predictability - not iTo instanceof PointerArithmeticInstruction - ) - or - // don't use dataflow through calls to pure functions if two or more operands - // are unpredictable - exists(Instruction iFrom1, Instruction iFrom2, CallInstruction iTo | - iTo = node.asInstruction() and - isPureFunction(iTo.getStaticCallTarget().getName()) and - iFrom1 = iTo.getAnArgument() and - iFrom2 = iTo.getAnArgument() and - not predictableInstruction(iFrom1) and - not predictableInstruction(iFrom2) and - iFrom1 != iFrom2 - ) - } - - cached - Element adjustedSink(DataFlow::Node sink) { - // TODO: is it more appropriate to use asConvertedExpr here and avoid - // `getConversion*`? Or will that cause us to miss some cases where there's - // flow to a conversion (like a `ReferenceDereferenceExpr`) and we want to - // pretend there was flow to the converted `Expr` for the sake of - // compatibility. - sink.asExpr().getConversion*() = result - or - // For compatibility, send flow from arguments to parameters, even for - // functions with no body. - exists(FunctionCall call, int i | - sink.asExpr() = call.getArgument(pragma[only_bind_into](i)) and - result = resolveCall(call).getParameter(pragma[only_bind_into](i)) - ) - or - // For compatibility, send flow into a `Variable` if there is flow to any - // Load or Store of that variable. - exists(CopyInstruction copy | - copy.getSourceValue() = sink.asInstruction() and - ( - readsVariable(copy, result) or - writesVariable(copy, result) - ) and - not hasUpperBoundsCheck(result) - ) - or - // For compatibility, send flow into a `NotExpr` even if it's part of a - // short-circuiting condition and thus might get skipped. - result.(NotExpr).getOperand() = sink.asExpr() - or - // Taint postfix and prefix crement operations when their operand is tainted. - result.(CrementOperation).getAnOperand() = sink.asExpr() - or - // Taint `e1 += e2`, `e &= e2` and friends when `e1` or `e2` is tainted. - result.(AssignOperation).getAnOperand() = sink.asExpr() - or - result = - sink.asOperand() - .(SideEffectOperand) - .getUse() - .(ReadSideEffectInstruction) - .getArgumentDef() - .getUnconvertedResultExpression() - } - - /** - * Step to return value of a modeled function when an input taints the - * dereference of the return value. - */ - cached - predicate additionalTaintStep(DataFlow::Node n1, DataFlow::Node n2) { - exists(CallInstruction call, Function func, FunctionInput modelIn, FunctionOutput modelOut | - n1 = callInput(call, modelIn) and - ( - func.(TaintFunction).hasTaintFlow(modelIn, modelOut) - or - func.(DataFlowFunction).hasDataFlow(modelIn, modelOut) - ) and - call.getStaticCallTarget() = func and - modelOut.isReturnValueDeref() and - call = n2.asInstruction() - ) - } -} - -private import Cached - -/** - * Holds if `tainted` may contain taint from `source`. - * - * A tainted expression is either directly user input, or is - * computed from user input in a way that users can probably - * control the exact output of the computation. - * - * This doesn't include data flow through global variables. - * If you need that you must call `taintedIncludingGlobalVars`. - */ -cached -predicate tainted(Expr source, Element tainted) { - exists(DataFlow::Node sink | - DefaultTaintTrackingFlow::flow(getNodeForSource(source), sink) and - tainted = adjustedSink(sink) - ) -} - -/** - * Holds if `tainted` may contain taint from `source`, where the taint passed - * through a global variable named `globalVar`. - * - * A tainted expression is either directly user input, or is - * computed from user input in a way that users can probably - * control the exact output of the computation. - * - * This version gives the same results as tainted but also includes - * data flow through global variables. - * - * The parameter `globalVar` is the qualified name of the last global variable - * used to move the value from source to tainted. If the taint did not pass - * through a global variable, then `globalVar = ""`. - */ -cached -predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) { - tainted(source, tainted) and - globalVar = "" - or - exists( - DataFlow::VariableNode variableNode, GlobalOrNamespaceVariable global, DataFlow::Node sink - | - global = variableNode.getVariable() and - ToGlobalVarTaintTrackingFlow::flow(getNodeForSource(source), variableNode) and - FromGlobalVarTaintTrackingFlow::flow(variableNode, sink) and - tainted = adjustedSink(sink) and - global = globalVarFromId(globalVar) - ) -} - -/** - * Gets the global variable whose qualified name is `id`. Use this predicate - * together with `taintedIncludingGlobalVars`. Example: - * - * ``` - * exists(string varName | - * taintedIncludingGlobalVars(source, tainted, varName) and - * var = globalVarFromId(varName) - * ) - * ``` - */ -GlobalOrNamespaceVariable globalVarFromId(string id) { id = result.getQualifiedName() } - -/** - * Provides definitions for augmenting source/sink pairs with data-flow paths - * between them. From a `@kind path-problem` query, import this module in the - * global scope, extend `TaintTrackingConfiguration`, and use `taintedWithPath` - * in place of `tainted`. - * - * Importing this module will also import the query predicates that contain the - * taint paths. - */ -module TaintedWithPath { - private newtype TSingleton = MkSingleton() - - /** - * A taint-tracking configuration that matches sources and sinks in the same - * way as the `tainted` predicate. - * - * Override `isSink` and `taintThroughGlobals` as needed, but do not provide - * a characteristic predicate. - */ - class TaintTrackingConfiguration extends TSingleton { - /** Override this to specify which elements are sources in this configuration. */ - predicate isSource(Expr source) { exists(getNodeForSource(source)) } - - /** Override this to specify which elements are sinks in this configuration. */ - abstract predicate isSink(Element e); - - /** Override this to specify which expressions are barriers in this configuration. */ - predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) } - - /** - * Override this predicate to `any()` to allow taint to flow through global - * variables. - */ - predicate taintThroughGlobals() { none() } - - /** Gets a textual representation of this element. */ - string toString() { result = "TaintTrackingConfiguration" } - } - - private module AdjustedConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - exists(TaintTrackingConfiguration cfg, Expr e | - cfg.isSource(e) and source = getNodeForExpr(e) - ) - } - - predicate isSink(DataFlow::Node sink) { - exists(TaintTrackingConfiguration cfg | cfg.isSink(adjustedSink(sink))) - } - - predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) { - conflatePointerAndPointee(n1, n2) - or - // Steps into and out of global variables - exists(TaintTrackingConfiguration cfg | cfg.taintThroughGlobals() | - writesVariable(n1.asInstruction(), n2.asVariable().(GlobalOrNamespaceVariable)) - or - readsVariable(n2.asInstruction(), n1.asVariable().(GlobalOrNamespaceVariable)) - ) - or - additionalTaintStep(n1, n2) - } - - predicate isBarrier(DataFlow::Node node) { - exists(TaintTrackingConfiguration cfg, Expr e | cfg.isBarrier(e) and node = getNodeForExpr(e)) - } - - predicate isBarrierIn(DataFlow::Node node) { nodeIsBarrierIn(node) } - - predicate neverSkip(Node node) { none() } - } - - private module AdjustedFlow = TaintTracking::Global; - - /* - * A sink `Element` may map to multiple `DataFlowX::PathNode`s via (the - * inverse of) `adjustedSink`. For example, an `Expr` maps to all its - * conversions, and a `Variable` maps to all loads and stores from it. Because - * the path node is part of the tuple that constitutes the alert, this leads - * to duplicate alerts. - * - * To avoid showing duplicates, we edit the graph to replace the final node - * coming from the data-flow library with a node that matches exactly the - * `Element` sink that's requested. - * - * The same is done for sources. - */ - - private newtype TPathNode = - TWrapPathNode(AdjustedFlow::PathNode n) or - // There's a single newtype constructor for both sources and sinks since - // that makes it easiest to deal with the case where source = sink. - TEndpointPathNode(Element e) { - exists(DataFlow::Node sourceNode, DataFlow::Node sinkNode | - AdjustedFlow::flow(sourceNode, sinkNode) - | - sourceNode = getNodeForExpr(e) and - exists(TaintTrackingConfiguration ttCfg | ttCfg.isSource(e)) - or - e = adjustedSink(sinkNode) and - exists(TaintTrackingConfiguration ttCfg | ttCfg.isSink(e)) - ) - } - - /** An opaque type used for the nodes of a data-flow path. */ - class PathNode extends TPathNode { - /** Gets a textual representation of this element. */ - string toString() { none() } - - /** - * Holds if this element is at the specified location. - * The location spans column `startcolumn` of line `startline` to - * column `endcolumn` of line `endline` in file `filepath`. - * For more information, see - * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). - */ - predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - none() - } - } - - /** - * INTERNAL: Do not use. - */ - module Private { - /** Gets a predecessor `PathNode` of `pathNode`, if any. */ - PathNode getAPredecessor(PathNode pathNode) { edges(result, pathNode) } - - /** Gets the element that `pathNode` wraps, if any. */ - Element getElementFromPathNode(PathNode pathNode) { - exists(DataFlow::Node node | node = pathNode.(WrapPathNode).inner().getNode() | - result = node.asInstruction().getAst() - or - result = node.asOperand().getDef().getAst() - ) - or - result = pathNode.(EndpointPathNode).inner() - } - } - - private class WrapPathNode extends PathNode, TWrapPathNode { - AdjustedFlow::PathNode inner() { this = TWrapPathNode(result) } - - override string toString() { result = this.inner().toString() } - - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.inner().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - } - - private class EndpointPathNode extends PathNode, TEndpointPathNode { - Expr inner() { this = TEndpointPathNode(result) } - - override string toString() { result = this.inner().toString() } - - override predicate hasLocationInfo( - string filepath, int startline, int startcolumn, int endline, int endcolumn - ) { - this.inner() - .getLocation() - .hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) - } - } - - /** A PathNode whose `Element` is a source. It may also be a sink. */ - private class InitialPathNode extends EndpointPathNode { - InitialPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSource(this.inner())) } - } - - /** A PathNode whose `Element` is a sink. It may also be a source. */ - private class FinalPathNode extends EndpointPathNode { - FinalPathNode() { exists(TaintTrackingConfiguration cfg | cfg.isSink(this.inner())) } - } - - /** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */ - query predicate edges(PathNode a, PathNode b) { - AdjustedFlow::PathGraph::edges(a.(WrapPathNode).inner(), b.(WrapPathNode).inner()) - or - // To avoid showing trivial-looking steps, we _replace_ the last node instead - // of adding an edge out of it. - exists(WrapPathNode sinkNode | - AdjustedFlow::PathGraph::edges(a.(WrapPathNode).inner(), sinkNode.inner()) and - b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode()) - ) - or - // Same for the first node - exists(WrapPathNode sourceNode | - AdjustedFlow::PathGraph::edges(sourceNode.inner(), b.(WrapPathNode).inner()) and - sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner()) - ) - or - // Finally, handle the case where the path goes directly from a source to a - // sink, meaning that they both need to be translated. - exists(WrapPathNode sinkNode, WrapPathNode sourceNode | - AdjustedFlow::PathGraph::edges(sourceNode.inner(), sinkNode.inner()) and - sourceNode.inner().getNode() = getNodeForExpr(a.(InitialPathNode).inner()) and - b.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode()) - ) - } - - /** - * Holds if there is flow from `arg` to `out` across a call that can by summarized by the flow - * from `par` to `ret` within it, in the graph of data flow path explanations. - */ - query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { - AdjustedFlow::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(), - ret.(WrapPathNode).inner(), out.(WrapPathNode).inner()) - or - // To avoid showing trivial-looking steps, we _replace_ the last node instead - // of adding an edge out of it. - exists(WrapPathNode sinkNode | - AdjustedFlow::PathGraph::subpaths(arg.(WrapPathNode).inner(), par.(WrapPathNode).inner(), - ret.(WrapPathNode).inner(), sinkNode.inner()) and - out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode()) - ) - or - // Same for the first node - exists(WrapPathNode sourceNode | - AdjustedFlow::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(), - ret.(WrapPathNode).inner(), out.(WrapPathNode).inner()) and - sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner()) - ) - or - // Finally, handle the case where the path goes directly from a source to a - // sink, meaning that they both need to be translated. - exists(WrapPathNode sinkNode, WrapPathNode sourceNode | - AdjustedFlow::PathGraph::subpaths(sourceNode.inner(), par.(WrapPathNode).inner(), - ret.(WrapPathNode).inner(), sinkNode.inner()) and - sourceNode.inner().getNode() = getNodeForExpr(arg.(InitialPathNode).inner()) and - out.(FinalPathNode).inner() = adjustedSink(sinkNode.inner().getNode()) - ) - } - - /** Holds if `n` is a node in the graph of data flow path explanations. */ - query predicate nodes(PathNode n, string key, string val) { - key = "semmle.label" and val = n.toString() - } - - /** - * Holds if `tainted` may contain taint from `source`, where `sourceNode` and - * `sinkNode` are the corresponding `PathNode`s that can be used in a query - * to provide path explanations. Extend `TaintTrackingConfiguration` to use - * this predicate. - * - * A tainted expression is either directly user input, or is computed from - * user input in a way that users can probably control the exact output of - * the computation. - */ - predicate taintedWithPath(Expr source, Element tainted, PathNode sourceNode, PathNode sinkNode) { - exists(DataFlow::Node flowSource, DataFlow::Node flowSink | - source = sourceNode.(InitialPathNode).inner() and - flowSource = getNodeForExpr(source) and - AdjustedFlow::flow(flowSource, flowSink) and - tainted = adjustedSink(flowSink) and - tainted = sinkNode.(FinalPathNode).inner() - ) - } - - private predicate isGlobalVariablePathNode(WrapPathNode n) { - n.inner().getNode().asVariable() instanceof GlobalOrNamespaceVariable - or - n.inner().getNode().asIndirectVariable() instanceof GlobalOrNamespaceVariable - } - - private predicate edgesWithoutGlobals(PathNode a, PathNode b) { - edges(a, b) and - not isGlobalVariablePathNode(a) and - not isGlobalVariablePathNode(b) - } - - /** - * Holds if `tainted` can be reached from a taint source without passing - * through a global variable. - */ - predicate taintedWithoutGlobals(Element tainted) { - exists(PathNode sourceNode, FinalPathNode sinkNode | - AdjustedConfig::isSource(sourceNode.(WrapPathNode).inner().getNode()) and - edgesWithoutGlobals+(sourceNode, sinkNode) and - tainted = sinkNode.inner() - ) - } -} diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll deleted file mode 100644 index 49ef4137aa1..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/security/TaintTracking.qll +++ /dev/null @@ -1,10 +0,0 @@ -/** - * Support for tracking tainted data through the program. This is an alias for - * `semmle.code.cpp.ir.dataflow.DefaultTaintTracking` provided for backwards - * compatibility. - * - * Prefer to use `semmle.code.cpp.dataflow.TaintTracking` or - * `semmle.code.cpp.ir.dataflow.TaintTracking` when designing new queries. - */ - -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking diff --git a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll b/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll deleted file mode 100644 index bf6bcc3acb6..00000000000 --- a/cpp/ql/lib/semmle/code/cpp/security/TaintTrackingImpl.qll +++ /dev/null @@ -1,654 +0,0 @@ -/** - * DEPRECATED: we now use `semmle.code.cpp.ir.dataflow.DefaultTaintTracking`, - * which is based on the IR but designed to behave similarly to this old - * library. - * - * Provides the implementation of `semmle.code.cpp.security.TaintTracking`. Do - * not import this file directly. - */ - -import cpp -import Security - -/** Expressions that change the value of a variable */ -private predicate valueSource(Expr expr) { - exists(AssignExpr ae | expr = ae.getLValue()) - or - exists(FunctionCall fc, int i | - userInputArgument(fc, i) and - expr = fc.getArgument(i) - ) - or - exists(FunctionCall c, int arg | - copyValueBetweenArguments(c.getTarget(), _, arg) and - expr = c.getArgument(arg) - ) - or - exists(FunctionCall c, int arg | - c.getTarget().getParameter(arg).getType() instanceof ReferenceType and - expr = c.getArgument(arg) - ) -} - -/** Expressions that are inside an expression that changes the value of a variable */ -private predicate insideValueSource(Expr expr) { - valueSource(expr) - or - insideValueSource(expr.getParent()) and - // A modification of array[offset] does not modify offset - not expr.getParent().(ArrayExpr).getArrayOffset() = expr -} - -private predicate isPointer(Type type) { - type instanceof PointerType or - isPointer(type.(ReferenceType).getBaseType()) -} - -/** - * Tracks data flow from src to dest. - * If this is used in the left side of an assignment src and dest should be swapped - */ -private predicate moveToDependingOnSide(Expr src, Expr dest) { - exists(ParenthesisExpr e | - src = e.getAChild() and - dest = e - ) - or - exists(ArrayExpr e | - src = e.getArrayBase() and - dest = e - ) - or - exists(PointerDereferenceExpr e | - src = e.getOperand() and - dest = e - ) - or - exists(AddressOfExpr e | - src = e.getOperand() and - dest = e - ) - or - // if var+offset is tainted, then so is var - exists(VariableAccess base, BinaryOperation binop | - dest = binop and - (base = binop.getLeftOperand() or base = binop.getRightOperand()) and - isPointer(base.getType()) and - base.getTarget() instanceof LocalScopeVariable and - src = base and - // flow through pointer-pointer subtraction is dubious, the result should be - // a number bounded by the size of the pointed-to thing. - not binop instanceof PointerDiffExpr - ) - or - exists(UnaryOperation unop | - dest = unop and - unop.getAnOperand() = src - ) - or - exists(BinaryOperation binop | - dest = binop and - binop.getLeftOperand() = src and - predictable(binop.getRightOperand()) - ) - or - exists(BinaryOperation binop | - dest = binop and - binop.getRightOperand() = src and - predictable(binop.getLeftOperand()) - ) - or - exists(Cast cast | - dest = cast and - src = cast.getExpr() - ) - or - exists(ConditionalExpr cond | - cond = dest and - ( - cond.getThen() = src or - cond.getElse() = src - ) - ) -} - -/** - * Track value flow between functions. - * Handles the following cases: - * - If an argument to a function is tainted, all the usages of the parameter inside the function are tainted - * - If a function obtains input from the user internally and returns it, all calls to the function are tainted - * - If an argument to a function is tainted and that parameter is returned, all calls to the function are not tainted - * (this is done to avoid false positives). Because of this we need to track if the tainted element came from an argument - * or not, and for that we use destFromArg - */ -deprecated private predicate betweenFunctionsValueMoveTo( - Element src, Element dest, boolean destFromArg -) { - not unreachable(src) and - not unreachable(dest) and - ( - exists(Call call, int i | - src = call.getArgument(i) and - resolveCallWithParam(call, _, i, dest) and - destFromArg = true - ) - or - // Only move the return of the function to the function itself if the value didn't came from an - // argument, or else we would taint all the calls to one function if one argument is tainted - // somewhere - exists(Function f, ReturnStmt ret | - ret.getEnclosingFunction() = f and - src = ret.getExpr() and - destFromArg = false and - dest = f - ) - or - exists(Call call, Function f | - f = resolveCall(call) and - src = f and - dest = call and - destFromArg = false - ) - or - // If a parameter of type reference is tainted inside a function, taint the argument too - exists(Call call, int pi, Parameter p | - resolveCallWithParam(call, _, pi, p) and - p.getType() instanceof ReferenceType and - src = p and - dest = call.getArgument(pi) and - destFromArg = false - ) - ) -} - -// predicate folding for proper join-order -// bad magic: pushes down predicate that ruins join-order -pragma[nomagic] -deprecated private predicate resolveCallWithParam(Call call, Function called, int i, Parameter p) { - called = resolveCall(call) and - p = called.getParameter(i) -} - -/** A variable for which flow through is allowed. */ -deprecated library class FlowVariable extends Variable { - FlowVariable() { - ( - this instanceof LocalScopeVariable or - this instanceof GlobalOrNamespaceVariable - ) and - not argv(this) - } -} - -/** A local scope variable for which flow through is allowed. */ -deprecated library class FlowLocalScopeVariable extends Variable { - FlowLocalScopeVariable() { this instanceof LocalScopeVariable } -} - -deprecated private predicate insideFunctionValueMoveTo(Element src, Element dest) { - not unreachable(src) and - not unreachable(dest) and - ( - // Taint all variable usages when one is tainted - // This function taints global variables but doesn't taint from a global variable (see globalVariableValueMoveTo) - exists(FlowLocalScopeVariable v | - src = v and - dest = v.getAnAccess() and - not insideValueSource(dest) - ) - or - exists(FlowVariable v | - src = v.getAnAccess() and - dest = v and - insideValueSource(src) - ) - or - // Taint all union usages when one is tainted - // This function taints global variables but doesn't taint from a global variable (see globalVariableValueMoveTo) - exists(FlowLocalScopeVariable v, FieldAccess a | - unionAccess(v, _, a) and - src = v and - dest = a and - not insideValueSource(dest) - ) - or - exists(FlowVariable v, FieldAccess a | - unionAccess(v, _, a) and - src = a and - dest = v and - insideValueSource(src) - ) - or - // If a pointer is tainted, taint the original variable - exists(FlowVariable p, FlowVariable v, AddressOfExpr e | - p.getAnAssignedValue() = e and - e.getOperand() = v.getAnAccess() and - src = p and - dest = v - ) - or - // If a reference is tainted, taint the original variable - exists(FlowVariable r, FlowVariable v | - r.getType() instanceof ReferenceType and - r.getInitializer().getExpr() = v.getAnAccess() and - src = r and - dest = v - ) - or - exists(Variable var | - var = dest and - var.getInitializer().getExpr() = src - ) - or - exists(AssignExpr ae | - src = ae.getRValue() and - dest = ae.getLValue() - ) - or - exists(CommaExpr comma | - comma = dest and - comma.getRightOperand() = src - ) - or - exists(FunctionCall c, int sourceArg, int destArg | - copyValueBetweenArguments(c.getTarget(), sourceArg, destArg) and - // Only consider copies from `printf`-like functions if the format is a string - ( - exists(FormattingFunctionCall ffc, FormatLiteral format | - ffc = c and - format = ffc.getFormat() and - format.getConversionChar(sourceArg - ffc.getTarget().getNumberOfParameters()) = ["s", "S"] - ) - or - not c.(FormattingFunctionCall).getFormat() instanceof FormatLiteral - or - not c instanceof FormattingFunctionCall - ) and - src = c.getArgument(sourceArg) and - dest = c.getArgument(destArg) - ) - or - exists(FunctionCall c, int sourceArg | - returnArgument(c.getTarget(), sourceArg) and - src = c.getArgument(sourceArg) and - dest = c - ) - or - exists(FormattingFunctionCall formattingSend, int arg, FormatLiteral format | - dest = formattingSend and - formattingSend.getArgument(arg) = src and - format = formattingSend.getFormat() and - format.getConversionChar(arg - formattingSend.getTarget().getNumberOfParameters()) = - ["s", "S", "@"] - ) - or - // Expressions computed from tainted data are also tainted - exists(FunctionCall call | dest = call and isPureFunction(call.getTarget().getName()) | - call.getAnArgument() = src and - forall(Expr arg | arg = call.getAnArgument() | arg = src or predictable(arg)) and - // flow through `strlen` tends to cause dubious results, if the length is - // bounded. - not call.getTarget().getName() = "strlen" - ) - or - exists(Element a, Element b | - moveToDependingOnSide(a, b) and - if insideValueSource(a) then (src = b and dest = a) else (src = a and dest = b) - ) - ) -} - -/** - * Handles data flow from global variables to its usages. - * The tainting for the global variable itself is done at insideFunctionValueMoveTo. - */ -private predicate globalVariableValueMoveTo(GlobalOrNamespaceVariable src, Expr dest) { - not unreachable(dest) and - ( - exists(GlobalOrNamespaceVariable v | - src = v and - dest = v.getAnAccess() and - not insideValueSource(dest) - ) - or - exists(GlobalOrNamespaceVariable v, FieldAccess a | - unionAccess(v, _, a) and - src = v and - dest = a and - not insideValueSource(dest) - ) - ) -} - -private predicate unionAccess(Variable v, Field f, FieldAccess a) { - f.getDeclaringType() instanceof Union and - a.getTarget() = f and - a.getQualifier() = v.getAnAccess() -} - -deprecated GlobalOrNamespaceVariable globalVarFromId(string id) { - if result instanceof NamespaceVariable - then id = result.getNamespace() + "::" + result.getName() - else id = result.getName() -} - -/** - * A variable that has any kind of upper-bound check anywhere in the program. This is - * biased towards being inclusive because there are a lot of valid ways of doing an - * upper bounds checks if we don't consider where it occurs, for example: - * ``` - * if (x < 10) { sink(x); } - * - * if (10 > y) { sink(y); } - * - * if (z > 10) { z = 10; } - * sink(z); - * ``` - */ -private predicate hasUpperBoundsCheck(Variable var) { - exists(RelationalOperation oper, VariableAccess access | - oper.getAnOperand() = access and - access.getTarget() = var and - // Comparing to 0 is not an upper bound check - not oper.getAnOperand().getValue() = "0" - ) -} - -cached -deprecated private predicate taintedWithArgsAndGlobalVars( - Element src, Element dest, boolean destFromArg, string globalVar -) { - isUserInput(src, _) and - not unreachable(src) and - dest = src and - destFromArg = false and - globalVar = "" - or - exists(Element other, boolean otherFromArg, string otherGlobalVar | - taintedWithArgsAndGlobalVars(src, other, otherFromArg, otherGlobalVar) - | - not unreachable(dest) and - not hasUpperBoundsCheck(dest) and - ( - // Direct flow from one expression to another. - betweenFunctionsValueMoveTo(other, dest, destFromArg) and - (destFromArg = true or otherFromArg = false) and - globalVar = otherGlobalVar - or - insideFunctionValueMoveTo(other, dest) and - destFromArg = otherFromArg and - globalVar = otherGlobalVar - or - exists(GlobalOrNamespaceVariable v | - v = other and - globalVariableValueMoveTo(v, dest) and - destFromArg = false and - v = globalVarFromId(globalVar) - ) - ) - ) -} - -/** - * A tainted expression is either directly user input, or is - * computed from user input in a way that users can probably - * control the exact output of the computation. - * - * This doesn't include data flow through global variables. - * If you need that you must call taintedIncludingGlobalVars. - */ -deprecated predicate tainted(Expr source, Element tainted) { - taintedWithArgsAndGlobalVars(source, tainted, _, "") -} - -/** - * A tainted expression is either directly user input, or is - * computed from user input in a way that users can probably - * control the exact output of the computation. - * - * This version gives the same results as tainted but also includes - * data flow through global variables. - * - * The parameter `globalVar` is the name of the last global variable used to move the - * value from source to tainted. - */ -deprecated predicate taintedIncludingGlobalVars(Expr source, Element tainted, string globalVar) { - taintedWithArgsAndGlobalVars(source, tainted, _, globalVar) -} - -/** - * A predictable expression is one where an external user can predict - * the value. For example, a literal in the source code is considered - * predictable. - */ -private predicate predictable(Expr expr) { - expr instanceof Literal - or - exists(BinaryOperation binop | binop = expr | - predictable(binop.getLeftOperand()) and predictable(binop.getRightOperand()) - ) - or - exists(UnaryOperation unop | unop = expr | predictable(unop.getOperand())) -} - -private int maxArgIndex(Function f) { - result = - max(FunctionCall fc, int toMax | - fc.getTarget() = f and toMax = fc.getNumberOfArguments() - 1 - | - toMax - ) -} - -/** Functions that copy the value of one argument to another */ -private predicate copyValueBetweenArguments(Function f, int sourceArg, int destArg) { - f.hasGlobalOrStdName("memcpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("__builtin___memcpy_chk") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("memmove") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("strcat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("_mbscat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("wcscat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("strncat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("_mbsncat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("wcsncat") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("strcpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("_mbscpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("wcscpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("strncpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("_mbsncpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalOrStdName("wcsncpy") and sourceArg = 1 and destArg = 0 - or - f.hasGlobalName("inet_aton") and sourceArg = 0 and destArg = 1 - or - f.hasGlobalName("inet_pton") and sourceArg = 1 and destArg = 2 - or - f.hasGlobalOrStdName("strftime") and sourceArg in [2 .. maxArgIndex(f)] and destArg = 0 - or - exists(FormattingFunction ff | ff = f | - sourceArg in [ff.getFormatParameterIndex() .. maxArgIndex(f)] and - destArg = ff.getOutputParameterIndex(false) - ) -} - -/** Functions where if one of the arguments is tainted, the result should be tainted */ -private predicate returnArgument(Function f, int sourceArg) { - f.hasGlobalName("memcpy") and sourceArg = 0 - or - f.hasGlobalName("__builtin___memcpy_chk") and sourceArg = 0 - or - f.hasGlobalOrStdName("memmove") and sourceArg = 0 - or - f.hasGlobalOrStdName("strcat") and sourceArg = 0 - or - f.hasGlobalName("_mbscat") and sourceArg = 0 - or - f.hasGlobalOrStdName("wcsncat") and sourceArg = 0 - or - f.hasGlobalOrStdName("strncat") and sourceArg = 0 - or - f.hasGlobalName("_mbsncat") and sourceArg = 0 - or - f.hasGlobalOrStdName("wcsncat") and sourceArg = 0 - or - f.hasGlobalOrStdName("strcpy") and sourceArg = 0 - or - f.hasGlobalName("_mbscpy") and sourceArg = 0 - or - f.hasGlobalOrStdName("wcscpy") and sourceArg = 0 - or - f.hasGlobalOrStdName("strncpy") and sourceArg = 0 - or - f.hasGlobalName("_mbsncpy") and sourceArg = 0 - or - f.hasGlobalOrStdName("wcsncpy") and sourceArg = 0 - or - f.hasGlobalName("inet_ntoa") and sourceArg = 0 - or - f.hasGlobalName("inet_addr") and sourceArg = 0 - or - f.hasGlobalName("inet_network") and sourceArg = 0 - or - f.hasGlobalName("inet_ntoa") and sourceArg = 0 - or - f.hasGlobalName("inet_makeaddr") and - (sourceArg = 0 or sourceArg = 1) - or - f.hasGlobalName("inet_lnaof") and sourceArg = 0 - or - f.hasGlobalName("inet_netof") and sourceArg = 0 - or - f.hasGlobalName("gethostbyname") and sourceArg = 0 - or - f.hasGlobalName("gethostbyaddr") and sourceArg = 0 -} - -/** - * Resolve potential target function(s) for `call`. - * - * If `call` is a call through a function pointer (`ExprCall`) or - * targets a virtual method, simple data flow analysis is performed - * in order to identify target(s). - */ -deprecated Function resolveCall(Call call) { - result = call.getTarget() - or - result = call.(DataSensitiveCallExpr).resolve() -} - -/** A data sensitive call expression. */ -abstract deprecated library class DataSensitiveCallExpr extends Expr { - DataSensitiveCallExpr() { not unreachable(this) } - - abstract Expr getSrc(); - - cached - abstract Function resolve(); - - /** - * Whether `src` can flow to this call expression. - * - * Searches backwards from `getSrc()` to `src`. - */ - predicate flowsFrom(Element src, boolean allowFromArg) { - src = this.getSrc() and allowFromArg = true - or - exists(Element other, boolean allowOtherFromArg | this.flowsFrom(other, allowOtherFromArg) | - exists(boolean otherFromArg | betweenFunctionsValueMoveToStatic(src, other, otherFromArg) | - otherFromArg = true and allowOtherFromArg = true and allowFromArg = true - or - otherFromArg = false and allowFromArg = false - ) - or - insideFunctionValueMoveTo(src, other) and allowFromArg = allowOtherFromArg - or - globalVariableValueMoveTo(src, other) and allowFromArg = true - ) - } -} - -/** Call through a function pointer. */ -deprecated library class DataSensitiveExprCall extends DataSensitiveCallExpr, ExprCall { - override Expr getSrc() { result = this.getExpr() } - - override Function resolve() { - exists(FunctionAccess fa | this.flowsFrom(fa, true) | result = fa.getTarget()) - } -} - -/** Call to a virtual function. */ -deprecated library class DataSensitiveOverriddenFunctionCall extends DataSensitiveCallExpr, - FunctionCall -{ - DataSensitiveOverriddenFunctionCall() { - exists(this.getTarget().(VirtualFunction).getAnOverridingFunction()) - } - - override Expr getSrc() { result = this.getQualifier() } - - override MemberFunction resolve() { - exists(NewExpr new | - this.flowsFrom(new, true) and - memberFunctionFromNewExpr(new, result) and - result.overrides*(this.getTarget().(VirtualFunction)) - ) - } -} - -private predicate memberFunctionFromNewExpr(NewExpr new, MemberFunction f) { - f = new.getAllocatedType().(Class).getAMemberFunction() -} - -/** Same as `betweenFunctionsValueMoveTo`, but calls are resolved to their static target. */ -private predicate betweenFunctionsValueMoveToStatic(Element src, Element dest, boolean destFromArg) { - not unreachable(src) and - not unreachable(dest) and - ( - exists(FunctionCall call, Function called, int i | - src = call.getArgument(i) and - called = call.getTarget() and - dest = called.getParameter(i) and - destFromArg = true - ) - or - // Only move the return of the function to the function itself if the value didn't came from an - // argument, or else we would taint all the calls to one function if one argument is tainted - // somewhere - exists(Function f, ReturnStmt ret | - ret.getEnclosingFunction() = f and - src = ret.getExpr() and - destFromArg = false and - dest = f - ) - or - exists(FunctionCall call, Function f | - call.getTarget() = f and - src = f and - dest = call and - destFromArg = false - ) - or - // If a parameter of type reference is tainted inside a function, taint the argument too - exists(FunctionCall call, Function f, int pi, Parameter p | - call.getTarget() = f and - f.getParameter(pi) = p and - p.getType() instanceof ReferenceType and - src = p and - dest = call.getArgument(pi) and - destFromArg = false - ) - ) -} diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/dispatch.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/dispatch.cpp deleted file mode 100644 index 95f7f790f69..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/dispatch.cpp +++ /dev/null @@ -1,74 +0,0 @@ -#include "../shared.h" - -using SinkFunction = void (*)(int); - -void notSink(int notSinkParam); - -void callsSink(int sinkParam) { // $ ir-path=31:23 ir-path=32:26 ir-path=34:17 - sink(sinkParam); // $ ast=31:28 ast=32:31 ast=34:22 ir-sink -} - -struct { - SinkFunction sinkPtr, notSinkPtr; -} globalStruct; - -union { - SinkFunction sinkPtr, notSinkPtr; -} globalUnion; - -SinkFunction globalSinkPtr; - -void assignGlobals() { - globalStruct.sinkPtr = callsSink; - globalUnion.sinkPtr = callsSink; - globalSinkPtr = callsSink; -}; - -void testStruct() { - globalStruct.sinkPtr(atoi(getenv("TAINTED"))); // $ MISSING: ir-path,ast - globalStruct.notSinkPtr(atoi(getenv("TAINTED"))); // clean - - globalUnion.sinkPtr(atoi(getenv("TAINTED"))); // $ ast ir-path - globalUnion.notSinkPtr(atoi(getenv("TAINTED"))); // $ ast ir-path - - globalSinkPtr(atoi(getenv("TAINTED"))); // $ ast ir-path -} - -class B { - public: - virtual void f(const char*) = 0; -}; - -class D1 : public B {}; - -class D2 : public D1 { - public: - void f(const char* p) override {} -}; - -class D3 : public D2 { - public: - void f(const char* p) override { // $ ir-path=58:10 ir-path=60:17 ir-path=61:28 ir-path=62:29 ir-path=63:33 SPURIOUS: ir-path=73:30 - sink(p); // $ ast=58:10 ast=60:17 ast=61:28 ast=62:29 ast=63:33 ir-sink SPURIOUS: ast=73:30 - } -}; - -void test_dynamic_cast() { - B* b = new D3(); - b->f(getenv("VAR")); // $ ast ir-path - - ((D2*)b)->f(getenv("VAR")); // $ ast ir-path - static_cast(b)->f(getenv("VAR")); // $ ast ir-path - dynamic_cast(b)->f(getenv("VAR")); // $ ast ir-path - reinterpret_cast(b)->f(getenv("VAR")); // $ ast ir-path - - B* b2 = new D2(); - b2->f(getenv("VAR")); - - ((D2*)b2)->f(getenv("VAR")); - static_cast(b2)->f(getenv("VAR")); - dynamic_cast(b2)->f(getenv("VAR")); - reinterpret_cast(b2)->f(getenv("VAR")); - - dynamic_cast(b2)->f(getenv("VAR")); // $ SPURIOUS: ast ir-path -} diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected deleted file mode 100644 index 951a6d56aa3..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.expected +++ /dev/null @@ -1,4 +0,0 @@ -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:9,8-47) -WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:20,49-74) -testFailures -failures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql deleted file mode 100644 index 92fb3994721..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/tainted.ql +++ /dev/null @@ -1,100 +0,0 @@ -/** - * This test provides the possibility to annotate elements when they are on a path of a taint flow to a sink. - * This is different when compared to the tests in `../annotate_sink`, where only sink invocations are annotated. - */ - -import cpp -import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking -import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath -import TaintedWithPath::Private -import TestUtilities.InlineExpectationsTest - -predicate isSinkArgument(Element sink) { - exists(FunctionCall call | - call.getTarget().getName() = "sink" and - sink = call.getAnArgument() - ) -} - -predicate astTaint(Expr source, Element sink) { AstTaintTracking::tainted(source, sink) } - -class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration { - override predicate isSink(Element e) { isSinkArgument(e) } -} - -predicate irTaint(Element source, TaintedWithPath::PathNode predNode, string tag) { - exists(TaintedWithPath::PathNode sinkNode | - TaintedWithPath::taintedWithPath(source, _, _, sinkNode) and - predNode = getAPredecessor*(sinkNode) and - // Make sure the path is actually reachable from this predecessor. - // Otherwise, we could pick `predNode` to be b when `source` is - // `source1` in this dataflow graph: - // source1 ---> a ---> c ---> sinkNode - // ^ - // source2 ---> b --/ - source = getElementFromPathNode(getAPredecessor*(predNode)) and - if predNode = sinkNode then tag = "ir-sink" else tag = "ir-path" - ) -} - -module IRDefaultTaintTrackingTest implements TestSig { - string getARelevantTag() { result = ["ir-path", "ir-sink"] } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Element elem, TaintedWithPath::PathNode node, int n | - irTaint(_, node, tag) and - elem = getElementFromPathNode(node) and - n = count(int startline | getAPredecessor(node).hasLocationInfo(_, startline, _, _, _)) and - location = elem.getLocation() and - element = elem.toString() - | - // Zero predecessors means it's a source, and 1 predecessor means it has a unique predecessor. - // In either of these cases we leave out the location. - n = [0, 1] and value = "" - or - // If there is more than one predecessor for this node - // we specify the source location explicitly. - n > 1 and - exists(TaintedWithPath::PathNode pred | pred = getAPredecessor(node) | - value = - getElementFromPathNode(pred).getLocation().getStartLine().toString() + ":" + - getElementFromPathNode(pred).getLocation().getStartColumn() - ) - ) - } -} - -module AstTaintTrackingTest implements TestSig { - string getARelevantTag() { result = "ast" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Expr source, Element tainted, int n | - tag = "ast" and - astTaint(source, tainted) and - ( - isSinkArgument(tainted) - or - exists(Element sink | - isSinkArgument(sink) and - astTaint(tainted, sink) - ) - ) and - n = strictcount(Expr otherSource | astTaint(otherSource, tainted)) and - ( - n = 1 and value = "" - or - // If there is more than one source for this sink - // we specify the source location explicitly. - n > 1 and - value = - source.getLocation().getStartLine().toString() + ":" + - source.getLocation().getStartColumn() - ) and - location = tainted.getLocation() and - element = tainted.toString() - ) - } -} - -import MakeTest> diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/test_diff.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/test_diff.cpp deleted file mode 100644 index 1d1d93c699d..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_path_to_sink/test_diff.cpp +++ /dev/null @@ -1,129 +0,0 @@ -#include "../shared.h" - - -struct S { - void(*f)(const char*); - - void apply(char* p) { - f(p); - } - - void (*get())(const char*) { - return f; - } -}; - -void calls_sink_with_argv(const char* a) { // $ ir-path=96:26 ir-path=102:26 - sink(a); // $ ast=96:26 ast=98:18 ir-sink -} - -extern int i; - -class BaseWithPureVirtual { -public: - virtual void f(const char*) = 0; -}; - -class DerivedCallsSink : public BaseWithPureVirtual { -public: - void f(const char* p) override { // $ ir-path - sink(p); // $ ast=108:10 ir-sink SPURIOUS: ast=111:10 - } -}; - -class DerivedDoesNotCallSink : public BaseWithPureVirtual { -public: - void f(const char* p) override {} -}; - -class DerivedCallsSinkDiamond1 : virtual public BaseWithPureVirtual { -public: - void f(const char* p) override { // $ ir-path - sink(p); // $ ast ir-sink - } -}; - -class DerivedDoesNotCallSinkDiamond2 : virtual public BaseWithPureVirtual { -public: - void f(const char* p) override {} -}; - -class DerivesMultiple : public DerivedCallsSinkDiamond1, public DerivedDoesNotCallSinkDiamond2 { - void f(const char* p) override { // $ ir-path=53:37 ir-path=115:11 - DerivedCallsSinkDiamond1::f(p); // $ ir-path - } -}; - -template -class CRTP { -public: - void f(const char* p) { // $ ir-path - static_cast(this)->g(p); // $ ir-path - } -}; - -class CRTPCallsSink : public CRTP { - public: - void g(const char* p) { // $ ir-path - sink(p); // $ ast ir-sink - } -}; - -class Derived1 : public BaseWithPureVirtual {}; - -class Derived2 : public Derived1 { - public: - void f(const char* p) override {} -}; - -class Derived3 : public Derived2 { - public: - void f(const char* p) override { // $ ir-path=124:19 ir-path=126:43 ir-path=128:44 - sink(p); // $ ast=124:19 ast=126:43 ast=128:44 ir-sink - } -}; - -class CRTPDoesNotCallSink : public CRTP { - public: - void g(const char* p) {} -}; - -int main(int argc, char *argv[]) { - sink(argv[0]); // $ ast,ir-path,ir-sink - - sink(reinterpret_cast(argv)); // $ ast,ir-sink - - calls_sink_with_argv(argv[1]); // $ ast,ir-path - - char*** p = &argv; // $ ast,ir-path - - sink(*p[0]); // $ ast ir-sink=96:26 ir-sink=98:18 ir-sink=98:17 - - calls_sink_with_argv(*p[i]); // $ ir-path=96:26 ir-path=98:18 ir-path=98:17 MISSING:ast - - sink(*(argv + 1)); // $ ast ir-path ir-sink - - BaseWithPureVirtual* b = new DerivedCallsSink; - - b->f(argv[1]); // $ ast,ir-path - - b = new DerivedDoesNotCallSink; - b->f(argv[0]); // $ SPURIOUS: ast - - BaseWithPureVirtual* b2 = new DerivesMultiple; - - b2->f(argv[i]); // $ ast,ir-path - - CRTP crtp_not_call_sink; - crtp_not_call_sink.f(argv[0]); // clean - - CRTP crtp_calls_sink; - crtp_calls_sink.f(argv[0]); // $ ast,ir-path - - Derived1* calls_sink = new Derived3; - calls_sink->f(argv[1]); // $ ast,ir-path - - static_cast(calls_sink)->f(argv[1]); // $ ast,ir-path - - dynamic_cast(calls_sink)->f(argv[1]); // $ ast,ir-path -} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp deleted file mode 100644 index 231b7dfddc1..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/defaulttainttracking.cpp +++ /dev/null @@ -1,237 +0,0 @@ -#include "../shared.h" - -int main() { - sink(_strdup(getenv("VAR"))); // $ ir MISSING: ast - sink(strdup(getenv("VAR"))); // $ ast,ir - sink(unmodeled_function(getenv("VAR"))); // clean by assumption - - char untainted_buf[100] = ""; - char buf[100] = "VAR = "; - sink(strcat(buf, getenv("VAR"))); // $ ast,ir - - sink(buf); // $ ast,ir - sink(untainted_buf); // the two buffers would be conflated if we added flow through all partial chi inputs - - return 0; -} - -typedef unsigned int inet_addr_retval; -inet_addr_retval inet_addr(const char *dotted_address); -void sink(inet_addr_retval); - -void test_indirect_arg_to_model() { - // This test is non-sensical but carefully arranged so we get data flow into - // inet_addr not through the function argument but through its associated - // read side effect. - void *env_pointer = getenv("VAR"); // env_pointer is tainted, not its data. - inet_addr_retval a = inet_addr((const char *)&env_pointer); - sink(a); // $ ast,ir -} - -namespace std { - template< class T > - T&& move( T&& t ) noexcept; -} - -void test_std_move() { - sink(std::move(getenv("VAR"))); // $ ir MISSING: ast -} - -void flow_to_outparam(char ** ret, char *arg) { - *ret = arg; -} - -void test_outparams() { - char *p2 = nullptr; - flow_to_outparam(&p2, getenv("VAR")); - sink(p2); // $ ir MISSING: ast -} - -struct XY { - int x; - int y; -}; - -void taint_y(XY *xyp) { - int tainted = getenv("VAR")[0]; - xyp->y = tainted; -} - -void test_conflated_fields3() { - XY xy; - xy.x = 0; - taint_y(&xy); - sink(xy.x); // not tainted -} - -struct Point { - int x; - int y; - - void callSink() { - sink(this->x); // $ ir MISSING: ast - sink(this->y); // not tainted - } -}; - -void test_conflated_fields1() { - Point p; - p.x = getenv("VAR")[0]; - sink(p.x); // $ ir MISSING: ast - sink(p.y); // not tainted - p.callSink(); -} - -void taint_x(Point *pp) { - pp->x = getenv("VAR")[0]; -} - -void y_to_sink(Point *pp) { - sink(pp->y); // not tainted -} - -void test_conflated_fields2() { - Point p; - taint_x(&p); - y_to_sink(&p); -} - -void sink(Point*); -void sink(Point); - -void test_field_to_obj_taint_object(Point p) { - p.x = getenv("VAR")[0]; - sink(p); // not tainted - sink(p.x); // $ ir MISSING: ast -} - -void test_field_to_obj_taint_object_addrof(Point p) { - taint_x(&p); - sink(p); // not tainted - sink(&p); // not tainted - sink(p.x); // $ ir MISSING: ast -} - -void test_field_to_obj_taint_pointer(Point* pp) { - pp->x = getenv("VAR")[0]; - sink(pp);// not tainted - sink(*pp); // not tainted -} - -void call_sink_on_object(Point* pp) { - sink(pp);// not tainted - sink(*pp);// not tainted -} - -void test_field_to_obj_taint_call_sink(Point* pp) { - pp->x = getenv("VAR")[0]; - call_sink_on_object(pp); -} - -void test_field_to_obj_taint_through_setter(Point* pp) { - taint_x(pp); - sink(pp);// not tainted - sink(*pp); // not tainted -} - -Point* getPoint(); - -void test_field_to_obj_local_variable() { - Point* pp = getPoint(); - pp->x = getenv("VAR")[0]; - sink(pp); // not tainted - sink(*pp); // not tainted -} - -void test_field_to_obj_taint_array(Point* pp, int i) { - pp[0].x = getenv("VAR")[0]; - sink(pp[i]); // not tainted - sink(pp);// not tainted - sink(*pp); // not tainted -} - -void test_field_to_obj_test_pointer_arith(Point* pp) { - (pp + sizeof(*pp))->x = getenv("VAR")[0]; - sink(pp);// not tainted - sink(pp + sizeof(*pp));// not tainted -} - -void sink(char **); - -void test_pointers1() -{ - char buffer[1024]; - char *s = getenv("VAR"); - char *ptr1, **ptr2; - char *ptr3, **ptr4; - - ptr1 = buffer; - ptr2 = &ptr1; - memcpy(buffer, s, 1024); - ptr3 = buffer; - ptr4 = &ptr3; - - sink(buffer); // $ ast,ir - sink(ptr1); // $ ast MISSING: ir - sink(ptr2); // $ SPURIOUS: ast - sink(*ptr2); // $ ast MISSING: ir - sink(ptr3); // $ ast,ir - sink(ptr4); // $ SPURIOUS: ast,ir - sink(*ptr4); // $ ast,ir -} - -void test_pointers2() -{ - char buffer[1024]; - char *s = getenv("VAR"); - char *ptr1, **ptr2; - char *ptr3, **ptr4; - - ptr1 = buffer; - ptr2 = &ptr1; - memcpy(*ptr2, s, 1024); - ptr3 = buffer; - ptr4 = &ptr3; - - sink(buffer); // $ MISSING: ast,ir - sink(ptr1); // $ ast MISSING: ir - sink(ptr2); // $ SPURIOUS: ast,ir - sink(*ptr2); // $ ast,ir - sink(ptr3); // $ MISSING: ast,ir - sink(ptr4); // clean - sink(*ptr4); // $ MISSING: ast,ir -} - -// --- recv --- - -int recv(int s, char* buf, int len, int flags); - -void test_recv() { - char buffer[1024]; - recv(0, buffer, sizeof(buffer), 0); - sink(buffer); // $ ast,ir - sink(*buffer); // $ ast,ir -} - -// --- send and related functions --- - -struct iovec { - void *iov_base; - unsigned iov_len; -}; - -int readv(int, const struct iovec*, int); - -void sink(const iovec* iovs); -void sink(iovec); - -void test_readv_and_writev(iovec* iovs) { - readv(0, iovs, 16); - sink(iovs); // $ast,ir - sink(iovs[0]); // $ast,ir - sink(*iovs); // $ast,ir - - char* p = (char*)iovs[1].iov_base; - sink(p); // $ MISSING: ast,ir - sink(*p); // $ MISSING: ast,ir -} diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp deleted file mode 100644 index f22347ba744..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/stl.cpp +++ /dev/null @@ -1,159 +0,0 @@ - -#include "../shared.h" - -typedef unsigned long size_t; - -namespace std -{ - template struct char_traits; - - typedef size_t streamsize; - - template class allocator { - public: - allocator() throw(); - }; - - template, class Allocator = allocator > - class basic_string { - public: - explicit basic_string(const Allocator& a = Allocator()); - basic_string(const charT* s, const Allocator& a = Allocator()); - - const charT* c_str() const; - }; - - typedef basic_string string; - - template > - class basic_istream /*: virtual public basic_ios - not needed for this test */ { - public: - basic_istream& operator>>(int& n); - }; - - template > - class basic_ostream /*: virtual public basic_ios - not needed for this test */ { - public: - typedef charT char_type; - basic_ostream& write(const char_type* s, streamsize n); - - basic_ostream& operator<<(int n); - }; - - template basic_ostream& operator<<(basic_ostream&, const charT*); - template basic_ostream& operator<<(basic_ostream& os, const basic_string& str); - - template> - class basic_iostream : public basic_istream, public basic_ostream { - public: - }; - - template, class Allocator = allocator> - class basic_stringstream : public basic_iostream { - public: - explicit basic_stringstream(/*ios_base::openmode which = ios_base::out|ios_base::in - not needed for this test*/); - - basic_string str() const; - }; - - using stringstream = basic_stringstream; -} - -char *source() { return getenv("USERDATA"); } -void sink(const std::string &s) {}; -void sink(const std::stringstream &s) {}; - -void test_string() -{ - char *a = source(); - std::string b("123"); - std::string c(source()); - - sink(a); // $ ast,ir - sink(b); // clean - sink(c); // $ ir MISSING: ast - sink(b.c_str()); // clean - sink(c.c_str()); // $ ir MISSING: ast -} - -void test_stringstream() -{ - std::stringstream ss1, ss2, ss3, ss4, ss5; - std::string t(source()); - - ss1 << "1234"; - ss2 << source(); - ss3 << "123" << source(); - ss4 << source() << "456"; - ss5 << t; - - sink(ss1); - sink(ss2); // $ ir MISSING: ast - sink(ss3); // $ ir MISSING: ast - sink(ss4); // $ ir MISSING: ast - sink(ss5); // $ ir MISSING: ast - sink(ss1.str()); - sink(ss2.str()); // $ ir MISSING: ast - sink(ss3.str()); // $ ir MISSING: ast - sink(ss4.str()); // $ ir MISSING: ast - sink(ss5.str()); // $ ir MISSING: ast -} - -void test_stringstream_int(int source) -{ - std::stringstream ss1, ss2; - - ss1 << 1234; - ss2 << source; - - sink(ss1); // clean - sink(ss2); // $ MISSING: ast,ir - sink(ss1.str()); // clean - sink(ss2.str()); // $ MISSING: ast,ir -} - -using namespace std; - -char *user_input() { - return source(); -} - -void sink(const char *filename, const char *mode); - -void test_strings2() -{ - string path1 = user_input(); - sink(path1.c_str(), "r"); // $ ir MISSING: ast - - string path2; - path2 = user_input(); - sink(path2.c_str(), "r"); // $ ir MISSING: ast - - string path3(user_input()); - sink(path3.c_str(), "r"); // $ ir MISSING: ast -} - -void test_string3() -{ - const char *cs = source(); - - // convert char * -> std::string - std::string ss(cs); - - sink(cs); // $ ast,ir - sink(ss); // $ ir MISSING: ast -} - -void test_string4() -{ - const char *cs = source(); - - // convert char * -> std::string - std::string ss(cs); - - // convert back std::string -> char * - cs = ss.c_str(); - - sink(cs); // $ ast,ir - sink(ss); // $ ir MISSING: ast -} diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected deleted file mode 100644 index fe5eed1b916..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.expected +++ /dev/null @@ -1,4 +0,0 @@ -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted.ql:10,8-47) -WARNING: Predicate tainted has been deprecated and may be removed in future (tainted.ql:21,3-28) -testFailures -failures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql deleted file mode 100644 index 6b51f265d1e..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/annotate_sinks_only/tainted.ql +++ /dev/null @@ -1,80 +0,0 @@ -/** - * This test provides the usual facilities to annotate taint flow when reaching a sink. - * This is different when compared to the tests in `../annotate_path_to_sink`, where all elements on a taint path to a sink - * are annotated. - */ - -import cpp -import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking -import IRDefaultTaintTracking::TaintedWithPath as TaintedWithPath -import TestUtilities.InlineExpectationsTest - -predicate argToSinkCall(Element sink) { - exists(FunctionCall call | - call.getTarget().getName() = "sink" and - sink = call.getAnArgument() - ) -} - -predicate astTaint(Expr source, Element sink) { - AstTaintTracking::tainted(source, sink) and argToSinkCall(sink) -} - -class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration { - override predicate isSink(Element e) { argToSinkCall(e) } -} - -predicate irTaint(Expr source, Element sink) { - TaintedWithPath::taintedWithPath(source, sink, _, _) -} - -module IRDefaultTaintTrackingTest implements TestSig { - string getARelevantTag() { result = "ir" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Expr source, Element tainted, int n | - tag = "ir" and - irTaint(source, tainted) and - n = strictcount(Expr otherSource | irTaint(otherSource, tainted)) and - ( - n = 1 and value = "" - or - // If there is more than one source for this sink - // we specify the source location explicitly. - n > 1 and - value = - source.getLocation().getStartLine().toString() + ":" + - source.getLocation().getStartColumn() - ) and - location = tainted.getLocation() and - element = tainted.toString() - ) - } -} - -module AstTaintTrackingTest implements TestSig { - string getARelevantTag() { result = "ast" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Expr source, Element tainted, int n | - tag = "ast" and - astTaint(source, tainted) and - n = strictcount(Expr otherSource | astTaint(otherSource, tainted)) and - ( - n = 1 and value = "" - or - // If there is more than one source for this sink - // we specify the source location explicitly. - n > 1 and - value = - source.getLocation().getStartLine().toString() + ":" + - source.getLocation().getStartColumn() - ) and - location = tainted.getLocation() and - element = tainted.toString() - ) - } -} - -import MakeTest> diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected deleted file mode 100644 index 4ebf9d0d0e0..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.expected +++ /dev/null @@ -1,4 +0,0 @@ -WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:8,3-47) -WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (global.ql:12,3-53) -failures -testFailures diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql deleted file mode 100644 index 1179c76937d..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/global.ql +++ /dev/null @@ -1,41 +0,0 @@ -import cpp -import semmle.code.cpp.security.Security -import semmle.code.cpp.security.TaintTrackingImpl as AstTaintTracking -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IRDefaultTaintTracking -import TestUtilities.InlineExpectationsTest - -predicate astTaint(Expr source, Element sink, string globalVar) { - AstTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != "" -} - -predicate irTaint(Expr source, Element sink, string globalVar) { - IRDefaultTaintTracking::taintedIncludingGlobalVars(source, sink, globalVar) and globalVar != "" -} - -module IRGlobalDefaultTaintTrackingTest implements TestSig { - string getARelevantTag() { result = "ir" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Element tainted | - tag = "ir" and - irTaint(_, tainted, value) and - location = tainted.getLocation() and - element = tainted.toString() - ) - } -} - -module AstGlobalDefaultTaintTrackingTest implements TestSig { - string getARelevantTag() { result = "ast" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - exists(Element tainted | - tag = "ast" and - astTaint(_, tainted, value) and - location = tainted.getLocation() and - element = tainted.toString() - ) - } -} - -import MakeTest> diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/globals.cpp b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/globals.cpp deleted file mode 100644 index ffc44352166..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/globals/globals.cpp +++ /dev/null @@ -1,24 +0,0 @@ -char *getenv(const char *name); -void sink(const char *sinkparam); // $ ast,ir=global1 ast,ir=global2 - -void throughLocal() { - char * local = getenv("VAR"); - sink(local); -} - -char * global1 = 0; - -void readWriteGlobal1() { - sink(global1); // $ ast,ir=global1 - global1 = getenv("VAR"); -} - -static char * global2 = 0; - -void readGlobal2() { - sink(global2); // $ ast,ir=global2 -} - -void writeGlobal2() { - global2 = getenv("VAR"); -} diff --git a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/shared.h b/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/shared.h deleted file mode 100644 index 6316152edb6..00000000000 --- a/cpp/ql/test/library-tests/dataflow/DefaultTaintTracking/shared.h +++ /dev/null @@ -1,17 +0,0 @@ -// Common declarations in this test dir should go in this file. Otherwise, some -// declarations will have multiple locations, which leads to confusing test -// output. - -void sink(const char *sinkparam); -void sink(int sinkparam); - -int atoi(const char *nptr); -char *getenv(const char *name); -char *strcat(char * s1, const char * s2); - -char *strdup(const char *string); -char *_strdup(const char *string); -char *unmodeled_function(const char *const_string); - -typedef unsigned long size_t; -void *memcpy(void *s1, const void *s2, size_t n); diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected deleted file mode 100644 index b1e0d3635a3..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.expected +++ /dev/null @@ -1,91 +0,0 @@ -WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted.ql:5,3-29) -| test.cpp:23:23:23:28 | call to getenv | test.cpp:8:24:8:25 | s1 | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:14:23:19 | envStr | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:28 | call to getenv | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:40 | (const char *)... | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:6:25:29 | ! ... | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:7:25:12 | call to strcmp | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:7:25:29 | (bool)... | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:14:25:19 | envStr | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:6:29:28 | ! ... | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:7:29:12 | call to strcmp | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:7:29:28 | (bool)... | | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:14:29:19 | envStr | | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:8:24:8:25 | s1 | | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:14:38:19 | envStr | | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:28 | call to getenv | | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:40 | (const char *)... | | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:40:14:40:19 | envStr | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:8:24:8:25 | s1 | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:45:13:45:24 | envStrGlobal | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:45:13:45:24 | envStrGlobal | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:14:49:19 | envStr | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:28 | call to getenv | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:40 | (const char *)... | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:15:50:24 | envStr_ptr | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:15:50:24 | envStr_ptr | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:28:50:40 | & ... | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:29:50:40 | envStrGlobal | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:2:52:12 | * ... | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:3:52:12 | envStr_ptr | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:16:52:21 | envStr | | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... | envStrGlobal | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal | envStrGlobal | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:10:27:10:27 | s | | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:18:60:25 | userName | | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:34 | call to getenv | | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:47 | (const char *)... | | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:64:25:64:32 | userName | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:11:20:11:21 | s1 | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:11:36:11:37 | s2 | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:67:7:67:13 | copying | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:17:68:24 | userName | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:33 | call to getenv | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:46 | (const char *)... | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:69:10:69:13 | copy | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:5:70:10 | call to strcpy | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:12:70:15 | copy | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:18:70:25 | userName | | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | copy | | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:15:22:15:25 | nptr | | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:15:75:18 | call to atoi | | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:25 | call to getenv | | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:45 | (const char *)... | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:8:24:8:25 | s1 | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:11:20:11:21 | s1 | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:11:36:11:37 | s2 | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:17:83:24 | userName | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:28:83:33 | call to getenv | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:28:83:46 | (const char *)... | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:85:8:85:11 | copy | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:2:86:7 | call to strcpy | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:9:86:12 | copy | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:15:86:22 | userName | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:6:88:27 | ! ... | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:7:88:12 | call to strcmp | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:7:88:27 | (bool)... | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:14:88:17 | (const char *)... | | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:14:88:17 | copy | | -| test.cpp:100:12:100:15 | call to gets | test.cpp:98:8:98:14 | pointer | | -| test.cpp:100:12:100:15 | call to gets | test.cpp:100:2:100:8 | pointer | | -| test.cpp:100:12:100:15 | call to gets | test.cpp:100:12:100:15 | call to gets | | -| test.cpp:100:17:100:22 | buffer | test.cpp:93:18:93:18 | s | | -| test.cpp:100:17:100:22 | buffer | test.cpp:97:7:97:12 | buffer | | -| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | buffer | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:8:24:8:25 | s1 | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:20:11:21 | s1 | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:36:11:37 | s2 | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:17:106:24 | userName | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:33 | call to getenv | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:46 | (const char *)... | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:108:8:108:11 | copy | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:2:109:7 | call to strcpy | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:9:109:12 | copy | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:15:109:22 | userName | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:6:111:27 | ! ... | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:12 | call to strcmp | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:27 | (bool)... | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | (const char *)... | | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | copy | | diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.ql b/cpp/ql/test/library-tests/dataflow/security-taint/tainted.ql deleted file mode 100644 index 4caea41850e..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted.ql +++ /dev/null @@ -1,7 +0,0 @@ -import semmle.code.cpp.security.TaintTrackingImpl - -from Expr source, Element tainted, string globalVar -where - taintedIncludingGlobalVars(source, tainted, globalVar) and - not tainted.getLocation().getFile().getExtension() = "h" -select source, tainted, globalVar diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected deleted file mode 100644 index a26a4994992..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.expected +++ /dev/null @@ -1,51 +0,0 @@ -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:5,35-54) -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:12,7-26) -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_diff.ql:16,3-22) -WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted_diff.ql:11,3-34) -WARNING: Predicate taintedIncludingGlobalVars has been deprecated and may be removed in future (tainted_diff.ql:17,7-38) -| test.cpp:23:23:23:28 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:14:23:19 | envStr | AST only | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:14:38:19 | envStr | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:45:13:45:24 | envStrGlobal | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:14:49:19 | envStr | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:15:50:24 | envStr_ptr | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:28:50:40 | & ... | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:50:29:50:40 | envStrGlobal | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:2:52:12 | * ... | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:3:52:12 | envStr_ptr | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:6:54:35 | ! ... | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:12 | call to strcmp | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:7:54:35 | (bool)... | AST only | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:54:14:54:25 | envStrGlobal | AST only | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:10:27:10:27 | s | AST only | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:18:60:25 | userName | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:11:20:11:21 | s1 | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:11:36:11:37 | s2 | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:67:7:67:13 | copying | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:17:68:24 | userName | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:69:10:69:13 | copy | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:5:70:10 | call to strcpy | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:12:70:15 | copy | AST only | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | array to pointer conversion | IR only | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:15:22:15:25 | nptr | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:11:20:11:21 | s1 | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:11:36:11:37 | s2 | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:17:83:24 | userName | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:85:8:85:11 | copy | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:2:86:7 | call to strcpy | AST only | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:9:86:12 | copy | AST only | -| test.cpp:100:12:100:15 | call to gets | test.cpp:98:8:98:14 | pointer | AST only | -| test.cpp:100:12:100:15 | call to gets | test.cpp:100:2:100:8 | pointer | AST only | -| test.cpp:100:17:100:22 | buffer | test.cpp:93:18:93:18 | s | AST only | -| test.cpp:100:17:100:22 | buffer | test.cpp:97:7:97:12 | buffer | AST only | -| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | array to pointer conversion | IR only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:8:24:8:25 | s1 | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:20:11:21 | s1 | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:11:36:11:37 | s2 | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:17:106:24 | userName | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:108:8:108:11 | copy | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:2:109:7 | call to strcpy | AST only | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:9:109:12 | copy | AST only | diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.ql b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.ql deleted file mode 100644 index 37bd9f5437d..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_diff.ql +++ /dev/null @@ -1,20 +0,0 @@ -import semmle.code.cpp.security.TaintTrackingImpl as AST -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking as IR -import cpp - -class SourceConfiguration extends IR::TaintedWithPath::TaintTrackingConfiguration { - override predicate isSink(Element e) { any() } -} - -from Expr source, Element tainted, string side -where - AST::taintedIncludingGlobalVars(source, tainted, _) and - not IR::TaintedWithPath::taintedWithPath(source, tainted, _, _) and - not tainted.getLocation().getFile().getExtension() = "h" and - side = "AST only" - or - IR::TaintedWithPath::taintedWithPath(source, tainted, _, _) and - not AST::taintedIncludingGlobalVars(source, tainted, _) and - not tainted.getLocation().getFile().getExtension() = "h" and - side = "IR only" -select source, tainted, side diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected deleted file mode 100644 index 27d00060e4c..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.expected +++ /dev/null @@ -1,48 +0,0 @@ -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_ir.ql:3,35-50) -WARNING: Module TaintedWithPath has been deprecated and may be removed in future (tainted_ir.ql:9,3-18) -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:28 | call to getenv | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:23:23:23:40 | (const char *)... | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:6:25:29 | ! ... | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:7:25:12 | call to strcmp | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:7:25:29 | (bool)... | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:25:14:25:19 | envStr | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:6:29:28 | ! ... | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:7:29:12 | call to strcmp | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:7:29:28 | (bool)... | -| test.cpp:23:23:23:28 | call to getenv | test.cpp:29:14:29:19 | envStr | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:28 | call to getenv | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:38:23:38:40 | (const char *)... | -| test.cpp:38:23:38:28 | call to getenv | test.cpp:40:14:40:19 | envStr | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:28 | call to getenv | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:49:23:49:40 | (const char *)... | -| test.cpp:49:23:49:28 | call to getenv | test.cpp:52:16:52:21 | envStr | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:34 | call to getenv | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:60:29:60:47 | (const char *)... | -| test.cpp:60:29:60:34 | call to getenv | test.cpp:64:25:64:32 | userName | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:33 | call to getenv | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:68:28:68:46 | (const char *)... | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:70:18:70:25 | userName | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | array to pointer conversion | -| test.cpp:68:28:68:33 | call to getenv | test.cpp:71:12:71:15 | copy | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:15:75:18 | call to atoi | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:25 | call to getenv | -| test.cpp:75:20:75:25 | call to getenv | test.cpp:75:20:75:45 | (const char *)... | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:28:83:33 | call to getenv | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:83:28:83:46 | (const char *)... | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:86:15:86:22 | userName | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:6:88:27 | ! ... | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:7:88:12 | call to strcmp | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:7:88:27 | (bool)... | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:14:88:17 | (const char *)... | -| test.cpp:83:28:83:33 | call to getenv | test.cpp:88:14:88:17 | copy | -| test.cpp:100:12:100:15 | call to gets | test.cpp:100:12:100:15 | call to gets | -| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | array to pointer conversion | -| test.cpp:100:17:100:22 | buffer | test.cpp:100:17:100:22 | buffer | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:33 | call to getenv | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:106:28:106:46 | (const char *)... | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:109:15:109:22 | userName | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:6:111:27 | ! ... | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:12 | call to strcmp | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:7:111:27 | (bool)... | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | (const char *)... | -| test.cpp:106:28:106:33 | call to getenv | test.cpp:111:14:111:17 | copy | diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.ql b/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.ql deleted file mode 100644 index 2a07e444cf9..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/tainted_ir.ql +++ /dev/null @@ -1,11 +0,0 @@ -import semmle.code.cpp.ir.dataflow.DefaultTaintTracking - -class SourceConfiguration extends TaintedWithPath::TaintTrackingConfiguration { - override predicate isSink(Element e) { any() } -} - -from Expr source, Element tainted -where - TaintedWithPath::taintedWithPath(source, tainted, _, _) and - not tainted.getLocation().getFile().getExtension() = "h" -select source, tainted diff --git a/cpp/ql/test/library-tests/dataflow/security-taint/test.cpp b/cpp/ql/test/library-tests/dataflow/security-taint/test.cpp deleted file mode 100644 index f25f9eeb697..00000000000 --- a/cpp/ql/test/library-tests/dataflow/security-taint/test.cpp +++ /dev/null @@ -1,114 +0,0 @@ -// Test for the general-purpose taint-tracking -// mechanism that is used by several of the security queries. - -///// Library functions ////// - -typedef unsigned long size_t; - -int strcmp(const char *s1, const char *s2); -char *getenv(const char *name); -size_t strlen(const char *s); -char *strcpy(char *s1, const char *s2); - -void *malloc(size_t size); - -int atoi(const char *nptr); - -//// Test code ///// - -bool isAdmin = false; - -void test1() -{ - const char *envStr = getenv("USERINFO"); - - if (!strcmp(envStr, "admin")) { - isAdmin = true; - } - - if (!strcmp(envStr, "none")) { - isAdmin = false; - } -} - -extern const char *specialUser; - -void test2() -{ - const char *envStr = getenv("USERINFO"); - - if (!strcmp(envStr, specialUser)) { - isAdmin = true; - } -} - -const char *envStrGlobal; - -void test3() -{ - const char *envStr = getenv("USERINFO"); - const char **envStr_ptr = &envStrGlobal; - - *envStr_ptr = envStr; - - if (!strcmp(envStrGlobal, "admin")) { - isAdmin = true; - } -} - -void bugWithBinop() { - const char *userName = getenv("USER_NAME"); - - // The following is tainted, but should not cause - // the whole program to be considered tainted. - int bytes = strlen(userName) + 1; -} - -char* copying() { - const char *userName = getenv("USER_NAME"); - char copy[1024]; - strcpy(copy, userName); - return copy; // copy should be tainted -} - -void guard() { - int len = atoi(getenv("FOOBAZ_BRANCHING")); - if (len > 1000) return; - char **node = (char **) malloc(len * sizeof(char *)); -} - -const char *alias_global; - -void mallocBuffer() { - const char *userName = getenv("USER_NAME"); - char *alias = (char*)malloc(4096); - char *copy = (char*)malloc(4096); - strcpy(copy, userName); - alias_global = alias; // to force a Chi node on all aliased memory - if (!strcmp(copy, "admin")) { // copy should be tainted - isAdmin = true; - } -} - -char *gets(char *s); - -void test_gets() -{ - char buffer[1024]; - char *pointer; - - pointer = gets(buffer); -} - -const char *alias_global_new; - -void newBuffer() { - const char *userName = getenv("USER_NAME"); - char *alias = new char[4096]; - char *copy = new char[4096]; - strcpy(copy, userName); - alias_global_new = alias; // to force a Chi node on all aliased memory - if (!strcmp(copy, "admin")) { // copy should be tainted - isAdmin = true; - } -} \ No newline at end of file From 3492b4820a86bd5f08a2ac31f2a1ba8a5b28ada9 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Wed, 29 Nov 2023 20:54:50 +0000 Subject: [PATCH 02/31] Swift: extract types for patterns --- .../translators/PatternTranslator.cpp | 24 ++++++++-------- .../extractor/translators/PatternTranslator.h | 8 ++++++ swift/ql/.generated.list | 6 ++-- swift/ql/lib/codeql/swift/generated/Raw.qll | 7 ++++- .../swift/generated/pattern/Pattern.qll | 28 ++++++++++++++++++- swift/ql/lib/swift.dbscheme | 6 ++++ .../swift.dbscheme.stats | 4 +++ swift/schema.py | 2 +- 8 files changed, 68 insertions(+), 17 deletions(-) create mode 100644 swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats diff --git a/swift/extractor/translators/PatternTranslator.cpp b/swift/extractor/translators/PatternTranslator.cpp index 195e9af3378..2277696e08b 100644 --- a/swift/extractor/translators/PatternTranslator.cpp +++ b/swift/extractor/translators/PatternTranslator.cpp @@ -3,40 +3,42 @@ namespace codeql { codeql::NamedPattern PatternTranslator::translateNamedPattern(const swift::NamedPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + + auto entry = createPatternEntry(pattern); + entry.name = pattern.getNameStr().str(); entry.var_decl = dispatcher.fetchLabel(pattern.getDecl()); return entry; } codeql::TypedPattern PatternTranslator::translateTypedPattern(const swift::TypedPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.sub_pattern = dispatcher.fetchLabel(pattern.getSubPattern()); entry.type_repr = dispatcher.fetchOptionalLabel(pattern.getTypeRepr(), pattern.getType()); return entry; } codeql::TuplePattern PatternTranslator::translateTuplePattern(const swift::TuplePattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); for (const auto& p : pattern.getElements()) { entry.elements.push_back(dispatcher.fetchLabel(p.getPattern())); } return entry; } codeql::AnyPattern PatternTranslator::translateAnyPattern(const swift::AnyPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); return entry; } codeql::BindingPattern PatternTranslator::translateBindingPattern( const swift::BindingPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.sub_pattern = dispatcher.fetchLabel(pattern.getSubPattern()); return entry; } codeql::EnumElementPattern PatternTranslator::translateEnumElementPattern( const swift::EnumElementPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.element = dispatcher.fetchLabel(pattern.getElementDecl()); entry.sub_pattern = dispatcher.fetchOptionalLabel(pattern.getSubPattern()); return entry; @@ -44,13 +46,13 @@ codeql::EnumElementPattern PatternTranslator::translateEnumElementPattern( codeql::OptionalSomePattern PatternTranslator::translateOptionalSomePattern( const swift::OptionalSomePattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.sub_pattern = dispatcher.fetchLabel(pattern.getSubPattern()); return entry; } codeql::IsPattern PatternTranslator::translateIsPattern(const swift::IsPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.cast_type_repr = dispatcher.fetchOptionalLabel(pattern.getCastTypeRepr(), pattern.getCastType()); entry.sub_pattern = dispatcher.fetchOptionalLabel(pattern.getSubPattern()); @@ -58,7 +60,7 @@ codeql::IsPattern PatternTranslator::translateIsPattern(const swift::IsPattern& } codeql::ExprPattern PatternTranslator::translateExprPattern(const swift::ExprPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); if (auto match = pattern.getMatchExpr()) { entry.sub_expr = dispatcher.fetchLabel(match); } else { @@ -68,13 +70,13 @@ codeql::ExprPattern PatternTranslator::translateExprPattern(const swift::ExprPat } codeql::ParenPattern PatternTranslator::translateParenPattern(const swift::ParenPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.sub_pattern = dispatcher.fetchLabel(pattern.getSubPattern()); return entry; } codeql::BoolPattern PatternTranslator::translateBoolPattern(const swift::BoolPattern& pattern) { - auto entry = dispatcher.createEntry(pattern); + auto entry = createPatternEntry(pattern); entry.value = pattern.getValue(); return entry; } diff --git a/swift/extractor/translators/PatternTranslator.h b/swift/extractor/translators/PatternTranslator.h index 6584a2785b6..0756e70150c 100644 --- a/swift/extractor/translators/PatternTranslator.h +++ b/swift/extractor/translators/PatternTranslator.h @@ -23,5 +23,13 @@ class PatternTranslator : public AstTranslatorBase { codeql::ExprPattern translateExprPattern(const swift::ExprPattern& pattern); codeql::ParenPattern translateParenPattern(const swift::ParenPattern& pattern); codeql::BoolPattern translateBoolPattern(const swift::BoolPattern& pattern); + + private: + template + TrapClassOf createPatternEntry(const T& pattern) { + auto entry = dispatcher.createEntry(pattern); + entry.type = dispatcher.fetchOptionalLabel(pattern.getType()); + return entry; + } }; } // namespace codeql diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 86b411fa38c..e6e778ebdd9 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -407,10 +407,10 @@ lib/codeql/swift/generated/Locatable.qll 6cb437dd7ff7331429ec6586b0af50b1af15e4f lib/codeql/swift/generated/Location.qll 3f3bad413be87d05a596fe7b8004f415c2caa98cb759021a6aad20b589b7d700 ed30ed646962b3ffb6b47c97c6434fe47a6b1ea8e3f2e0589577bea5cf96c88e lib/codeql/swift/generated/MacroRole.qll aaf5631c49de81e046854955341202d6d3516713cd09bc2e7b870e40c261cc9f 6cd17d40cbf1d8fa4ef01dfb8b3462b7cee902e6058fb76417c2035be12481d1 lib/codeql/swift/generated/OtherAvailabilitySpec.qll 06393a08e8da36106c5ec6efb9f1bd56a5c7b3d3f3d0bcefc6fa07fa96860c31 06393a08e8da36106c5ec6efb9f1bd56a5c7b3d3f3d0bcefc6fa07fa96860c31 -lib/codeql/swift/generated/ParentChild.qll 281ac5b565c0d8b2c9cfc1a524024e3a2514034a5266b7a7d75ab3770fc398d3 2829f5e61adbd863f4ad823ecfd7c1bb5eccaf14bb121b85ad460175b733fe30 +lib/codeql/swift/generated/ParentChild.qll 523f0fdf11a8007a80b35d7f8b99f736face08513311c8e998ca20ae1e535ebe 2829f5e61adbd863f4ad823ecfd7c1bb5eccaf14bb121b85ad460175b733fe30 lib/codeql/swift/generated/PlatformVersionAvailabilitySpec.qll 5355be9da8b778d1d8ae60d25d9c3394477da24f94e8a6ab4484c6a16d07cd7c 075438c1762ec0a7775004b39032dcf85aada038a4269e6f428c34b8282786e9 lib/codeql/swift/generated/PureSynthConstructors.qll 40f5c0c573ce12f16322d9efb12306750f672254cbc36a200c298cb08e504229 40f5c0c573ce12f16322d9efb12306750f672254cbc36a200c298cb08e504229 -lib/codeql/swift/generated/Raw.qll 1915a5a46c0ba57ebc8a0e41c4e49e3f3d9ee21cd863d1c9a8a0a455e5e9e24a 04f4a7eb8deb7f501e4a98563283094e1d53f8f0f8c82809ed05a5e99dff6787 +lib/codeql/swift/generated/Raw.qll 252bb96829d1c284ec8036e54f14db83d5a3c9be1c2bdc05bc7add7cf46ca618 4cdc6643270b2fc78805635a738dfd506bdee9dc770bc74ec66558c1efff7697 lib/codeql/swift/generated/Synth.qll b8bf274c60f60df473ed9093b50906822613dee047bda19ad37d07c308f04564 692590b0b18556a23cc1de0c8a60fd17534791dccb876cab85170bbf78392bd1 lib/codeql/swift/generated/SynthConstructors.qll d3b4b5d93be989004d7c05bbc32a5b859eaad768b4a52cfb01a767c90542f9a4 d3b4b5d93be989004d7c05bbc32a5b859eaad768b4a52cfb01a767c90542f9a4 lib/codeql/swift/generated/UnknownFile.qll 5325944cf96a72d5d224597745e15960fb6a9448b96b6644ececd6344dfd9d74 5325944cf96a72d5d224597745e15960fb6a9448b96b6644ececd6344dfd9d74 @@ -598,7 +598,7 @@ lib/codeql/swift/generated/pattern/IsPattern.qll e7f07b8788fa9146222bd2a11ee95ff lib/codeql/swift/generated/pattern/NamedPattern.qll fe1a2a14423410c58bdfff496c50bbaf3990420ee72f3924d7bc190c9aee8dec a4acf22a77764575e1e7351dc99c682e9dba3df79adaeae1c716d4305b1e5fb9 lib/codeql/swift/generated/pattern/OptionalSomePattern.qll 91dacbff67ce93fac560eee6991729e12f00b768f3d55d8423840478f0aa10f6 3dab75289fe8e90eed5ddaad9b8064ffd4c5d74c25a6fa929d4406212f7371ca lib/codeql/swift/generated/pattern/ParenPattern.qll 91d0cfe2cc1b1f321e252798469fb8f0dfcca91c8b1e1a120f3ffef317ef1391 ee1ceaa127d4fd5826e637f741d3a90fa9cf474ee8d4a4fdf39b4e680b7d7111 -lib/codeql/swift/generated/pattern/Pattern.qll 09438ac3d6a84171b2d3b98d9a2331c0f5c14c9ef5df4cd5bc6650bd6a246032 f1ba81c3f87a71da3be416735026ff0e476ed74f017dced77a1cc78dfc0e2e68 +lib/codeql/swift/generated/pattern/Pattern.qll 4da3547291a5078cc5c9d607440dd814a123302517087aa85b3c2f8da0437dbb 0ef78e49d9ec683559bf42fd5b3335a66a063afb29db6fc61467c703323cded4 lib/codeql/swift/generated/pattern/TuplePattern.qll d3477149a849f6e6076967d8369de531f9047ad0b8fa50081b9575337a8b97ea 8ae46d5e763e23e88a24b95731caa940f7b476a54d41f7fd35856266209a397a lib/codeql/swift/generated/pattern/TypedPattern.qll 5831d67d800c60619de0043f61ba316fa8f3c6b6c135c7efbbabd918bf30d455 e6867d3501168c2953db83f3a69fd327b366a5e4038916afabdc7997b0c743bd lib/codeql/swift/generated/stmt/BraceStmt.qll 8ba805c9798a7b5c83b30230f9eec5ad991fdbb0dc6060a15e7dd36579433cf2 7104211507d4f64056cf698d282778d68224240e79674085d1165fd25197fa92 diff --git a/swift/ql/lib/codeql/swift/generated/Raw.qll b/swift/ql/lib/codeql/swift/generated/Raw.qll index e97af0aa19b..01f1f7e3179 100644 --- a/swift/ql/lib/codeql/swift/generated/Raw.qll +++ b/swift/ql/lib/codeql/swift/generated/Raw.qll @@ -2552,7 +2552,12 @@ module Raw { /** * INTERNAL: Do not use. */ - class Pattern extends @pattern, AstNode { } + class Pattern extends @pattern, AstNode { + /** + * Gets the type of this pattern, if it exists. + */ + Type getType() { pattern_types(this, result) } + } /** * INTERNAL: Do not use. diff --git a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll index 565f60f3910..c87d2324939 100644 --- a/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll +++ b/swift/ql/lib/codeql/swift/generated/pattern/Pattern.qll @@ -7,6 +7,7 @@ private import codeql.swift.generated.Synth private import codeql.swift.generated.Raw import codeql.swift.elements.AstNode +import codeql.swift.elements.type.Type /** * INTERNAL: This module contains the fully generated definition of `Pattern` and should not @@ -17,5 +18,30 @@ module Generated { * INTERNAL: Do not reference the `Generated::Pattern` class directly. * Use the subclass `Pattern`, where the following predicates are available. */ - class Pattern extends Synth::TPattern, AstNode { } + class Pattern extends Synth::TPattern, AstNode { + /** + * Gets the type of this pattern, if it exists. + * + * This includes nodes from the "hidden" AST. It can be overridden in subclasses to change the + * behavior of both the `Immediate` and non-`Immediate` versions. + */ + Type getImmediateType() { + result = Synth::convertTypeFromRaw(Synth::convertPatternToRaw(this).(Raw::Pattern).getType()) + } + + /** + * Gets the type of this pattern, if it exists. + */ + final Type getType() { + exists(Type immediate | + immediate = this.getImmediateType() and + if exists(this.getResolveStep()) then result = immediate else result = immediate.resolve() + ) + } + + /** + * Holds if `getType()` exists. + */ + final predicate hasType() { exists(this.getType()) } + } } diff --git a/swift/ql/lib/swift.dbscheme b/swift/ql/lib/swift.dbscheme index b83ff9c60c2..60be249ad16 100644 --- a/swift/ql/lib/swift.dbscheme +++ b/swift/ql/lib/swift.dbscheme @@ -1706,6 +1706,12 @@ integer_literal_exprs( //dir=expr | @typed_pattern ; +#keyset[id] +pattern_types( //dir=pattern + int id: @pattern ref, + int type_: @type_or_none ref +); + any_patterns( //dir=pattern unique int id: @any_pattern ); diff --git a/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats b/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats new file mode 100644 index 00000000000..9995467e33e --- /dev/null +++ b/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats @@ -0,0 +1,4 @@ + + + + diff --git a/swift/schema.py b/swift/schema.py index d65183d8313..1513c46c3e0 100644 --- a/swift/schema.py +++ b/swift/schema.py @@ -103,7 +103,7 @@ class Expr(AstNode): @group("pattern") @ql.hideable class Pattern(AstNode): - pass + type: optional[Type] @group("stmt") class Stmt(AstNode): From ade4809d9b82cac9441ec01e6ed7c4cc67e6cdc7 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 23 Oct 2023 18:27:27 +0000 Subject: [PATCH 03/31] Swift: upgrade/downgrade for pattern types --- .../old.dbscheme | 2780 +++++++++++++++++ .../swift.dbscheme | 2774 ++++++++++++++++ .../upgrade.properties | 4 + .../old.dbscheme | 2774 ++++++++++++++++ .../swift.dbscheme | 2780 +++++++++++++++++ .../upgrade.properties | 2 + 6 files changed, 11114 insertions(+) create mode 100644 swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/old.dbscheme create mode 100644 swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/swift.dbscheme create mode 100644 swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/upgrade.properties create mode 100644 swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/old.dbscheme create mode 100644 swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/swift.dbscheme create mode 100644 swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/upgrade.properties diff --git a/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/old.dbscheme b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/old.dbscheme new file mode 100644 index 00000000000..60be249ad16 --- /dev/null +++ b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/old.dbscheme @@ -0,0 +1,2780 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @macro_role +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +macro_roles( + unique int id: @macro_role, + int kind: int ref, + int macro_syntax: int ref +); + +#keyset[id, index] +macro_role_conformances( + int id: @macro_role ref, + int index: int ref, + int conformance: @type_expr_or_none ref +); + +#keyset[id, index] +macro_role_names( + int id: @macro_role ref, + int index: int ref, + string name: string ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +#keyset[id, index] +unspecified_element_children( + int id: @unspecified_element ref, + int index: int ref, + int child: @ast_node_or_none ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @macro_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @macro_decl +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +macro_decls( //dir=decl + unique int id: @macro_decl, + string name: string ref +); + +#keyset[id, index] +macro_decl_parameters( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int parameter: @param_decl_or_none ref +); + +#keyset[id, index] +macro_decl_roles( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int role: @macro_role_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_inherited_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int inherited_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @consume_expr +| @copy_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @materialize_pack_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @pack_element_expr +| @pack_expansion_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @single_value_stmt_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +consume_exprs( //dir=expr + unique int id: @consume_expr, + int sub_expr: @expr_or_none ref +); + +copy_exprs( //dir=expr + unique int id: @copy_expr, + int sub_expr: @expr_or_none ref +); + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @borrow_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +materialize_pack_exprs( //dir=expr + unique int id: @materialize_pack_expr, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +pack_element_exprs( //dir=expr + unique int id: @pack_element_expr, + int sub_expr: @expr_or_none ref +); + +pack_expansion_exprs( //dir=expr + unique int id: @pack_expansion_expr, + int pattern_expr: @expr_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +single_value_stmt_exprs( //dir=expr + unique int id: @single_value_stmt_expr, + int stmt: @stmt_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +borrow_exprs( //dir=expr + unique int id: @borrow_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +#keyset[id] +pattern_types( //dir=pattern + int id: @pattern ref, + int type_: @type_or_none ref +); + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + int var_decl: @var_decl_or_none ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @discard_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +discard_stmts( //dir=stmt + unique int id: @discard_stmt, + int sub_expr: @expr_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +#keyset[id] +for_each_stmt_iterator_vars( //dir=stmt + int id: @for_each_stmt ref, + int iteratorVar: @pattern_binding_decl_or_none ref +); + +#keyset[id] +for_each_stmt_next_calls( //dir=stmt + int id: @for_each_stmt ref, + int nextCall: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @pack_element_type +| @pack_expansion_type +| @pack_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +pack_element_types( //dir=type + unique int id: @pack_element_type, + int pack_type: @type_or_none ref +); + +pack_expansion_types( //dir=type + unique int id: @pack_expansion_type, + int pattern_type: @type_or_none ref, + int count_type: @type_or_none ref +); + +pack_types( //dir=type + unique int id: @pack_type +); + +#keyset[id, index] +pack_type_elements( //dir=type + int id: @pack_type ref, + int index: int ref, + int element: @type_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @local_archetype_type +| @opaque_type_archetype_type +| @pack_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@local_archetype_type = + @element_archetype_type +| @opened_archetype_type +; + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +pack_archetype_types( //dir=type + unique int id: @pack_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +element_archetype_types( //dir=type + unique int id: @element_archetype_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@closure_expr_or_none = + @closure_expr +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@macro_role_or_none = + @macro_role +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_expr_or_none = + @type_expr +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/swift.dbscheme b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/swift.dbscheme new file mode 100644 index 00000000000..b83ff9c60c2 --- /dev/null +++ b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/swift.dbscheme @@ -0,0 +1,2774 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @macro_role +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +macro_roles( + unique int id: @macro_role, + int kind: int ref, + int macro_syntax: int ref +); + +#keyset[id, index] +macro_role_conformances( + int id: @macro_role ref, + int index: int ref, + int conformance: @type_expr_or_none ref +); + +#keyset[id, index] +macro_role_names( + int id: @macro_role ref, + int index: int ref, + string name: string ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +#keyset[id, index] +unspecified_element_children( + int id: @unspecified_element ref, + int index: int ref, + int child: @ast_node_or_none ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @macro_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @macro_decl +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +macro_decls( //dir=decl + unique int id: @macro_decl, + string name: string ref +); + +#keyset[id, index] +macro_decl_parameters( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int parameter: @param_decl_or_none ref +); + +#keyset[id, index] +macro_decl_roles( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int role: @macro_role_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_inherited_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int inherited_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @consume_expr +| @copy_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @materialize_pack_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @pack_element_expr +| @pack_expansion_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @single_value_stmt_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +consume_exprs( //dir=expr + unique int id: @consume_expr, + int sub_expr: @expr_or_none ref +); + +copy_exprs( //dir=expr + unique int id: @copy_expr, + int sub_expr: @expr_or_none ref +); + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @borrow_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +materialize_pack_exprs( //dir=expr + unique int id: @materialize_pack_expr, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +pack_element_exprs( //dir=expr + unique int id: @pack_element_expr, + int sub_expr: @expr_or_none ref +); + +pack_expansion_exprs( //dir=expr + unique int id: @pack_expansion_expr, + int pattern_expr: @expr_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +single_value_stmt_exprs( //dir=expr + unique int id: @single_value_stmt_expr, + int stmt: @stmt_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +borrow_exprs( //dir=expr + unique int id: @borrow_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + int var_decl: @var_decl_or_none ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @discard_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +discard_stmts( //dir=stmt + unique int id: @discard_stmt, + int sub_expr: @expr_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +#keyset[id] +for_each_stmt_iterator_vars( //dir=stmt + int id: @for_each_stmt ref, + int iteratorVar: @pattern_binding_decl_or_none ref +); + +#keyset[id] +for_each_stmt_next_calls( //dir=stmt + int id: @for_each_stmt ref, + int nextCall: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @pack_element_type +| @pack_expansion_type +| @pack_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +pack_element_types( //dir=type + unique int id: @pack_element_type, + int pack_type: @type_or_none ref +); + +pack_expansion_types( //dir=type + unique int id: @pack_expansion_type, + int pattern_type: @type_or_none ref, + int count_type: @type_or_none ref +); + +pack_types( //dir=type + unique int id: @pack_type +); + +#keyset[id, index] +pack_type_elements( //dir=type + int id: @pack_type ref, + int index: int ref, + int element: @type_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @local_archetype_type +| @opaque_type_archetype_type +| @pack_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@local_archetype_type = + @element_archetype_type +| @opened_archetype_type +; + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +pack_archetype_types( //dir=type + unique int id: @pack_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +element_archetype_types( //dir=type + unique int id: @element_archetype_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@closure_expr_or_none = + @closure_expr +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@macro_role_or_none = + @macro_role +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_expr_or_none = + @type_expr +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/upgrade.properties b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/upgrade.properties new file mode 100644 index 00000000000..3f43923ad6c --- /dev/null +++ b/swift/downgrades/60be249ad164f6e4b43c203323f1b3956dc97c2f/upgrade.properties @@ -0,0 +1,4 @@ +description: Remove types for patterns +compatibility: partial + +pattern_types.rel: delete \ No newline at end of file diff --git a/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/old.dbscheme b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/old.dbscheme new file mode 100644 index 00000000000..b83ff9c60c2 --- /dev/null +++ b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/old.dbscheme @@ -0,0 +1,2774 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @macro_role +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +macro_roles( + unique int id: @macro_role, + int kind: int ref, + int macro_syntax: int ref +); + +#keyset[id, index] +macro_role_conformances( + int id: @macro_role ref, + int index: int ref, + int conformance: @type_expr_or_none ref +); + +#keyset[id, index] +macro_role_names( + int id: @macro_role ref, + int index: int ref, + string name: string ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +#keyset[id, index] +unspecified_element_children( + int id: @unspecified_element ref, + int index: int ref, + int child: @ast_node_or_none ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @macro_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @macro_decl +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +macro_decls( //dir=decl + unique int id: @macro_decl, + string name: string ref +); + +#keyset[id, index] +macro_decl_parameters( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int parameter: @param_decl_or_none ref +); + +#keyset[id, index] +macro_decl_roles( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int role: @macro_role_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_inherited_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int inherited_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @consume_expr +| @copy_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @materialize_pack_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @pack_element_expr +| @pack_expansion_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @single_value_stmt_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +consume_exprs( //dir=expr + unique int id: @consume_expr, + int sub_expr: @expr_or_none ref +); + +copy_exprs( //dir=expr + unique int id: @copy_expr, + int sub_expr: @expr_or_none ref +); + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @borrow_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +materialize_pack_exprs( //dir=expr + unique int id: @materialize_pack_expr, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +pack_element_exprs( //dir=expr + unique int id: @pack_element_expr, + int sub_expr: @expr_or_none ref +); + +pack_expansion_exprs( //dir=expr + unique int id: @pack_expansion_expr, + int pattern_expr: @expr_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +single_value_stmt_exprs( //dir=expr + unique int id: @single_value_stmt_expr, + int stmt: @stmt_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +borrow_exprs( //dir=expr + unique int id: @borrow_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + int var_decl: @var_decl_or_none ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @discard_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +discard_stmts( //dir=stmt + unique int id: @discard_stmt, + int sub_expr: @expr_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +#keyset[id] +for_each_stmt_iterator_vars( //dir=stmt + int id: @for_each_stmt ref, + int iteratorVar: @pattern_binding_decl_or_none ref +); + +#keyset[id] +for_each_stmt_next_calls( //dir=stmt + int id: @for_each_stmt ref, + int nextCall: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @pack_element_type +| @pack_expansion_type +| @pack_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +pack_element_types( //dir=type + unique int id: @pack_element_type, + int pack_type: @type_or_none ref +); + +pack_expansion_types( //dir=type + unique int id: @pack_expansion_type, + int pattern_type: @type_or_none ref, + int count_type: @type_or_none ref +); + +pack_types( //dir=type + unique int id: @pack_type +); + +#keyset[id, index] +pack_type_elements( //dir=type + int id: @pack_type ref, + int index: int ref, + int element: @type_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @local_archetype_type +| @opaque_type_archetype_type +| @pack_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@local_archetype_type = + @element_archetype_type +| @opened_archetype_type +; + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +pack_archetype_types( //dir=type + unique int id: @pack_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +element_archetype_types( //dir=type + unique int id: @element_archetype_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@closure_expr_or_none = + @closure_expr +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@macro_role_or_none = + @macro_role +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_expr_or_none = + @type_expr +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/swift.dbscheme b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/swift.dbscheme new file mode 100644 index 00000000000..60be249ad16 --- /dev/null +++ b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/swift.dbscheme @@ -0,0 +1,2780 @@ +// generated by codegen/codegen.py + +// from prefix.dbscheme +/** + * The source location of the snapshot. + */ +sourceLocationPrefix( + string prefix: string ref +); + + +// from schema.py + +@element = + @callable +| @file +| @generic_context +| @locatable +| @location +| @type +; + +#keyset[id] +element_is_unknown( + int id: @element ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_names( + int id: @callable ref, + string name: string ref +); + +#keyset[id] +callable_self_params( + int id: @callable ref, + int self_param: @param_decl_or_none ref +); + +#keyset[id, index] +callable_params( + int id: @callable ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +#keyset[id] +callable_bodies( + int id: @callable ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id, index] +callable_captures( + int id: @callable ref, + int index: int ref, + int capture: @captured_decl_or_none ref +); + +@file = + @db_file +; + +#keyset[id] +files( + int id: @file ref, + string name: string ref +); + +#keyset[id] +file_is_successfully_extracted( + int id: @file ref +); + +@locatable = + @argument +| @ast_node +| @comment +| @diagnostics +| @error_element +; + +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_or_none ref +); + +@location = + @db_location +; + +#keyset[id] +locations( + int id: @location ref, + int file: @file_or_none ref, + int start_line: int ref, + int start_column: int ref, + int end_line: int ref, + int end_column: int ref +); + +@ast_node = + @availability_info +| @availability_spec +| @case_label_item +| @condition_element +| @decl +| @expr +| @key_path_component +| @macro_role +| @pattern +| @stmt +| @stmt_condition +| @type_repr +; + +comments( + unique int id: @comment, + string text: string ref +); + +db_files( + unique int id: @db_file +); + +db_locations( + unique int id: @db_location +); + +diagnostics( + unique int id: @diagnostics, + string text: string ref, + int kind: int ref +); + +@error_element = + @error_expr +| @error_type +| @overloaded_decl_ref_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_chain_result_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @unresolved_type +| @unresolved_type_conversion_expr +| @unspecified_element +; + +availability_infos( + unique int id: @availability_info +); + +#keyset[id] +availability_info_is_unavailable( + int id: @availability_info ref +); + +#keyset[id, index] +availability_info_specs( + int id: @availability_info ref, + int index: int ref, + int spec: @availability_spec_or_none ref +); + +@availability_spec = + @other_availability_spec +| @platform_version_availability_spec +; + +key_path_components( + unique int id: @key_path_component, + int kind: int ref, + int component_type: @type_or_none ref +); + +#keyset[id, index] +key_path_component_subscript_arguments( + int id: @key_path_component ref, + int index: int ref, + int subscript_argument: @argument_or_none ref +); + +#keyset[id] +key_path_component_tuple_indices( + int id: @key_path_component ref, + int tuple_index: int ref +); + +#keyset[id] +key_path_component_decl_refs( + int id: @key_path_component ref, + int decl_ref: @value_decl_or_none ref +); + +macro_roles( + unique int id: @macro_role, + int kind: int ref, + int macro_syntax: int ref +); + +#keyset[id, index] +macro_role_conformances( + int id: @macro_role ref, + int index: int ref, + int conformance: @type_expr_or_none ref +); + +#keyset[id, index] +macro_role_names( + int id: @macro_role ref, + int index: int ref, + string name: string ref +); + +unspecified_elements( + unique int id: @unspecified_element, + string property: string ref, + string error: string ref +); + +#keyset[id] +unspecified_element_parents( + int id: @unspecified_element ref, + int parent: @element ref +); + +#keyset[id] +unspecified_element_indices( + int id: @unspecified_element ref, + int index: int ref +); + +#keyset[id, index] +unspecified_element_children( + int id: @unspecified_element ref, + int index: int ref, + int child: @ast_node_or_none ref +); + +other_availability_specs( + unique int id: @other_availability_spec +); + +platform_version_availability_specs( + unique int id: @platform_version_availability_spec, + string platform: string ref, + string version: string ref +); + +@decl = + @captured_decl +| @enum_case_decl +| @extension_decl +| @if_config_decl +| @import_decl +| @missing_member_decl +| @operator_decl +| @pattern_binding_decl +| @pound_diagnostic_decl +| @precedence_group_decl +| @top_level_code_decl +| @value_decl +; + +#keyset[id] +decls( //dir=decl + int id: @decl ref, + int module: @module_decl_or_none ref +); + +#keyset[id, index] +decl_members( //dir=decl + int id: @decl ref, + int index: int ref, + int member: @decl_or_none ref +); + +@generic_context = + @extension_decl +| @function +| @generic_type_decl +| @macro_decl +| @subscript_decl +; + +#keyset[id, index] +generic_context_generic_type_params( //dir=decl + int id: @generic_context ref, + int index: int ref, + int generic_type_param: @generic_type_param_decl_or_none ref +); + +captured_decls( //dir=decl + unique int id: @captured_decl, + int decl: @value_decl_or_none ref +); + +#keyset[id] +captured_decl_is_direct( //dir=decl + int id: @captured_decl ref +); + +#keyset[id] +captured_decl_is_escaping( //dir=decl + int id: @captured_decl ref +); + +enum_case_decls( //dir=decl + unique int id: @enum_case_decl +); + +#keyset[id, index] +enum_case_decl_elements( //dir=decl + int id: @enum_case_decl ref, + int index: int ref, + int element: @enum_element_decl_or_none ref +); + +extension_decls( //dir=decl + unique int id: @extension_decl, + int extended_type_decl: @nominal_type_decl_or_none ref +); + +#keyset[id, index] +extension_decl_protocols( //dir=decl + int id: @extension_decl ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +if_config_decls( //dir=decl + unique int id: @if_config_decl +); + +#keyset[id, index] +if_config_decl_active_elements( //dir=decl + int id: @if_config_decl ref, + int index: int ref, + int active_element: @ast_node_or_none ref +); + +import_decls( //dir=decl + unique int id: @import_decl +); + +#keyset[id] +import_decl_is_exported( //dir=decl + int id: @import_decl ref +); + +#keyset[id] +import_decl_imported_modules( //dir=decl + int id: @import_decl ref, + int imported_module: @module_decl_or_none ref +); + +#keyset[id, index] +import_decl_declarations( //dir=decl + int id: @import_decl ref, + int index: int ref, + int declaration: @value_decl_or_none ref +); + +missing_member_decls( //dir=decl + unique int id: @missing_member_decl, + string name: string ref +); + +@operator_decl = + @infix_operator_decl +| @postfix_operator_decl +| @prefix_operator_decl +; + +#keyset[id] +operator_decls( //dir=decl + int id: @operator_decl ref, + string name: string ref +); + +pattern_binding_decls( //dir=decl + unique int id: @pattern_binding_decl +); + +#keyset[id, index] +pattern_binding_decl_inits( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int init: @expr_or_none ref +); + +#keyset[id, index] +pattern_binding_decl_patterns( //dir=decl + int id: @pattern_binding_decl ref, + int index: int ref, + int pattern: @pattern_or_none ref +); + +pound_diagnostic_decls( //dir=decl + unique int id: @pound_diagnostic_decl, + int kind: int ref, + int message: @string_literal_expr_or_none ref +); + +precedence_group_decls( //dir=decl + unique int id: @precedence_group_decl +); + +top_level_code_decls( //dir=decl + unique int id: @top_level_code_decl, + int body: @brace_stmt_or_none ref +); + +@value_decl = + @abstract_storage_decl +| @enum_element_decl +| @function +| @macro_decl +| @type_decl +; + +#keyset[id] +value_decls( //dir=decl + int id: @value_decl ref, + int interface_type: @type_or_none ref +); + +@abstract_storage_decl = + @subscript_decl +| @var_decl +; + +#keyset[id, index] +abstract_storage_decl_accessors( //dir=decl + int id: @abstract_storage_decl ref, + int index: int ref, + int accessor: @accessor_or_none ref +); + +enum_element_decls( //dir=decl + unique int id: @enum_element_decl, + string name: string ref +); + +#keyset[id, index] +enum_element_decl_params( //dir=decl + int id: @enum_element_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@function = + @accessor_or_named_function +| @deinitializer +| @initializer +; + +infix_operator_decls( //dir=decl + unique int id: @infix_operator_decl +); + +#keyset[id] +infix_operator_decl_precedence_groups( //dir=decl + int id: @infix_operator_decl ref, + int precedence_group: @precedence_group_decl_or_none ref +); + +macro_decls( //dir=decl + unique int id: @macro_decl, + string name: string ref +); + +#keyset[id, index] +macro_decl_parameters( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int parameter: @param_decl_or_none ref +); + +#keyset[id, index] +macro_decl_roles( //dir=decl + int id: @macro_decl ref, + int index: int ref, + int role: @macro_role_or_none ref +); + +postfix_operator_decls( //dir=decl + unique int id: @postfix_operator_decl +); + +prefix_operator_decls( //dir=decl + unique int id: @prefix_operator_decl +); + +@type_decl = + @abstract_type_param_decl +| @generic_type_decl +| @module_decl +; + +#keyset[id] +type_decls( //dir=decl + int id: @type_decl ref, + string name: string ref +); + +#keyset[id, index] +type_decl_inherited_types( //dir=decl + int id: @type_decl ref, + int index: int ref, + int inherited_type: @type_or_none ref +); + +@abstract_type_param_decl = + @associated_type_decl +| @generic_type_param_decl +; + +@accessor_or_named_function = + @accessor +| @named_function +; + +deinitializers( //dir=decl + unique int id: @deinitializer +); + +@generic_type_decl = + @nominal_type_decl +| @opaque_type_decl +| @type_alias_decl +; + +initializers( //dir=decl + unique int id: @initializer +); + +module_decls( //dir=decl + unique int id: @module_decl +); + +#keyset[id] +module_decl_is_builtin_module( //dir=decl + int id: @module_decl ref +); + +#keyset[id] +module_decl_is_system_module( //dir=decl + int id: @module_decl ref +); + +module_decl_imported_modules( //dir=decl + int id: @module_decl ref, + int imported_module: @module_decl_or_none ref +); + +module_decl_exported_modules( //dir=decl + int id: @module_decl ref, + int exported_module: @module_decl_or_none ref +); + +subscript_decls( //dir=decl + unique int id: @subscript_decl, + int element_type: @type_or_none ref +); + +#keyset[id, index] +subscript_decl_params( //dir=decl + int id: @subscript_decl ref, + int index: int ref, + int param: @param_decl_or_none ref +); + +@var_decl = + @concrete_var_decl +| @param_decl +; + +#keyset[id] +var_decls( //dir=decl + int id: @var_decl ref, + string name: string ref, + int type_: @type_or_none ref +); + +#keyset[id] +var_decl_attached_property_wrapper_types( //dir=decl + int id: @var_decl ref, + int attached_property_wrapper_type: @type_or_none ref +); + +#keyset[id] +var_decl_parent_patterns( //dir=decl + int id: @var_decl ref, + int parent_pattern: @pattern_or_none ref +); + +#keyset[id] +var_decl_parent_initializers( //dir=decl + int id: @var_decl ref, + int parent_initializer: @expr_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_backing_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_backing_var: @var_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_var_bindings( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +var_decl_property_wrapper_projection_vars( //dir=decl + int id: @var_decl ref, + int property_wrapper_projection_var: @var_decl_or_none ref +); + +accessors( //dir=decl + unique int id: @accessor +); + +#keyset[id] +accessor_is_getter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_setter( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_will_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_did_set( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_read( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_modify( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_address( //dir=decl + int id: @accessor ref +); + +#keyset[id] +accessor_is_unsafe_mutable_address( //dir=decl + int id: @accessor ref +); + +associated_type_decls( //dir=decl + unique int id: @associated_type_decl +); + +concrete_var_decls( //dir=decl + unique int id: @concrete_var_decl, + int introducer_int: int ref +); + +generic_type_param_decls( //dir=decl + unique int id: @generic_type_param_decl +); + +named_functions( //dir=decl + unique int id: @named_function +); + +@nominal_type_decl = + @class_decl +| @enum_decl +| @protocol_decl +| @struct_decl +; + +#keyset[id] +nominal_type_decls( //dir=decl + int id: @nominal_type_decl ref, + int type_: @type_or_none ref +); + +opaque_type_decls( //dir=decl + unique int id: @opaque_type_decl, + int naming_declaration: @value_decl_or_none ref +); + +#keyset[id, index] +opaque_type_decl_opaque_generic_params( //dir=decl + int id: @opaque_type_decl ref, + int index: int ref, + int opaque_generic_param: @generic_type_param_type_or_none ref +); + +param_decls( //dir=decl + unique int id: @param_decl +); + +#keyset[id] +param_decl_is_inout( //dir=decl + int id: @param_decl ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_var_bindings( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var_binding: @pattern_binding_decl_or_none ref +); + +#keyset[id] +param_decl_property_wrapper_local_wrapped_vars( //dir=decl + int id: @param_decl ref, + int property_wrapper_local_wrapped_var: @var_decl_or_none ref +); + +type_alias_decls( //dir=decl + unique int id: @type_alias_decl, + int aliased_type: @type_or_none ref +); + +class_decls( //dir=decl + unique int id: @class_decl +); + +enum_decls( //dir=decl + unique int id: @enum_decl +); + +protocol_decls( //dir=decl + unique int id: @protocol_decl +); + +struct_decls( //dir=decl + unique int id: @struct_decl +); + +arguments( //dir=expr + unique int id: @argument, + string label: string ref, + int expr: @expr_or_none ref +); + +@expr = + @any_try_expr +| @applied_property_wrapper_expr +| @apply_expr +| @assign_expr +| @bind_optional_expr +| @capture_list_expr +| @closure_expr +| @collection_expr +| @consume_expr +| @copy_expr +| @decl_ref_expr +| @default_argument_expr +| @discard_assignment_expr +| @dot_syntax_base_ignored_expr +| @dynamic_type_expr +| @enum_is_case_expr +| @error_expr +| @explicit_cast_expr +| @force_value_expr +| @identity_expr +| @if_expr +| @implicit_conversion_expr +| @in_out_expr +| @key_path_application_expr +| @key_path_dot_expr +| @key_path_expr +| @lazy_initialization_expr +| @literal_expr +| @lookup_expr +| @make_temporarily_escapable_expr +| @materialize_pack_expr +| @obj_c_selector_expr +| @one_way_expr +| @opaque_value_expr +| @open_existential_expr +| @optional_evaluation_expr +| @other_initializer_ref_expr +| @overloaded_decl_ref_expr +| @pack_element_expr +| @pack_expansion_expr +| @property_wrapper_value_placeholder_expr +| @rebind_self_in_initializer_expr +| @sequence_expr +| @single_value_stmt_expr +| @super_ref_expr +| @tap_expr +| @tuple_element_expr +| @tuple_expr +| @type_expr +| @unresolved_decl_ref_expr +| @unresolved_dot_expr +| @unresolved_member_expr +| @unresolved_pattern_expr +| @unresolved_specialize_expr +| @vararg_expansion_expr +; + +#keyset[id] +expr_types( //dir=expr + int id: @expr ref, + int type_: @type_or_none ref +); + +@any_try_expr = + @force_try_expr +| @optional_try_expr +| @try_expr +; + +#keyset[id] +any_try_exprs( //dir=expr + int id: @any_try_expr ref, + int sub_expr: @expr_or_none ref +); + +applied_property_wrapper_exprs( //dir=expr + unique int id: @applied_property_wrapper_expr, + int kind: int ref, + int value: @expr_or_none ref, + int param: @param_decl_or_none ref +); + +@apply_expr = + @binary_expr +| @call_expr +| @postfix_unary_expr +| @prefix_unary_expr +| @self_apply_expr +; + +#keyset[id] +apply_exprs( //dir=expr + int id: @apply_expr ref, + int function: @expr_or_none ref +); + +#keyset[id, index] +apply_expr_arguments( //dir=expr + int id: @apply_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +assign_exprs( //dir=expr + unique int id: @assign_expr, + int dest: @expr_or_none ref, + int source: @expr_or_none ref +); + +bind_optional_exprs( //dir=expr + unique int id: @bind_optional_expr, + int sub_expr: @expr_or_none ref +); + +capture_list_exprs( //dir=expr + unique int id: @capture_list_expr, + int closure_body: @closure_expr_or_none ref +); + +#keyset[id, index] +capture_list_expr_binding_decls( //dir=expr + int id: @capture_list_expr ref, + int index: int ref, + int binding_decl: @pattern_binding_decl_or_none ref +); + +@closure_expr = + @auto_closure_expr +| @explicit_closure_expr +; + +@collection_expr = + @array_expr +| @dictionary_expr +; + +consume_exprs( //dir=expr + unique int id: @consume_expr, + int sub_expr: @expr_or_none ref +); + +copy_exprs( //dir=expr + unique int id: @copy_expr, + int sub_expr: @expr_or_none ref +); + +decl_ref_exprs( //dir=expr + unique int id: @decl_ref_expr, + int decl: @decl_or_none ref +); + +#keyset[id, index] +decl_ref_expr_replacement_types( //dir=expr + int id: @decl_ref_expr ref, + int index: int ref, + int replacement_type: @type_or_none ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_ordinary_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +#keyset[id] +decl_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @decl_ref_expr ref +); + +default_argument_exprs( //dir=expr + unique int id: @default_argument_expr, + int param_decl: @param_decl_or_none ref, + int param_index: int ref +); + +#keyset[id] +default_argument_expr_caller_side_defaults( //dir=expr + int id: @default_argument_expr ref, + int caller_side_default: @expr_or_none ref +); + +discard_assignment_exprs( //dir=expr + unique int id: @discard_assignment_expr +); + +dot_syntax_base_ignored_exprs( //dir=expr + unique int id: @dot_syntax_base_ignored_expr, + int qualifier: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +dynamic_type_exprs( //dir=expr + unique int id: @dynamic_type_expr, + int base: @expr_or_none ref +); + +enum_is_case_exprs( //dir=expr + unique int id: @enum_is_case_expr, + int sub_expr: @expr_or_none ref, + int element: @enum_element_decl_or_none ref +); + +error_exprs( //dir=expr + unique int id: @error_expr +); + +@explicit_cast_expr = + @checked_cast_expr +| @coerce_expr +; + +#keyset[id] +explicit_cast_exprs( //dir=expr + int id: @explicit_cast_expr ref, + int sub_expr: @expr_or_none ref +); + +force_value_exprs( //dir=expr + unique int id: @force_value_expr, + int sub_expr: @expr_or_none ref +); + +@identity_expr = + @await_expr +| @borrow_expr +| @dot_self_expr +| @paren_expr +| @unresolved_member_chain_result_expr +; + +#keyset[id] +identity_exprs( //dir=expr + int id: @identity_expr ref, + int sub_expr: @expr_or_none ref +); + +if_exprs( //dir=expr + unique int id: @if_expr, + int condition: @expr_or_none ref, + int then_expr: @expr_or_none ref, + int else_expr: @expr_or_none ref +); + +@implicit_conversion_expr = + @abi_safe_conversion_expr +| @any_hashable_erasure_expr +| @archetype_to_super_expr +| @array_to_pointer_expr +| @bridge_from_obj_c_expr +| @bridge_to_obj_c_expr +| @class_metatype_to_object_expr +| @collection_upcast_conversion_expr +| @conditional_bridge_from_obj_c_expr +| @covariant_function_conversion_expr +| @covariant_return_conversion_expr +| @derived_to_base_expr +| @destructure_tuple_expr +| @differentiable_function_expr +| @differentiable_function_extract_original_expr +| @erasure_expr +| @existential_metatype_to_object_expr +| @foreign_object_conversion_expr +| @function_conversion_expr +| @in_out_to_pointer_expr +| @inject_into_optional_expr +| @linear_function_expr +| @linear_function_extract_original_expr +| @linear_to_differentiable_function_expr +| @load_expr +| @metatype_conversion_expr +| @pointer_to_pointer_expr +| @protocol_metatype_to_object_expr +| @string_to_pointer_expr +| @underlying_to_opaque_expr +| @unevaluated_instance_expr +| @unresolved_type_conversion_expr +; + +#keyset[id] +implicit_conversion_exprs( //dir=expr + int id: @implicit_conversion_expr ref, + int sub_expr: @expr_or_none ref +); + +in_out_exprs( //dir=expr + unique int id: @in_out_expr, + int sub_expr: @expr_or_none ref +); + +key_path_application_exprs( //dir=expr + unique int id: @key_path_application_expr, + int base: @expr_or_none ref, + int key_path: @expr_or_none ref +); + +key_path_dot_exprs( //dir=expr + unique int id: @key_path_dot_expr +); + +key_path_exprs( //dir=expr + unique int id: @key_path_expr +); + +#keyset[id] +key_path_expr_roots( //dir=expr + int id: @key_path_expr ref, + int root: @type_repr_or_none ref +); + +#keyset[id, index] +key_path_expr_components( //dir=expr + int id: @key_path_expr ref, + int index: int ref, + int component: @key_path_component_or_none ref +); + +lazy_initialization_exprs( //dir=expr + unique int id: @lazy_initialization_expr, + int sub_expr: @expr_or_none ref +); + +@literal_expr = + @builtin_literal_expr +| @interpolated_string_literal_expr +| @nil_literal_expr +| @object_literal_expr +| @regex_literal_expr +; + +@lookup_expr = + @dynamic_lookup_expr +| @member_ref_expr +| @subscript_expr +; + +#keyset[id] +lookup_exprs( //dir=expr + int id: @lookup_expr ref, + int base: @expr_or_none ref +); + +#keyset[id] +lookup_expr_members( //dir=expr + int id: @lookup_expr ref, + int member: @decl_or_none ref +); + +make_temporarily_escapable_exprs( //dir=expr + unique int id: @make_temporarily_escapable_expr, + int escaping_closure: @opaque_value_expr_or_none ref, + int nonescaping_closure: @expr_or_none ref, + int sub_expr: @expr_or_none ref +); + +materialize_pack_exprs( //dir=expr + unique int id: @materialize_pack_expr, + int sub_expr: @expr_or_none ref +); + +obj_c_selector_exprs( //dir=expr + unique int id: @obj_c_selector_expr, + int sub_expr: @expr_or_none ref, + int method: @function_or_none ref +); + +one_way_exprs( //dir=expr + unique int id: @one_way_expr, + int sub_expr: @expr_or_none ref +); + +opaque_value_exprs( //dir=expr + unique int id: @opaque_value_expr +); + +open_existential_exprs( //dir=expr + unique int id: @open_existential_expr, + int sub_expr: @expr_or_none ref, + int existential: @expr_or_none ref, + int opaque_expr: @opaque_value_expr_or_none ref +); + +optional_evaluation_exprs( //dir=expr + unique int id: @optional_evaluation_expr, + int sub_expr: @expr_or_none ref +); + +other_initializer_ref_exprs( //dir=expr + unique int id: @other_initializer_ref_expr, + int initializer: @initializer_or_none ref +); + +overloaded_decl_ref_exprs( //dir=expr + unique int id: @overloaded_decl_ref_expr +); + +#keyset[id, index] +overloaded_decl_ref_expr_possible_declarations( //dir=expr + int id: @overloaded_decl_ref_expr ref, + int index: int ref, + int possible_declaration: @value_decl_or_none ref +); + +pack_element_exprs( //dir=expr + unique int id: @pack_element_expr, + int sub_expr: @expr_or_none ref +); + +pack_expansion_exprs( //dir=expr + unique int id: @pack_expansion_expr, + int pattern_expr: @expr_or_none ref +); + +property_wrapper_value_placeholder_exprs( //dir=expr + unique int id: @property_wrapper_value_placeholder_expr, + int placeholder: @opaque_value_expr_or_none ref +); + +#keyset[id] +property_wrapper_value_placeholder_expr_wrapped_values( //dir=expr + int id: @property_wrapper_value_placeholder_expr ref, + int wrapped_value: @expr_or_none ref +); + +rebind_self_in_initializer_exprs( //dir=expr + unique int id: @rebind_self_in_initializer_expr, + int sub_expr: @expr_or_none ref, + int self: @var_decl_or_none ref +); + +sequence_exprs( //dir=expr + unique int id: @sequence_expr +); + +#keyset[id, index] +sequence_expr_elements( //dir=expr + int id: @sequence_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +single_value_stmt_exprs( //dir=expr + unique int id: @single_value_stmt_expr, + int stmt: @stmt_or_none ref +); + +super_ref_exprs( //dir=expr + unique int id: @super_ref_expr, + int self: @var_decl_or_none ref +); + +tap_exprs( //dir=expr + unique int id: @tap_expr, + int body: @brace_stmt_or_none ref, + int var: @var_decl_or_none ref +); + +#keyset[id] +tap_expr_sub_exprs( //dir=expr + int id: @tap_expr ref, + int sub_expr: @expr_or_none ref +); + +tuple_element_exprs( //dir=expr + unique int id: @tuple_element_expr, + int sub_expr: @expr_or_none ref, + int index: int ref +); + +tuple_exprs( //dir=expr + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_elements( //dir=expr + int id: @tuple_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +type_exprs( //dir=expr + unique int id: @type_expr +); + +#keyset[id] +type_expr_type_reprs( //dir=expr + int id: @type_expr ref, + int type_repr: @type_repr_or_none ref +); + +unresolved_decl_ref_exprs( //dir=expr + unique int id: @unresolved_decl_ref_expr +); + +#keyset[id] +unresolved_decl_ref_expr_names( //dir=expr + int id: @unresolved_decl_ref_expr ref, + string name: string ref +); + +unresolved_dot_exprs( //dir=expr + unique int id: @unresolved_dot_expr, + int base: @expr_or_none ref, + string name: string ref +); + +unresolved_member_exprs( //dir=expr + unique int id: @unresolved_member_expr, + string name: string ref +); + +unresolved_pattern_exprs( //dir=expr + unique int id: @unresolved_pattern_expr, + int sub_pattern: @pattern_or_none ref +); + +unresolved_specialize_exprs( //dir=expr + unique int id: @unresolved_specialize_expr, + int sub_expr: @expr_or_none ref +); + +vararg_expansion_exprs( //dir=expr + unique int id: @vararg_expansion_expr, + int sub_expr: @expr_or_none ref +); + +abi_safe_conversion_exprs( //dir=expr + unique int id: @abi_safe_conversion_expr +); + +any_hashable_erasure_exprs( //dir=expr + unique int id: @any_hashable_erasure_expr +); + +archetype_to_super_exprs( //dir=expr + unique int id: @archetype_to_super_expr +); + +array_exprs( //dir=expr + unique int id: @array_expr +); + +#keyset[id, index] +array_expr_elements( //dir=expr + int id: @array_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +array_to_pointer_exprs( //dir=expr + unique int id: @array_to_pointer_expr +); + +auto_closure_exprs( //dir=expr + unique int id: @auto_closure_expr +); + +await_exprs( //dir=expr + unique int id: @await_expr +); + +binary_exprs( //dir=expr + unique int id: @binary_expr +); + +borrow_exprs( //dir=expr + unique int id: @borrow_expr +); + +bridge_from_obj_c_exprs( //dir=expr + unique int id: @bridge_from_obj_c_expr +); + +bridge_to_obj_c_exprs( //dir=expr + unique int id: @bridge_to_obj_c_expr +); + +@builtin_literal_expr = + @boolean_literal_expr +| @magic_identifier_literal_expr +| @number_literal_expr +| @string_literal_expr +; + +call_exprs( //dir=expr + unique int id: @call_expr +); + +@checked_cast_expr = + @conditional_checked_cast_expr +| @forced_checked_cast_expr +| @is_expr +; + +class_metatype_to_object_exprs( //dir=expr + unique int id: @class_metatype_to_object_expr +); + +coerce_exprs( //dir=expr + unique int id: @coerce_expr +); + +collection_upcast_conversion_exprs( //dir=expr + unique int id: @collection_upcast_conversion_expr +); + +conditional_bridge_from_obj_c_exprs( //dir=expr + unique int id: @conditional_bridge_from_obj_c_expr +); + +covariant_function_conversion_exprs( //dir=expr + unique int id: @covariant_function_conversion_expr +); + +covariant_return_conversion_exprs( //dir=expr + unique int id: @covariant_return_conversion_expr +); + +derived_to_base_exprs( //dir=expr + unique int id: @derived_to_base_expr +); + +destructure_tuple_exprs( //dir=expr + unique int id: @destructure_tuple_expr +); + +dictionary_exprs( //dir=expr + unique int id: @dictionary_expr +); + +#keyset[id, index] +dictionary_expr_elements( //dir=expr + int id: @dictionary_expr ref, + int index: int ref, + int element: @expr_or_none ref +); + +differentiable_function_exprs( //dir=expr + unique int id: @differentiable_function_expr +); + +differentiable_function_extract_original_exprs( //dir=expr + unique int id: @differentiable_function_extract_original_expr +); + +dot_self_exprs( //dir=expr + unique int id: @dot_self_expr +); + +@dynamic_lookup_expr = + @dynamic_member_ref_expr +| @dynamic_subscript_expr +; + +erasure_exprs( //dir=expr + unique int id: @erasure_expr +); + +existential_metatype_to_object_exprs( //dir=expr + unique int id: @existential_metatype_to_object_expr +); + +explicit_closure_exprs( //dir=expr + unique int id: @explicit_closure_expr +); + +force_try_exprs( //dir=expr + unique int id: @force_try_expr +); + +foreign_object_conversion_exprs( //dir=expr + unique int id: @foreign_object_conversion_expr +); + +function_conversion_exprs( //dir=expr + unique int id: @function_conversion_expr +); + +in_out_to_pointer_exprs( //dir=expr + unique int id: @in_out_to_pointer_expr +); + +inject_into_optional_exprs( //dir=expr + unique int id: @inject_into_optional_expr +); + +interpolated_string_literal_exprs( //dir=expr + unique int id: @interpolated_string_literal_expr +); + +#keyset[id] +interpolated_string_literal_expr_interpolation_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int interpolation_expr: @opaque_value_expr_or_none ref +); + +#keyset[id] +interpolated_string_literal_expr_appending_exprs( //dir=expr + int id: @interpolated_string_literal_expr ref, + int appending_expr: @tap_expr_or_none ref +); + +linear_function_exprs( //dir=expr + unique int id: @linear_function_expr +); + +linear_function_extract_original_exprs( //dir=expr + unique int id: @linear_function_extract_original_expr +); + +linear_to_differentiable_function_exprs( //dir=expr + unique int id: @linear_to_differentiable_function_expr +); + +load_exprs( //dir=expr + unique int id: @load_expr +); + +member_ref_exprs( //dir=expr + unique int id: @member_ref_expr +); + +#keyset[id] +member_ref_expr_has_direct_to_storage_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_ordinary_semantics( //dir=expr + int id: @member_ref_expr ref +); + +#keyset[id] +member_ref_expr_has_distributed_thunk_semantics( //dir=expr + int id: @member_ref_expr ref +); + +metatype_conversion_exprs( //dir=expr + unique int id: @metatype_conversion_expr +); + +nil_literal_exprs( //dir=expr + unique int id: @nil_literal_expr +); + +object_literal_exprs( //dir=expr + unique int id: @object_literal_expr, + int kind: int ref +); + +#keyset[id, index] +object_literal_expr_arguments( //dir=expr + int id: @object_literal_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +optional_try_exprs( //dir=expr + unique int id: @optional_try_expr +); + +paren_exprs( //dir=expr + unique int id: @paren_expr +); + +pointer_to_pointer_exprs( //dir=expr + unique int id: @pointer_to_pointer_expr +); + +postfix_unary_exprs( //dir=expr + unique int id: @postfix_unary_expr +); + +prefix_unary_exprs( //dir=expr + unique int id: @prefix_unary_expr +); + +protocol_metatype_to_object_exprs( //dir=expr + unique int id: @protocol_metatype_to_object_expr +); + +regex_literal_exprs( //dir=expr + unique int id: @regex_literal_expr, + string pattern: string ref, + int version: int ref +); + +@self_apply_expr = + @dot_syntax_call_expr +| @initializer_ref_call_expr +; + +#keyset[id] +self_apply_exprs( //dir=expr + int id: @self_apply_expr ref, + int base: @expr_or_none ref +); + +string_to_pointer_exprs( //dir=expr + unique int id: @string_to_pointer_expr +); + +subscript_exprs( //dir=expr + unique int id: @subscript_expr +); + +#keyset[id, index] +subscript_expr_arguments( //dir=expr + int id: @subscript_expr ref, + int index: int ref, + int argument: @argument_or_none ref +); + +#keyset[id] +subscript_expr_has_direct_to_storage_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_direct_to_implementation_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_ordinary_semantics( //dir=expr + int id: @subscript_expr ref +); + +#keyset[id] +subscript_expr_has_distributed_thunk_semantics( //dir=expr + int id: @subscript_expr ref +); + +try_exprs( //dir=expr + unique int id: @try_expr +); + +underlying_to_opaque_exprs( //dir=expr + unique int id: @underlying_to_opaque_expr +); + +unevaluated_instance_exprs( //dir=expr + unique int id: @unevaluated_instance_expr +); + +unresolved_member_chain_result_exprs( //dir=expr + unique int id: @unresolved_member_chain_result_expr +); + +unresolved_type_conversion_exprs( //dir=expr + unique int id: @unresolved_type_conversion_expr +); + +boolean_literal_exprs( //dir=expr + unique int id: @boolean_literal_expr, + boolean value: boolean ref +); + +conditional_checked_cast_exprs( //dir=expr + unique int id: @conditional_checked_cast_expr +); + +dot_syntax_call_exprs( //dir=expr + unique int id: @dot_syntax_call_expr +); + +dynamic_member_ref_exprs( //dir=expr + unique int id: @dynamic_member_ref_expr +); + +dynamic_subscript_exprs( //dir=expr + unique int id: @dynamic_subscript_expr +); + +forced_checked_cast_exprs( //dir=expr + unique int id: @forced_checked_cast_expr +); + +initializer_ref_call_exprs( //dir=expr + unique int id: @initializer_ref_call_expr +); + +is_exprs( //dir=expr + unique int id: @is_expr +); + +magic_identifier_literal_exprs( //dir=expr + unique int id: @magic_identifier_literal_expr, + string kind: string ref +); + +@number_literal_expr = + @float_literal_expr +| @integer_literal_expr +; + +string_literal_exprs( //dir=expr + unique int id: @string_literal_expr, + string value: string ref +); + +float_literal_exprs( //dir=expr + unique int id: @float_literal_expr, + string string_value: string ref +); + +integer_literal_exprs( //dir=expr + unique int id: @integer_literal_expr, + string string_value: string ref +); + +@pattern = + @any_pattern +| @binding_pattern +| @bool_pattern +| @enum_element_pattern +| @expr_pattern +| @is_pattern +| @named_pattern +| @optional_some_pattern +| @paren_pattern +| @tuple_pattern +| @typed_pattern +; + +#keyset[id] +pattern_types( //dir=pattern + int id: @pattern ref, + int type_: @type_or_none ref +); + +any_patterns( //dir=pattern + unique int id: @any_pattern +); + +binding_patterns( //dir=pattern + unique int id: @binding_pattern, + int sub_pattern: @pattern_or_none ref +); + +bool_patterns( //dir=pattern + unique int id: @bool_pattern, + boolean value: boolean ref +); + +enum_element_patterns( //dir=pattern + unique int id: @enum_element_pattern, + int element: @enum_element_decl_or_none ref +); + +#keyset[id] +enum_element_pattern_sub_patterns( //dir=pattern + int id: @enum_element_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +expr_patterns( //dir=pattern + unique int id: @expr_pattern, + int sub_expr: @expr_or_none ref +); + +is_patterns( //dir=pattern + unique int id: @is_pattern +); + +#keyset[id] +is_pattern_cast_type_reprs( //dir=pattern + int id: @is_pattern ref, + int cast_type_repr: @type_repr_or_none ref +); + +#keyset[id] +is_pattern_sub_patterns( //dir=pattern + int id: @is_pattern ref, + int sub_pattern: @pattern_or_none ref +); + +named_patterns( //dir=pattern + unique int id: @named_pattern, + int var_decl: @var_decl_or_none ref +); + +optional_some_patterns( //dir=pattern + unique int id: @optional_some_pattern, + int sub_pattern: @pattern_or_none ref +); + +paren_patterns( //dir=pattern + unique int id: @paren_pattern, + int sub_pattern: @pattern_or_none ref +); + +tuple_patterns( //dir=pattern + unique int id: @tuple_pattern +); + +#keyset[id, index] +tuple_pattern_elements( //dir=pattern + int id: @tuple_pattern ref, + int index: int ref, + int element: @pattern_or_none ref +); + +typed_patterns( //dir=pattern + unique int id: @typed_pattern, + int sub_pattern: @pattern_or_none ref +); + +#keyset[id] +typed_pattern_type_reprs( //dir=pattern + int id: @typed_pattern ref, + int type_repr: @type_repr_or_none ref +); + +case_label_items( //dir=stmt + unique int id: @case_label_item, + int pattern: @pattern_or_none ref +); + +#keyset[id] +case_label_item_guards( //dir=stmt + int id: @case_label_item ref, + int guard: @expr_or_none ref +); + +condition_elements( //dir=stmt + unique int id: @condition_element +); + +#keyset[id] +condition_element_booleans( //dir=stmt + int id: @condition_element ref, + int boolean_: @expr_or_none ref +); + +#keyset[id] +condition_element_patterns( //dir=stmt + int id: @condition_element ref, + int pattern: @pattern_or_none ref +); + +#keyset[id] +condition_element_initializers( //dir=stmt + int id: @condition_element ref, + int initializer: @expr_or_none ref +); + +#keyset[id] +condition_element_availabilities( //dir=stmt + int id: @condition_element ref, + int availability: @availability_info_or_none ref +); + +@stmt = + @brace_stmt +| @break_stmt +| @case_stmt +| @continue_stmt +| @defer_stmt +| @discard_stmt +| @fail_stmt +| @fallthrough_stmt +| @labeled_stmt +| @pound_assert_stmt +| @return_stmt +| @throw_stmt +| @yield_stmt +; + +stmt_conditions( //dir=stmt + unique int id: @stmt_condition +); + +#keyset[id, index] +stmt_condition_elements( //dir=stmt + int id: @stmt_condition ref, + int index: int ref, + int element: @condition_element_or_none ref +); + +brace_stmts( //dir=stmt + unique int id: @brace_stmt +); + +#keyset[id, index] +brace_stmt_elements( //dir=stmt + int id: @brace_stmt ref, + int index: int ref, + int element: @ast_node_or_none ref +); + +break_stmts( //dir=stmt + unique int id: @break_stmt +); + +#keyset[id] +break_stmt_target_names( //dir=stmt + int id: @break_stmt ref, + string target_name: string ref +); + +#keyset[id] +break_stmt_targets( //dir=stmt + int id: @break_stmt ref, + int target: @stmt_or_none ref +); + +case_stmts( //dir=stmt + unique int id: @case_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +case_stmt_labels( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int label: @case_label_item_or_none ref +); + +#keyset[id, index] +case_stmt_variables( //dir=stmt + int id: @case_stmt ref, + int index: int ref, + int variable: @var_decl_or_none ref +); + +continue_stmts( //dir=stmt + unique int id: @continue_stmt +); + +#keyset[id] +continue_stmt_target_names( //dir=stmt + int id: @continue_stmt ref, + string target_name: string ref +); + +#keyset[id] +continue_stmt_targets( //dir=stmt + int id: @continue_stmt ref, + int target: @stmt_or_none ref +); + +defer_stmts( //dir=stmt + unique int id: @defer_stmt, + int body: @brace_stmt_or_none ref +); + +discard_stmts( //dir=stmt + unique int id: @discard_stmt, + int sub_expr: @expr_or_none ref +); + +fail_stmts( //dir=stmt + unique int id: @fail_stmt +); + +fallthrough_stmts( //dir=stmt + unique int id: @fallthrough_stmt, + int fallthrough_source: @case_stmt_or_none ref, + int fallthrough_dest: @case_stmt_or_none ref +); + +@labeled_stmt = + @do_catch_stmt +| @do_stmt +| @for_each_stmt +| @labeled_conditional_stmt +| @repeat_while_stmt +| @switch_stmt +; + +#keyset[id] +labeled_stmt_labels( //dir=stmt + int id: @labeled_stmt ref, + string label: string ref +); + +pound_assert_stmts( //dir=stmt + unique int id: @pound_assert_stmt, + int condition: @expr_or_none ref, + string message: string ref +); + +return_stmts( //dir=stmt + unique int id: @return_stmt +); + +#keyset[id] +return_stmt_results( //dir=stmt + int id: @return_stmt ref, + int result: @expr_or_none ref +); + +throw_stmts( //dir=stmt + unique int id: @throw_stmt, + int sub_expr: @expr_or_none ref +); + +yield_stmts( //dir=stmt + unique int id: @yield_stmt +); + +#keyset[id, index] +yield_stmt_results( //dir=stmt + int id: @yield_stmt ref, + int index: int ref, + int result: @expr_or_none ref +); + +do_catch_stmts( //dir=stmt + unique int id: @do_catch_stmt, + int body: @stmt_or_none ref +); + +#keyset[id, index] +do_catch_stmt_catches( //dir=stmt + int id: @do_catch_stmt ref, + int index: int ref, + int catch: @case_stmt_or_none ref +); + +do_stmts( //dir=stmt + unique int id: @do_stmt, + int body: @brace_stmt_or_none ref +); + +for_each_stmts( //dir=stmt + unique int id: @for_each_stmt, + int pattern: @pattern_or_none ref, + int body: @brace_stmt_or_none ref +); + +#keyset[id] +for_each_stmt_wheres( //dir=stmt + int id: @for_each_stmt ref, + int where: @expr_or_none ref +); + +#keyset[id] +for_each_stmt_iterator_vars( //dir=stmt + int id: @for_each_stmt ref, + int iteratorVar: @pattern_binding_decl_or_none ref +); + +#keyset[id] +for_each_stmt_next_calls( //dir=stmt + int id: @for_each_stmt ref, + int nextCall: @expr_or_none ref +); + +@labeled_conditional_stmt = + @guard_stmt +| @if_stmt +| @while_stmt +; + +#keyset[id] +labeled_conditional_stmts( //dir=stmt + int id: @labeled_conditional_stmt ref, + int condition: @stmt_condition_or_none ref +); + +repeat_while_stmts( //dir=stmt + unique int id: @repeat_while_stmt, + int condition: @expr_or_none ref, + int body: @stmt_or_none ref +); + +switch_stmts( //dir=stmt + unique int id: @switch_stmt, + int expr: @expr_or_none ref +); + +#keyset[id, index] +switch_stmt_cases( //dir=stmt + int id: @switch_stmt ref, + int index: int ref, + int case_: @case_stmt_or_none ref +); + +guard_stmts( //dir=stmt + unique int id: @guard_stmt, + int body: @brace_stmt_or_none ref +); + +if_stmts( //dir=stmt + unique int id: @if_stmt, + int then: @stmt_or_none ref +); + +#keyset[id] +if_stmt_elses( //dir=stmt + int id: @if_stmt ref, + int else: @stmt_or_none ref +); + +while_stmts( //dir=stmt + unique int id: @while_stmt, + int body: @stmt_or_none ref +); + +@type = + @any_function_type +| @any_generic_type +| @any_metatype_type +| @builtin_type +| @dependent_member_type +| @dynamic_self_type +| @error_type +| @existential_type +| @in_out_type +| @l_value_type +| @module_type +| @pack_element_type +| @pack_expansion_type +| @pack_type +| @parameterized_protocol_type +| @protocol_composition_type +| @reference_storage_type +| @substitutable_type +| @sugar_type +| @tuple_type +| @unresolved_type +; + +#keyset[id] +types( //dir=type + int id: @type ref, + string name: string ref, + int canonical_type: @type_or_none ref +); + +type_reprs( //dir=type + unique int id: @type_repr, + int type_: @type_or_none ref +); + +@any_function_type = + @function_type +| @generic_function_type +; + +#keyset[id] +any_function_types( //dir=type + int id: @any_function_type ref, + int result: @type_or_none ref +); + +#keyset[id, index] +any_function_type_param_types( //dir=type + int id: @any_function_type ref, + int index: int ref, + int param_type: @type_or_none ref +); + +#keyset[id] +any_function_type_is_throwing( //dir=type + int id: @any_function_type ref +); + +#keyset[id] +any_function_type_is_async( //dir=type + int id: @any_function_type ref +); + +@any_generic_type = + @nominal_or_bound_generic_nominal_type +| @unbound_generic_type +; + +#keyset[id] +any_generic_types( //dir=type + int id: @any_generic_type ref, + int declaration: @generic_type_decl_or_none ref +); + +#keyset[id] +any_generic_type_parents( //dir=type + int id: @any_generic_type ref, + int parent: @type_or_none ref +); + +@any_metatype_type = + @existential_metatype_type +| @metatype_type +; + +@builtin_type = + @any_builtin_integer_type +| @builtin_bridge_object_type +| @builtin_default_actor_storage_type +| @builtin_executor_type +| @builtin_float_type +| @builtin_job_type +| @builtin_native_object_type +| @builtin_raw_pointer_type +| @builtin_raw_unsafe_continuation_type +| @builtin_unsafe_value_buffer_type +| @builtin_vector_type +; + +dependent_member_types( //dir=type + unique int id: @dependent_member_type, + int base_type: @type_or_none ref, + int associated_type_decl: @associated_type_decl_or_none ref +); + +dynamic_self_types( //dir=type + unique int id: @dynamic_self_type, + int static_self_type: @type_or_none ref +); + +error_types( //dir=type + unique int id: @error_type +); + +existential_types( //dir=type + unique int id: @existential_type, + int constraint: @type_or_none ref +); + +in_out_types( //dir=type + unique int id: @in_out_type, + int object_type: @type_or_none ref +); + +l_value_types( //dir=type + unique int id: @l_value_type, + int object_type: @type_or_none ref +); + +module_types( //dir=type + unique int id: @module_type, + int module: @module_decl_or_none ref +); + +pack_element_types( //dir=type + unique int id: @pack_element_type, + int pack_type: @type_or_none ref +); + +pack_expansion_types( //dir=type + unique int id: @pack_expansion_type, + int pattern_type: @type_or_none ref, + int count_type: @type_or_none ref +); + +pack_types( //dir=type + unique int id: @pack_type +); + +#keyset[id, index] +pack_type_elements( //dir=type + int id: @pack_type ref, + int index: int ref, + int element: @type_or_none ref +); + +parameterized_protocol_types( //dir=type + unique int id: @parameterized_protocol_type, + int base: @protocol_type_or_none ref +); + +#keyset[id, index] +parameterized_protocol_type_args( //dir=type + int id: @parameterized_protocol_type ref, + int index: int ref, + int arg: @type_or_none ref +); + +protocol_composition_types( //dir=type + unique int id: @protocol_composition_type +); + +#keyset[id, index] +protocol_composition_type_members( //dir=type + int id: @protocol_composition_type ref, + int index: int ref, + int member: @type_or_none ref +); + +@reference_storage_type = + @unmanaged_storage_type +| @unowned_storage_type +| @weak_storage_type +; + +#keyset[id] +reference_storage_types( //dir=type + int id: @reference_storage_type ref, + int referent_type: @type_or_none ref +); + +@substitutable_type = + @archetype_type +| @generic_type_param_type +; + +@sugar_type = + @paren_type +| @syntax_sugar_type +| @type_alias_type +; + +tuple_types( //dir=type + unique int id: @tuple_type +); + +#keyset[id, index] +tuple_type_types( //dir=type + int id: @tuple_type ref, + int index: int ref, + int type_: @type_or_none ref +); + +#keyset[id, index] +tuple_type_names( //dir=type + int id: @tuple_type ref, + int index: int ref, + string name: string ref +); + +unresolved_types( //dir=type + unique int id: @unresolved_type +); + +@any_builtin_integer_type = + @builtin_integer_literal_type +| @builtin_integer_type +; + +@archetype_type = + @local_archetype_type +| @opaque_type_archetype_type +| @pack_archetype_type +| @primary_archetype_type +; + +#keyset[id] +archetype_types( //dir=type + int id: @archetype_type ref, + int interface_type: @type_or_none ref +); + +#keyset[id] +archetype_type_superclasses( //dir=type + int id: @archetype_type ref, + int superclass: @type_or_none ref +); + +#keyset[id, index] +archetype_type_protocols( //dir=type + int id: @archetype_type ref, + int index: int ref, + int protocol: @protocol_decl_or_none ref +); + +builtin_bridge_object_types( //dir=type + unique int id: @builtin_bridge_object_type +); + +builtin_default_actor_storage_types( //dir=type + unique int id: @builtin_default_actor_storage_type +); + +builtin_executor_types( //dir=type + unique int id: @builtin_executor_type +); + +builtin_float_types( //dir=type + unique int id: @builtin_float_type +); + +builtin_job_types( //dir=type + unique int id: @builtin_job_type +); + +builtin_native_object_types( //dir=type + unique int id: @builtin_native_object_type +); + +builtin_raw_pointer_types( //dir=type + unique int id: @builtin_raw_pointer_type +); + +builtin_raw_unsafe_continuation_types( //dir=type + unique int id: @builtin_raw_unsafe_continuation_type +); + +builtin_unsafe_value_buffer_types( //dir=type + unique int id: @builtin_unsafe_value_buffer_type +); + +builtin_vector_types( //dir=type + unique int id: @builtin_vector_type +); + +existential_metatype_types( //dir=type + unique int id: @existential_metatype_type +); + +function_types( //dir=type + unique int id: @function_type +); + +generic_function_types( //dir=type + unique int id: @generic_function_type +); + +#keyset[id, index] +generic_function_type_generic_params( //dir=type + int id: @generic_function_type ref, + int index: int ref, + int generic_param: @generic_type_param_type_or_none ref +); + +generic_type_param_types( //dir=type + unique int id: @generic_type_param_type +); + +metatype_types( //dir=type + unique int id: @metatype_type +); + +@nominal_or_bound_generic_nominal_type = + @bound_generic_type +| @nominal_type +; + +paren_types( //dir=type + unique int id: @paren_type, + int type_: @type_or_none ref +); + +@syntax_sugar_type = + @dictionary_type +| @unary_syntax_sugar_type +; + +type_alias_types( //dir=type + unique int id: @type_alias_type, + int decl: @type_alias_decl_or_none ref +); + +unbound_generic_types( //dir=type + unique int id: @unbound_generic_type +); + +unmanaged_storage_types( //dir=type + unique int id: @unmanaged_storage_type +); + +unowned_storage_types( //dir=type + unique int id: @unowned_storage_type +); + +weak_storage_types( //dir=type + unique int id: @weak_storage_type +); + +@bound_generic_type = + @bound_generic_class_type +| @bound_generic_enum_type +| @bound_generic_struct_type +; + +#keyset[id, index] +bound_generic_type_arg_types( //dir=type + int id: @bound_generic_type ref, + int index: int ref, + int arg_type: @type_or_none ref +); + +builtin_integer_literal_types( //dir=type + unique int id: @builtin_integer_literal_type +); + +builtin_integer_types( //dir=type + unique int id: @builtin_integer_type +); + +#keyset[id] +builtin_integer_type_widths( //dir=type + int id: @builtin_integer_type ref, + int width: int ref +); + +dictionary_types( //dir=type + unique int id: @dictionary_type, + int key_type: @type_or_none ref, + int value_type: @type_or_none ref +); + +@local_archetype_type = + @element_archetype_type +| @opened_archetype_type +; + +@nominal_type = + @class_type +| @enum_type +| @protocol_type +| @struct_type +; + +opaque_type_archetype_types( //dir=type + unique int id: @opaque_type_archetype_type, + int declaration: @opaque_type_decl_or_none ref +); + +pack_archetype_types( //dir=type + unique int id: @pack_archetype_type +); + +primary_archetype_types( //dir=type + unique int id: @primary_archetype_type +); + +@unary_syntax_sugar_type = + @array_slice_type +| @optional_type +| @variadic_sequence_type +; + +#keyset[id] +unary_syntax_sugar_types( //dir=type + int id: @unary_syntax_sugar_type ref, + int base_type: @type_or_none ref +); + +array_slice_types( //dir=type + unique int id: @array_slice_type +); + +bound_generic_class_types( //dir=type + unique int id: @bound_generic_class_type +); + +bound_generic_enum_types( //dir=type + unique int id: @bound_generic_enum_type +); + +bound_generic_struct_types( //dir=type + unique int id: @bound_generic_struct_type +); + +class_types( //dir=type + unique int id: @class_type +); + +element_archetype_types( //dir=type + unique int id: @element_archetype_type +); + +enum_types( //dir=type + unique int id: @enum_type +); + +opened_archetype_types( //dir=type + unique int id: @opened_archetype_type +); + +optional_types( //dir=type + unique int id: @optional_type +); + +protocol_types( //dir=type + unique int id: @protocol_type +); + +struct_types( //dir=type + unique int id: @struct_type +); + +variadic_sequence_types( //dir=type + unique int id: @variadic_sequence_type +); + +@accessor_or_none = + @accessor +| @unspecified_element +; + +@argument_or_none = + @argument +| @unspecified_element +; + +@associated_type_decl_or_none = + @associated_type_decl +| @unspecified_element +; + +@ast_node_or_none = + @ast_node +| @unspecified_element +; + +@availability_info_or_none = + @availability_info +| @unspecified_element +; + +@availability_spec_or_none = + @availability_spec +| @unspecified_element +; + +@brace_stmt_or_none = + @brace_stmt +| @unspecified_element +; + +@captured_decl_or_none = + @captured_decl +| @unspecified_element +; + +@case_label_item_or_none = + @case_label_item +| @unspecified_element +; + +@case_stmt_or_none = + @case_stmt +| @unspecified_element +; + +@closure_expr_or_none = + @closure_expr +| @unspecified_element +; + +@condition_element_or_none = + @condition_element +| @unspecified_element +; + +@decl_or_none = + @decl +| @unspecified_element +; + +@enum_element_decl_or_none = + @enum_element_decl +| @unspecified_element +; + +@expr_or_none = + @expr +| @unspecified_element +; + +@file_or_none = + @file +| @unspecified_element +; + +@function_or_none = + @function +| @unspecified_element +; + +@generic_type_decl_or_none = + @generic_type_decl +| @unspecified_element +; + +@generic_type_param_decl_or_none = + @generic_type_param_decl +| @unspecified_element +; + +@generic_type_param_type_or_none = + @generic_type_param_type +| @unspecified_element +; + +@initializer_or_none = + @initializer +| @unspecified_element +; + +@key_path_component_or_none = + @key_path_component +| @unspecified_element +; + +@location_or_none = + @location +| @unspecified_element +; + +@macro_role_or_none = + @macro_role +| @unspecified_element +; + +@module_decl_or_none = + @module_decl +| @unspecified_element +; + +@nominal_type_decl_or_none = + @nominal_type_decl +| @unspecified_element +; + +@opaque_type_decl_or_none = + @opaque_type_decl +| @unspecified_element +; + +@opaque_value_expr_or_none = + @opaque_value_expr +| @unspecified_element +; + +@param_decl_or_none = + @param_decl +| @unspecified_element +; + +@pattern_or_none = + @pattern +| @unspecified_element +; + +@pattern_binding_decl_or_none = + @pattern_binding_decl +| @unspecified_element +; + +@precedence_group_decl_or_none = + @precedence_group_decl +| @unspecified_element +; + +@protocol_decl_or_none = + @protocol_decl +| @unspecified_element +; + +@protocol_type_or_none = + @protocol_type +| @unspecified_element +; + +@stmt_or_none = + @stmt +| @unspecified_element +; + +@stmt_condition_or_none = + @stmt_condition +| @unspecified_element +; + +@string_literal_expr_or_none = + @string_literal_expr +| @unspecified_element +; + +@tap_expr_or_none = + @tap_expr +| @unspecified_element +; + +@type_or_none = + @type +| @unspecified_element +; + +@type_alias_decl_or_none = + @type_alias_decl +| @unspecified_element +; + +@type_expr_or_none = + @type_expr +| @unspecified_element +; + +@type_repr_or_none = + @type_repr +| @unspecified_element +; + +@value_decl_or_none = + @unspecified_element +| @value_decl +; + +@var_decl_or_none = + @unspecified_element +| @var_decl +; diff --git a/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/upgrade.properties b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/upgrade.properties new file mode 100644 index 00000000000..80e66e1a4ad --- /dev/null +++ b/swift/ql/lib/upgrades/b83ff9c60c2bb4be2f3d1d4810268c557eb38f19/upgrade.properties @@ -0,0 +1,2 @@ +description: Add types for patterns +compatibility: partial From 16e6e8845c2501d08986a3b1b0cc1a9659af9098 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 23 Oct 2023 18:36:33 +0000 Subject: [PATCH 04/31] Swift: tests for pattern types --- .../extractor-tests/patterns/types.expected | 199 ++++++++++++++++++ .../ql/test/extractor-tests/patterns/types.ql | 11 + 2 files changed, 210 insertions(+) create mode 100644 swift/ql/test/extractor-tests/patterns/types.expected create mode 100644 swift/ql/test/extractor-tests/patterns/types.ql diff --git a/swift/ql/test/extractor-tests/patterns/types.expected b/swift/ql/test/extractor-tests/patterns/types.expected new file mode 100644 index 00000000000..0fececfa922 --- /dev/null +++ b/swift/ql/test/extractor-tests/patterns/types.expected @@ -0,0 +1,199 @@ +| patterns.swift:2:9:2:9 | an_int | Int | +| patterns.swift:3:9:3:9 | a_string | String | +| patterns.swift:3:9:3:19 | ... as ... | String | +| patterns.swift:4:9:4:17 | (...) | (Int, Int, Int) | +| patterns.swift:4:10:4:10 | x | Int | +| patterns.swift:4:13:4:13 | y | Int | +| patterns.swift:4:16:4:16 | z | Int | +| patterns.swift:5:9:5:9 | _ | String | +| patterns.swift:6:9:6:11 | (...) | String | +| patterns.swift:6:10:6:10 | _ | String | +| patterns.swift:10:9:10:9 | point | (Int, Int) | +| patterns.swift:12:10:12:21 | let ... | (Int, Int) | +| patterns.swift:12:14:12:21 | (...) | (Int, Int) | +| patterns.swift:12:15:12:15 | xx | Int | +| patterns.swift:12:19:12:19 | yy | Int | +| patterns.swift:16:10:16:14 | =~ ... | Int | +| patterns.swift:17:10:17:10 | _ | Int | +| patterns.swift:24:9:24:9 | v | Foo | +| patterns.swift:24:9:24:12 | ... as ... | Foo | +| patterns.swift:27:10:27:11 | .bar | Foo | +| patterns.swift:28:10:28:23 | let ... | Foo | +| patterns.swift:28:14:28:23 | .baz(...) | Foo | +| patterns.swift:28:18:28:23 | (...) | (Int, String) | +| patterns.swift:28:19:28:19 | i | Int | +| patterns.swift:28:22:28:22 | s | String | +| patterns.swift:31:9:31:9 | w | Int? | +| patterns.swift:31:9:31:15 | ... as ... | Int? | +| patterns.swift:34:10:34:15 | let ... | Int? | +| patterns.swift:34:14:34:14 | n | Int | +| patterns.swift:34:14:34:15 | let ...? | Int? | +| patterns.swift:35:10:35:10 | _ | Int? | +| patterns.swift:38:9:38:9 | a | Any | +| patterns.swift:38:9:38:12 | ... as ... | Any | +| patterns.swift:41:10:41:13 | ... is ... | Any | +| patterns.swift:42:10:42:19 | let ... | Any | +| patterns.swift:42:14:42:14 | x | String | +| patterns.swift:42:14:42:19 | ... is ... | Any | +| patterns.swift:43:10:43:10 | _ | Any | +| patterns.swift:46:9:46:9 | b | Bool | +| patterns.swift:49:10:49:10 | true | Bool | +| patterns.swift:50:10:50:10 | false | Bool | +| patterns.swift:55:9:55:9 | a | Int | +| patterns.swift:55:16:55:16 | b | Int | +| patterns.swift:55:23:55:23 | c | Int | +| patterns.swift:55:23:55:26 | ... as ... | Int | +| patterns.swift:57:8:57:20 | let ... | (Int, Int, Int) | +| patterns.swift:57:8:57:20 | let ...? | (Int, Int, Int)? | +| patterns.swift:57:12:57:20 | (...) | (Int, Int, Int) | +| patterns.swift:57:13:57:13 | a | Int | +| patterns.swift:57:16:57:16 | b | Int | +| patterns.swift:57:19:57:19 | c | Int | +| patterns.swift:58:13:58:29 | (...) | (Int, Int, Int) | +| patterns.swift:58:14:58:14 | =~ ... | Int | +| patterns.swift:58:17:58:21 | let ... | Int | +| patterns.swift:58:21:58:21 | b | Int | +| patterns.swift:58:24:58:28 | let ... | Int | +| patterns.swift:58:28:58:28 | c | Int | +| patterns.swift:61:14:61:14 | =~ ... | Int | +| patterns.swift:62:14:62:18 | let ... | Int | +| patterns.swift:62:18:62:18 | c | Int | +| patterns.swift:63:9:63:9 | _ | Int | +| patterns.swift:78:9:78:9 | a | MyEnum | +| patterns.swift:78:9:78:13 | ... as ... | MyEnum | +| patterns.swift:81:10:81:11 | .myNone | MyEnum | +| patterns.swift:83:10:83:25 | .mySingle(...) | MyEnum | +| patterns.swift:83:19:83:25 | (...) | (Int) | +| patterns.swift:83:20:83:24 | let ... | (Int) | +| patterns.swift:83:24:83:24 | a | (Int) | +| patterns.swift:85:10:85:30 | .myPair(...) | MyEnum | +| patterns.swift:85:17:85:30 | (...) | (Int, Int) | +| patterns.swift:85:18:85:22 | let ... | Int | +| patterns.swift:85:22:85:22 | a | Int | +| patterns.swift:85:25:85:29 | let ... | Int | +| patterns.swift:85:29:85:29 | b | Int | +| patterns.swift:88:10:88:26 | let ... | MyEnum | +| patterns.swift:88:14:88:26 | .myCons(...) | MyEnum | +| patterns.swift:88:21:88:26 | (...) | (Int, MyEnum) | +| patterns.swift:88:22:88:22 | a | Int | +| patterns.swift:88:25:88:25 | _ | MyEnum | +| patterns.swift:92:13:92:28 | .mySingle(...) | MyEnum | +| patterns.swift:92:22:92:28 | (...) | (Int) | +| patterns.swift:92:23:92:27 | let ... | (Int) | +| patterns.swift:92:27:92:27 | x | (Int) | +| patterns.swift:95:13:95:33 | .myPair(...) | MyEnum | +| patterns.swift:95:20:95:33 | (...) | (Int, Int) | +| patterns.swift:95:21:95:25 | let ... | Int | +| patterns.swift:95:25:95:25 | x | Int | +| patterns.swift:95:28:95:32 | let ... | Int | +| patterns.swift:95:32:95:32 | y | Int | +| patterns.swift:103:10:103:11 | .myNone | MyEnum | +| patterns.swift:105:10:105:25 | .mySingle(...) | MyEnum | +| patterns.swift:105:19:105:25 | (...) | (Int) | +| patterns.swift:105:20:105:24 | let ... | (Int) | +| patterns.swift:105:24:105:24 | a | (Int) | +| patterns.swift:107:10:107:30 | .myPair(...) | MyEnum | +| patterns.swift:107:17:107:30 | (...) | (Int, Int) | +| patterns.swift:107:18:107:22 | let ... | Int | +| patterns.swift:107:22:107:22 | a | Int | +| patterns.swift:107:25:107:29 | let ... | Int | +| patterns.swift:107:29:107:29 | b | Int | +| patterns.swift:110:10:110:26 | let ... | MyEnum | +| patterns.swift:110:14:110:26 | .myCons(...) | MyEnum | +| patterns.swift:110:21:110:26 | (...) | (Int, MyEnum) | +| patterns.swift:110:22:110:22 | a | Int | +| patterns.swift:110:25:110:25 | _ | MyEnum | +| patterns.swift:114:13:114:28 | .mySingle(...) | MyEnum | +| patterns.swift:114:22:114:28 | (...) | (Int) | +| patterns.swift:114:23:114:27 | let ... | (Int) | +| patterns.swift:114:27:114:27 | x | (Int) | +| patterns.swift:117:13:117:33 | .myPair(...) | MyEnum | +| patterns.swift:117:20:117:33 | (...) | (Int, Int) | +| patterns.swift:117:21:117:25 | let ... | Int | +| patterns.swift:117:25:117:25 | x | Int | +| patterns.swift:117:28:117:32 | let ... | Int | +| patterns.swift:117:32:117:32 | y | Int | +| patterns.swift:125:10:125:11 | .myNone | MyEnum | +| patterns.swift:127:10:127:25 | .mySingle(...) | MyEnum | +| patterns.swift:127:19:127:25 | (...) | (Int) | +| patterns.swift:127:20:127:24 | let ... | (Int) | +| patterns.swift:127:24:127:24 | a | (Int) | +| patterns.swift:129:10:129:30 | .myPair(...) | MyEnum | +| patterns.swift:129:17:129:30 | (...) | (Int, Int) | +| patterns.swift:129:18:129:22 | let ... | Int | +| patterns.swift:129:22:129:22 | a | Int | +| patterns.swift:129:25:129:29 | let ... | Int | +| patterns.swift:129:29:129:29 | b | Int | +| patterns.swift:132:10:132:26 | let ... | MyEnum | +| patterns.swift:132:14:132:26 | .myCons(...) | MyEnum | +| patterns.swift:132:21:132:26 | (...) | (Int, MyEnum) | +| patterns.swift:132:22:132:22 | a | Int | +| patterns.swift:132:25:132:25 | _ | MyEnum | +| patterns.swift:136:13:136:28 | .mySingle(...) | MyEnum | +| patterns.swift:136:22:136:28 | (...) | (Int) | +| patterns.swift:136:23:136:27 | let ... | (Int) | +| patterns.swift:136:27:136:27 | x | (Int) | +| patterns.swift:139:13:139:33 | .myPair(...) | MyEnum | +| patterns.swift:139:20:139:33 | (...) | (Int, Int) | +| patterns.swift:139:21:139:25 | let ... | Int | +| patterns.swift:139:25:139:25 | x | Int | +| patterns.swift:139:28:139:32 | let ... | Int | +| patterns.swift:139:32:139:32 | y | Int | +| patterns.swift:144:9:144:9 | b | MyEnum | +| patterns.swift:144:9:144:12 | ... as ... | MyEnum | +| patterns.swift:147:10:147:11 | .myNone | MyEnum | +| patterns.swift:149:10:149:25 | .mySingle(...) | MyEnum | +| patterns.swift:149:19:149:25 | (...) | (Int) | +| patterns.swift:149:20:149:24 | let ... | (Int) | +| patterns.swift:149:24:149:24 | a | (Int) | +| patterns.swift:151:10:151:30 | .myPair(...) | MyEnum | +| patterns.swift:151:17:151:30 | (...) | (Int, Int) | +| patterns.swift:151:18:151:22 | let ... | Int | +| patterns.swift:151:22:151:22 | a | Int | +| patterns.swift:151:25:151:29 | let ... | Int | +| patterns.swift:151:29:151:29 | b | Int | +| patterns.swift:154:10:154:38 | let ... | MyEnum | +| patterns.swift:154:14:154:38 | .myCons(...) | MyEnum | +| patterns.swift:154:21:154:38 | (...) | (Int, MyEnum) | +| patterns.swift:154:22:154:22 | a | Int | +| patterns.swift:154:25:154:37 | .myPair(...) | MyEnum | +| patterns.swift:154:32:154:37 | (...) | (Int, Int) | +| patterns.swift:154:33:154:33 | b | Int | +| patterns.swift:154:36:154:36 | c | Int | +| patterns.swift:158:10:158:26 | let ... | MyEnum | +| patterns.swift:158:14:158:26 | .myCons(...) | MyEnum | +| patterns.swift:158:21:158:26 | (...) | (Int, MyEnum) | +| patterns.swift:158:22:158:22 | a | Int | +| patterns.swift:158:25:158:25 | _ | MyEnum | +| patterns.swift:162:13:162:28 | .mySingle(...) | MyEnum | +| patterns.swift:162:22:162:28 | (...) | (Int) | +| patterns.swift:162:23:162:27 | let ... | (Int) | +| patterns.swift:162:27:162:27 | x | (Int) | +| patterns.swift:165:13:165:39 | .myPair(...) | MyEnum | +| patterns.swift:165:26:165:39 | (...) | (Int, Int) | +| patterns.swift:165:27:165:31 | let ... | Int | +| patterns.swift:165:31:165:31 | x | Int | +| patterns.swift:165:34:165:38 | let ... | Int | +| patterns.swift:165:38:165:38 | y | Int | +| patterns.swift:169:13:169:41 | let ... | MyEnum | +| patterns.swift:169:17:169:41 | .myCons(...) | MyEnum | +| patterns.swift:169:24:169:41 | (...) | (Int, MyEnum) | +| patterns.swift:169:25:169:25 | _ | Int | +| patterns.swift:169:28:169:40 | .myPair(...) | MyEnum | +| patterns.swift:169:35:169:40 | (...) | (Int, Int) | +| patterns.swift:169:36:169:36 | _ | Int | +| patterns.swift:169:39:169:39 | c | Int | +| patterns.swift:174:10:174:55 | let ... | (MyEnum, MyEnum) | +| patterns.swift:174:14:174:55 | (...) | (MyEnum, MyEnum) | +| patterns.swift:174:15:174:27 | .myPair(...) | MyEnum | +| patterns.swift:174:22:174:27 | (...) | (Int, Int) | +| patterns.swift:174:23:174:23 | a | Int | +| patterns.swift:174:26:174:26 | b | Int | +| patterns.swift:174:30:174:54 | .myCons(...) | MyEnum | +| patterns.swift:174:37:174:54 | (...) | (Int, MyEnum) | +| patterns.swift:174:38:174:38 | c | Int | +| patterns.swift:174:41:174:53 | .myPair(...) | MyEnum | +| patterns.swift:174:48:174:53 | (...) | (Int, Int) | +| patterns.swift:174:49:174:49 | d | Int | +| patterns.swift:174:52:174:52 | e | Int | +| patterns.swift:180:5:180:5 | _ | (MyEnum, MyEnum) | diff --git a/swift/ql/test/extractor-tests/patterns/types.ql b/swift/ql/test/extractor-tests/patterns/types.ql new file mode 100644 index 00000000000..f60ec13985b --- /dev/null +++ b/swift/ql/test/extractor-tests/patterns/types.ql @@ -0,0 +1,11 @@ +import codeql.swift.elements + +from Pattern p, string s +where + p.getFile().getBaseName() = "patterns.swift" and + if exists(p.getType()) + then + s = p.getType().toString() + else + s = "(none)" +select p, s \ No newline at end of file From 30caf2130e0086859ec3fff0a1c8f97051be4a0a Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Tue, 24 Oct 2023 15:38:14 +0000 Subject: [PATCH 05/31] Swift: autoformat a test --- swift/ql/test/extractor-tests/patterns/types.ql | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/swift/ql/test/extractor-tests/patterns/types.ql b/swift/ql/test/extractor-tests/patterns/types.ql index f60ec13985b..8381b690378 100644 --- a/swift/ql/test/extractor-tests/patterns/types.ql +++ b/swift/ql/test/extractor-tests/patterns/types.ql @@ -3,9 +3,5 @@ import codeql.swift.elements from Pattern p, string s where p.getFile().getBaseName() = "patterns.swift" and - if exists(p.getType()) - then - s = p.getType().toString() - else - s = "(none)" -select p, s \ No newline at end of file + if exists(p.getType()) then s = p.getType().toString() else s = "(none)" +select p, s From 81d2780adb57eba57d6427a79f32fad33dd717ec Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Tue, 24 Oct 2023 17:24:43 +0000 Subject: [PATCH 06/31] Swift: changenote for pattern types --- swift/ql/lib/change-notes/2023-10-24-pattern-types.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 swift/ql/lib/change-notes/2023-10-24-pattern-types.md diff --git a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md new file mode 100644 index 00000000000..989df3fd9b2 --- /dev/null +++ b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- + +* Tyes for patterns are now incluedd in the database and made available through the `Pattern::getType()` method. From 0dc4a68ffb26e1c3de0733860b7e9a613bce9f82 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Wed, 25 Oct 2023 14:19:06 -0400 Subject: [PATCH 07/31] Swift: fix typo in change note Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- swift/ql/lib/change-notes/2023-10-24-pattern-types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md index 989df3fd9b2..0288e56ce3e 100644 --- a/swift/ql/lib/change-notes/2023-10-24-pattern-types.md +++ b/swift/ql/lib/change-notes/2023-10-24-pattern-types.md @@ -2,4 +2,4 @@ category: minorAnalysis --- -* Tyes for patterns are now incluedd in the database and made available through the `Pattern::getType()` method. +* Tyes for patterns are now included in the database and made available through the `Pattern::getType()` method. From ba250140a88d8ded86d378a98a2540ba28337730 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Thu, 30 Nov 2023 14:55:14 +0000 Subject: [PATCH 08/31] Swift: fix an incorrect merge conflict resolution --- swift/extractor/translators/PatternTranslator.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/swift/extractor/translators/PatternTranslator.cpp b/swift/extractor/translators/PatternTranslator.cpp index 2277696e08b..5a89dbbc59e 100644 --- a/swift/extractor/translators/PatternTranslator.cpp +++ b/swift/extractor/translators/PatternTranslator.cpp @@ -5,7 +5,6 @@ namespace codeql { codeql::NamedPattern PatternTranslator::translateNamedPattern(const swift::NamedPattern& pattern) { auto entry = createPatternEntry(pattern); - entry.name = pattern.getNameStr().str(); entry.var_decl = dispatcher.fetchLabel(pattern.getDecl()); return entry; } From a5dd4a4e2aed59ea0d9ef5197ca752ad1c652cc6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 18 Aug 2022 18:43:36 +0100 Subject: [PATCH 09/31] Swift: More tests of keys as sensitive data. --- .../CWE-311/CleartextStorageDatabase.expected | 4 ++ .../CWE-311/CleartextTransmission.expected | 60 +++++++++------- .../Security/CWE-311/SensitiveExprs.expected | 17 +++-- .../Security/CWE-311/testCoreData.swift | 37 +++++++++- .../Security/CWE-311/testURL.swift | 68 ++++++++++++++++--- 5 files changed, 143 insertions(+), 43 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected index 342a4d53ce4..dca833fff7f 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextStorageDatabase.expected @@ -555,6 +555,8 @@ nodes | testCoreData.swift:95:15:95:15 | x | semmle.label | x | | testCoreData.swift:96:15:96:15 | y | semmle.label | y | | testCoreData.swift:97:15:97:15 | z | semmle.label | z | +| testCoreData.swift:128:15:128:33 | call to generateSecretKey() | semmle.label | call to generateSecretKey() | +| testCoreData.swift:129:15:129:30 | call to getCertificate() | semmle.label | call to getCertificate() | | testGRDB.swift:73:56:73:65 | [...] | semmle.label | [...] | | testGRDB.swift:73:56:73:65 | [...] [Collection element] | semmle.label | [...] [Collection element] | | testGRDB.swift:73:57:73:57 | password | semmle.label | password | @@ -825,6 +827,8 @@ subpaths | testCoreData.swift:95:15:95:15 | x | testCoreData.swift:91:10:91:10 | passwd | testCoreData.swift:95:15:95:15 | x | This operation stores 'x' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:91:10:91:10 | passwd | passwd | | testCoreData.swift:96:15:96:15 | y | testCoreData.swift:92:10:92:10 | passwd | testCoreData.swift:96:15:96:15 | y | This operation stores 'y' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:92:10:92:10 | passwd | passwd | | testCoreData.swift:97:15:97:15 | z | testCoreData.swift:93:10:93:10 | passwd | testCoreData.swift:97:15:97:15 | z | This operation stores 'z' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:93:10:93:10 | passwd | passwd | +| testCoreData.swift:128:15:128:33 | call to generateSecretKey() | testCoreData.swift:128:15:128:33 | call to generateSecretKey() | testCoreData.swift:128:15:128:33 | call to generateSecretKey() | This operation stores 'call to generateSecretKey()' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:128:15:128:33 | call to generateSecretKey() | call to generateSecretKey() | +| testCoreData.swift:129:15:129:30 | call to getCertificate() | testCoreData.swift:129:15:129:30 | call to getCertificate() | testCoreData.swift:129:15:129:30 | call to getCertificate() | This operation stores 'call to getCertificate()' in a database. It may contain unencrypted sensitive data from $@. | testCoreData.swift:129:15:129:30 | call to getCertificate() | call to getCertificate() | | testGRDB.swift:73:56:73:65 | [...] | testGRDB.swift:73:57:73:57 | password | testGRDB.swift:73:56:73:65 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:73:57:73:57 | password | password | | testGRDB.swift:76:42:76:51 | [...] | testGRDB.swift:76:43:76:43 | password | testGRDB.swift:76:42:76:51 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:76:43:76:43 | password | password | | testGRDB.swift:81:44:81:53 | [...] | testGRDB.swift:81:45:81:45 | password | testGRDB.swift:81:44:81:53 | [...] | This operation stores '[...]' in a database. It may contain unencrypted sensitive data from $@. | testGRDB.swift:81:45:81:45 | password | password | diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index cd995cbcabe..d3299cf29dd 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -14,12 +14,15 @@ edges | testSend.swift:86:7:86:7 | self | file://:0:0:0:0 | self | | testSend.swift:94:27:94:30 | .password | testSend.swift:86:7:86:7 | self | | testSend.swift:94:27:94:30 | .password | testSend.swift:94:27:94:39 | .value | -| testURL.swift:17:54:17:54 | passwd | testURL.swift:17:22:17:54 | ... .+(_:_:) ... | -| testURL.swift:19:55:19:55 | account_no | testURL.swift:19:22:19:55 | ... .+(_:_:) ... | -| testURL.swift:20:55:20:55 | credit_card_no | testURL.swift:20:22:20:55 | ... .+(_:_:) ... | -| testURL.swift:28:55:28:55 | e_mail | testURL.swift:28:22:28:55 | ... .+(_:_:) ... | -| testURL.swift:30:57:30:57 | a_homeaddr_z | testURL.swift:30:22:30:57 | ... .+(_:_:) ... | -| testURL.swift:32:55:32:55 | resident_ID | testURL.swift:32:22:32:55 | ... .+(_:_:) ... | +| testURL.swift:17:50:17:50 | passwd | testURL.swift:17:18:17:50 | ... .+(_:_:) ... | +| testURL.swift:19:51:19:51 | account_no | testURL.swift:19:18:19:51 | ... .+(_:_:) ... | +| testURL.swift:20:51:20:51 | credit_card_no | testURL.swift:20:18:20:51 | ... .+(_:_:) ... | +| testURL.swift:28:51:28:51 | e_mail | testURL.swift:28:18:28:51 | ... .+(_:_:) ... | +| testURL.swift:30:53:30:53 | a_homeaddr_z | testURL.swift:30:18:30:53 | ... .+(_:_:) ... | +| testURL.swift:32:51:32:51 | resident_ID | testURL.swift:32:18:32:51 | ... .+(_:_:) ... | +| testURL.swift:51:52:51:67 | call to get_secret_key() | testURL.swift:51:18:51:67 | ... .+(_:_:) ... | +| testURL.swift:53:53:53:69 | call to get_cert_string() | testURL.swift:53:18:53:69 | ... .+(_:_:) ... | +| testURL.swift:74:51:74:51 | certificate | testURL.swift:74:18:74:18 | "..." | nodes | file://:0:0:0:0 | .value | semmle.label | .value | | file://:0:0:0:0 | self | semmle.label | self | @@ -52,19 +55,25 @@ nodes | testSend.swift:86:7:86:7 | self | semmle.label | self | | testSend.swift:94:27:94:30 | .password | semmle.label | .password | | testSend.swift:94:27:94:39 | .value | semmle.label | .value | -| testURL.swift:17:22:17:54 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:17:54:17:54 | passwd | semmle.label | passwd | -| testURL.swift:19:22:19:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:19:55:19:55 | account_no | semmle.label | account_no | -| testURL.swift:20:22:20:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:20:55:20:55 | credit_card_no | semmle.label | credit_card_no | +| testURL.swift:17:18:17:50 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:17:50:17:50 | passwd | semmle.label | passwd | +| testURL.swift:19:18:19:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:19:51:19:51 | account_no | semmle.label | account_no | +| testURL.swift:20:18:20:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:20:51:20:51 | credit_card_no | semmle.label | credit_card_no | | testURL.swift:24:22:24:22 | passwd | semmle.label | passwd | -| testURL.swift:28:22:28:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:28:55:28:55 | e_mail | semmle.label | e_mail | -| testURL.swift:30:22:30:57 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:30:57:30:57 | a_homeaddr_z | semmle.label | a_homeaddr_z | -| testURL.swift:32:22:32:55 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:32:55:32:55 | resident_ID | semmle.label | resident_ID | +| testURL.swift:28:18:28:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:28:51:28:51 | e_mail | semmle.label | e_mail | +| testURL.swift:30:18:30:53 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:30:53:30:53 | a_homeaddr_z | semmle.label | a_homeaddr_z | +| testURL.swift:32:18:32:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:32:51:32:51 | resident_ID | semmle.label | resident_ID | +| testURL.swift:51:18:51:67 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:51:52:51:67 | call to get_secret_key() | semmle.label | call to get_secret_key() | +| testURL.swift:53:18:53:69 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:53:53:53:69 | call to get_cert_string() | semmle.label | call to get_cert_string() | +| testURL.swift:74:18:74:18 | "..." | semmle.label | "..." | +| testURL.swift:74:51:74:51 | certificate | semmle.label | certificate | subpaths | testSend.swift:60:17:60:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:60:13:60:25 | call to pad(_:) | | testSend.swift:94:27:94:30 | .password | testSend.swift:86:7:86:7 | self | file://:0:0:0:0 | .value | testSend.swift:94:27:94:39 | .value | @@ -85,10 +94,13 @@ subpaths | testSend.swift:79:27:79:30 | .BankCardNo | testSend.swift:79:27:79:30 | .BankCardNo | testSend.swift:79:27:79:30 | .BankCardNo | This operation transmits '.BankCardNo', which may contain unencrypted sensitive data from $@. | testSend.swift:79:27:79:30 | .BankCardNo | .BankCardNo | | testSend.swift:80:27:80:30 | .MyCreditRating | testSend.swift:80:27:80:30 | .MyCreditRating | testSend.swift:80:27:80:30 | .MyCreditRating | This operation transmits '.MyCreditRating', which may contain unencrypted sensitive data from $@. | testSend.swift:80:27:80:30 | .MyCreditRating | .MyCreditRating | | testSend.swift:94:27:94:39 | .value | testSend.swift:94:27:94:30 | .password | testSend.swift:94:27:94:39 | .value | This operation transmits '.value', which may contain unencrypted sensitive data from $@. | testSend.swift:94:27:94:30 | .password | .password | -| testURL.swift:17:22:17:54 | ... .+(_:_:) ... | testURL.swift:17:54:17:54 | passwd | testURL.swift:17:22:17:54 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:17:54:17:54 | passwd | passwd | -| testURL.swift:19:22:19:55 | ... .+(_:_:) ... | testURL.swift:19:55:19:55 | account_no | testURL.swift:19:22:19:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:19:55:19:55 | account_no | account_no | -| testURL.swift:20:22:20:55 | ... .+(_:_:) ... | testURL.swift:20:55:20:55 | credit_card_no | testURL.swift:20:22:20:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:20:55:20:55 | credit_card_no | credit_card_no | +| testURL.swift:17:18:17:50 | ... .+(_:_:) ... | testURL.swift:17:50:17:50 | passwd | testURL.swift:17:18:17:50 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:17:50:17:50 | passwd | passwd | +| testURL.swift:19:18:19:51 | ... .+(_:_:) ... | testURL.swift:19:51:19:51 | account_no | testURL.swift:19:18:19:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:19:51:19:51 | account_no | account_no | +| testURL.swift:20:18:20:51 | ... .+(_:_:) ... | testURL.swift:20:51:20:51 | credit_card_no | testURL.swift:20:18:20:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:20:51:20:51 | credit_card_no | credit_card_no | | testURL.swift:24:22:24:22 | passwd | testURL.swift:24:22:24:22 | passwd | testURL.swift:24:22:24:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:24:22:24:22 | passwd | passwd | -| testURL.swift:28:22:28:55 | ... .+(_:_:) ... | testURL.swift:28:55:28:55 | e_mail | testURL.swift:28:22:28:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:28:55:28:55 | e_mail | e_mail | -| testURL.swift:30:22:30:57 | ... .+(_:_:) ... | testURL.swift:30:57:30:57 | a_homeaddr_z | testURL.swift:30:22:30:57 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:30:57:30:57 | a_homeaddr_z | a_homeaddr_z | -| testURL.swift:32:22:32:55 | ... .+(_:_:) ... | testURL.swift:32:55:32:55 | resident_ID | testURL.swift:32:22:32:55 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:32:55:32:55 | resident_ID | resident_ID | +| testURL.swift:28:18:28:51 | ... .+(_:_:) ... | testURL.swift:28:51:28:51 | e_mail | testURL.swift:28:18:28:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:28:51:28:51 | e_mail | e_mail | +| testURL.swift:30:18:30:53 | ... .+(_:_:) ... | testURL.swift:30:53:30:53 | a_homeaddr_z | testURL.swift:30:18:30:53 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:30:53:30:53 | a_homeaddr_z | a_homeaddr_z | +| testURL.swift:32:18:32:51 | ... .+(_:_:) ... | testURL.swift:32:51:32:51 | resident_ID | testURL.swift:32:18:32:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:32:51:32:51 | resident_ID | resident_ID | +| testURL.swift:51:18:51:67 | ... .+(_:_:) ... | testURL.swift:51:52:51:67 | call to get_secret_key() | testURL.swift:51:18:51:67 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:51:52:51:67 | call to get_secret_key() | call to get_secret_key() | +| testURL.swift:53:18:53:69 | ... .+(_:_:) ... | testURL.swift:53:53:53:69 | call to get_cert_string() | testURL.swift:53:18:53:69 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:53:53:53:69 | call to get_cert_string() | call to get_cert_string() | +| testURL.swift:74:18:74:18 | "..." | testURL.swift:74:51:74:51 | certificate | testURL.swift:74:18:74:18 | "..." | This operation transmits '"..."', which may contain unencrypted sensitive data from $@. | testURL.swift:74:51:74:51 | certificate | certificate | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index ea5a4ed4b59..8a4d54aa6dd 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -87,6 +87,8 @@ | testCoreData.swift:91:10:91:10 | passwd | label:passwd, type:credential | | testCoreData.swift:92:10:92:10 | passwd | label:passwd, type:credential | | testCoreData.swift:93:10:93:10 | passwd | label:passwd, type:credential | +| testCoreData.swift:128:15:128:33 | call to generateSecretKey() | label:generateSecretKey, type:credential | +| testCoreData.swift:129:15:129:30 | call to getCertificate() | label:getCertificate, type:credential | | testGRDB.swift:73:57:73:57 | password | label:password, type:credential | | testGRDB.swift:76:43:76:43 | password | label:password, type:credential | | testGRDB.swift:81:45:81:45 | password | label:password, type:credential | @@ -163,10 +165,13 @@ | testSend.swift:79:27:79:30 | .BankCardNo | label:BankCardNo, type:private information | | testSend.swift:80:27:80:30 | .MyCreditRating | label:MyCreditRating, type:private information | | testSend.swift:94:27:94:30 | .password | label:password, type:credential | -| testURL.swift:17:54:17:54 | passwd | label:passwd, type:credential | -| testURL.swift:19:55:19:55 | account_no | label:account_no, type:private information | -| testURL.swift:20:55:20:55 | credit_card_no | label:credit_card_no, type:private information | +| testURL.swift:17:50:17:50 | passwd | label:passwd, type:credential | +| testURL.swift:19:51:19:51 | account_no | label:account_no, type:private information | +| testURL.swift:20:51:20:51 | credit_card_no | label:credit_card_no, type:private information | | testURL.swift:24:22:24:22 | passwd | label:passwd, type:credential | -| testURL.swift:28:55:28:55 | e_mail | label:e_mail, type:private information | -| testURL.swift:30:57:30:57 | a_homeaddr_z | label:a_homeaddr_z, type:private information | -| testURL.swift:32:55:32:55 | resident_ID | label:resident_ID, type:private information | +| testURL.swift:28:51:28:51 | e_mail | label:e_mail, type:private information | +| testURL.swift:30:53:30:53 | a_homeaddr_z | label:a_homeaddr_z, type:private information | +| testURL.swift:32:51:32:51 | resident_ID | label:resident_ID, type:private information | +| testURL.swift:51:52:51:67 | call to get_secret_key() | label:get_secret_key, type:credential | +| testURL.swift:53:53:53:69 | call to get_cert_string() | label:get_cert_string, type:credential | +| testURL.swift:74:51:74:51 | certificate | label:certificate, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift b/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift index dbd02398aae..22e345b306c 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testCoreData.swift @@ -77,10 +77,10 @@ func test3(obj : NSManagedObject, x : String) { doSomething(password: x); obj.setValue(x, forKey: "myKey") // BAD - var y = getPassword(); + let y = getPassword(); obj.setValue(y, forKey: "myKey") // BAD - var z = MyClass() + let z = MyClass() obj.setValue(z.harmless, forKey: "myKey") // GOOD (not sensitive) obj.setValue(z.password, forKey: "myKey") // BAD } @@ -104,3 +104,36 @@ func test4(obj : NSManagedObject, passwd : String) { obj.setValue(y, forKey: "myKey") // GOOD (not sensitive) obj.setValue(z, forKey: "myKey") // GOOD (not sensitive) } + +func createSecureKey() -> String { return "" } +func generateSecretKey() -> String { return "" } +func getCertificate() -> String { return "" } + +class KeyGen { + func generate() -> String { return "" } +} + +class KeyManager { + func generateKey() -> String { return "" } +} + +class SecureKeyStore { + func getEncryptionKey() -> String { return "" } +} + +func test5(obj : NSManagedObject) { + // more variants... + + obj.setValue(createSecureKey(), forKey: "myKey") // BAD [NOT DETECTED] + obj.setValue(generateSecretKey(), forKey: "myKey") // BAD + obj.setValue(getCertificate(), forKey: "myKey") // BAD + + let gen = KeyGen() + let v = gen.generate() + + obj.setValue(KeyGen().generate(), forKey: "myKey") // BAD [NOT DETECTED] + obj.setValue(gen.generate(), forKey: "myKey") // BAD [NOT DETECTED] + obj.setValue(v, forKey: "myKey") // BAD [NOT DETECTED] + obj.setValue(KeyManager().generateKey(), forKey: "myKey") // BAD [NOT DETECTED] + obj.setValue(SecureKeyStore().getEncryptionKey(), forKey: "myKey") // BAD [NOT DETECTED] +} diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index d5a5ca7c3ec..b1b93de536c 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -14,20 +14,66 @@ func setMyString(str: String) { myString = str } func getMyString() -> String { return myString } func test1(passwd : String, encrypted_passwd : String, account_no : String, credit_card_no : String) { - let a = URL(string: "http://example.com/login?p=" + passwd); // BAD - let b = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive) - let c = URL(string: "http://example.com/login?ac=" + account_no); // BAD - let d = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD + _ = URL(string: "http://example.com/login?p=" + passwd); // BAD + _ = URL(string: "http://example.com/login?p=" + encrypted_passwd); // GOOD (not sensitive) + _ = URL(string: "http://example.com/login?ac=" + account_no); // BAD + _ = URL(string: "http://example.com/login?cc=" + credit_card_no); // BAD let base = URL(string: "http://example.com/"); // GOOD (not sensitive) - let e = URL(string: "abc", relativeTo: base); // GOOD (not sensitive) + _ = URL(string: "abc", relativeTo: base); // GOOD (not sensitive) let f = URL(string: passwd, relativeTo: base); // BAD - let g = URL(string: "abc", relativeTo: f); // BAD (reported on line above) + _ = URL(string: "abc", relativeTo: f); // BAD (reported on line above) let e_mail = myString - let h = URL(string: "http://example.com/login?em=" + e_mail); // BAD - var a_homeaddr_z = getMyString() - let i = URL(string: "http://example.com/login?home=" + a_homeaddr_z); // BAD - var resident_ID = getMyString() - let j = URL(string: "http://example.com/login?id=" + resident_ID); // BAD + _ = URL(string: "http://example.com/login?em=" + e_mail); // BAD + let a_homeaddr_z = getMyString() + _ = URL(string: "http://example.com/login?home=" + a_homeaddr_z); // BAD + let resident_ID = getMyString() + _ = URL(string: "http://example.com/login?id=" + resident_ID); // BAD +} + +func get_private_key() -> String { return "" } +func get_aes_key() -> String { return "" } +func get_aws_key() -> String { return "" } +func get_access_key() -> String { return "" } +func get_secret_key() -> String { return "" } +func get_key_press() -> String { return "" } +func get_cert_string() -> String { return "" } +func get_certain() -> String { return "" } + +func test2() { + // more variants... + + _ = URL(string: "http://example.com/login?key=" + get_private_key()); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=" + get_aes_key()); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=" + get_aws_key()); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=" + get_access_key()); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=" + get_secret_key()); // BAD + _ = URL(string: "http://example.com/login?key=" + get_key_press()); // GOOD (not sensitive) + _ = URL(string: "http://example.com/login?cert=" + get_cert_string()); // BAD + _ = URL(string: "http://example.com/login?cert=" + get_certain()); // GOOD (not sensitive) +} + +func get_string() -> String { return "" } + +func test3() { + // more variants... + + let priv_key = get_string() + let private_key = get_string() + let pub_key = get_string() + let certificate = get_string() + let secure_token = get_string() + let access_token = get_string() + let auth_token = get_string() + let next_token = get_string() + + _ = URL(string: "http://example.com/login?key=\(priv_key)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=\(private_key)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?key=\(pub_key)"); // GOOD (not sensitive) + _ = URL(string: "http://example.com/login?cert=\(certificate)"); // BAD + _ = URL(string: "http://example.com/login?tok=\(secure_token)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?tok=\(access_token)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?tok=\(auth_token)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?tok=\(next_token)"); // GOOD (not sensitive) } From e9507b98eff1463582add3232f735e8b5834ec91 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 4 Dec 2023 21:30:12 +0000 Subject: [PATCH 10/31] Swift: remove spurious stats file --- .../swift.dbscheme.stats | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats diff --git a/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats b/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats deleted file mode 100644 index 9995467e33e..00000000000 --- a/swift/ql/lib/upgrades/147e087e57e51b2eb41e75c9c97380d0e6c20ecb/swift.dbscheme.stats +++ /dev/null @@ -1,4 +0,0 @@ - - - - From 1d903c56ada24ab097a9c911de7bd1ad9ee6ad66 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 4 Dec 2023 19:23:30 +0000 Subject: [PATCH 11/31] Swift: Add a test with SecKeyCopyExternalRepresentation. --- .../CWE-311/CleartextTransmission.expected | 76 +++++++++---------- .../Security/CWE-311/SensitiveExprs.expected | 20 ++--- .../Security/CWE-311/testURL.swift | 32 +++++++- 3 files changed, 79 insertions(+), 49 deletions(-) diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index d3299cf29dd..7b11cbebde8 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -14,15 +14,15 @@ edges | testSend.swift:86:7:86:7 | self | file://:0:0:0:0 | self | | testSend.swift:94:27:94:30 | .password | testSend.swift:86:7:86:7 | self | | testSend.swift:94:27:94:30 | .password | testSend.swift:94:27:94:39 | .value | -| testURL.swift:17:50:17:50 | passwd | testURL.swift:17:18:17:50 | ... .+(_:_:) ... | -| testURL.swift:19:51:19:51 | account_no | testURL.swift:19:18:19:51 | ... .+(_:_:) ... | -| testURL.swift:20:51:20:51 | credit_card_no | testURL.swift:20:18:20:51 | ... .+(_:_:) ... | -| testURL.swift:28:51:28:51 | e_mail | testURL.swift:28:18:28:51 | ... .+(_:_:) ... | -| testURL.swift:30:53:30:53 | a_homeaddr_z | testURL.swift:30:18:30:53 | ... .+(_:_:) ... | -| testURL.swift:32:51:32:51 | resident_ID | testURL.swift:32:18:32:51 | ... .+(_:_:) ... | -| testURL.swift:51:52:51:67 | call to get_secret_key() | testURL.swift:51:18:51:67 | ... .+(_:_:) ... | -| testURL.swift:53:53:53:69 | call to get_cert_string() | testURL.swift:53:18:53:69 | ... .+(_:_:) ... | -| testURL.swift:74:51:74:51 | certificate | testURL.swift:74:18:74:18 | "..." | +| testURL.swift:39:50:39:50 | passwd | testURL.swift:39:18:39:50 | ... .+(_:_:) ... | +| testURL.swift:41:51:41:51 | account_no | testURL.swift:41:18:41:51 | ... .+(_:_:) ... | +| testURL.swift:42:51:42:51 | credit_card_no | testURL.swift:42:18:42:51 | ... .+(_:_:) ... | +| testURL.swift:50:51:50:51 | e_mail | testURL.swift:50:18:50:51 | ... .+(_:_:) ... | +| testURL.swift:52:53:52:53 | a_homeaddr_z | testURL.swift:52:18:52:53 | ... .+(_:_:) ... | +| testURL.swift:54:51:54:51 | resident_ID | testURL.swift:54:18:54:51 | ... .+(_:_:) ... | +| testURL.swift:73:52:73:67 | call to get_secret_key() | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | +| testURL.swift:75:53:75:69 | call to get_cert_string() | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | +| testURL.swift:96:51:96:51 | certificate | testURL.swift:96:18:96:18 | "..." | nodes | file://:0:0:0:0 | .value | semmle.label | .value | | file://:0:0:0:0 | self | semmle.label | self | @@ -55,25 +55,25 @@ nodes | testSend.swift:86:7:86:7 | self | semmle.label | self | | testSend.swift:94:27:94:30 | .password | semmle.label | .password | | testSend.swift:94:27:94:39 | .value | semmle.label | .value | -| testURL.swift:17:18:17:50 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:17:50:17:50 | passwd | semmle.label | passwd | -| testURL.swift:19:18:19:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:19:51:19:51 | account_no | semmle.label | account_no | -| testURL.swift:20:18:20:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:20:51:20:51 | credit_card_no | semmle.label | credit_card_no | -| testURL.swift:24:22:24:22 | passwd | semmle.label | passwd | -| testURL.swift:28:18:28:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:28:51:28:51 | e_mail | semmle.label | e_mail | -| testURL.swift:30:18:30:53 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:30:53:30:53 | a_homeaddr_z | semmle.label | a_homeaddr_z | -| testURL.swift:32:18:32:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:32:51:32:51 | resident_ID | semmle.label | resident_ID | -| testURL.swift:51:18:51:67 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:51:52:51:67 | call to get_secret_key() | semmle.label | call to get_secret_key() | -| testURL.swift:53:18:53:69 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | -| testURL.swift:53:53:53:69 | call to get_cert_string() | semmle.label | call to get_cert_string() | -| testURL.swift:74:18:74:18 | "..." | semmle.label | "..." | -| testURL.swift:74:51:74:51 | certificate | semmle.label | certificate | +| testURL.swift:39:18:39:50 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:39:50:39:50 | passwd | semmle.label | passwd | +| testURL.swift:41:18:41:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:41:51:41:51 | account_no | semmle.label | account_no | +| testURL.swift:42:18:42:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:42:51:42:51 | credit_card_no | semmle.label | credit_card_no | +| testURL.swift:46:22:46:22 | passwd | semmle.label | passwd | +| testURL.swift:50:18:50:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:50:51:50:51 | e_mail | semmle.label | e_mail | +| testURL.swift:52:18:52:53 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:52:53:52:53 | a_homeaddr_z | semmle.label | a_homeaddr_z | +| testURL.swift:54:18:54:51 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:54:51:54:51 | resident_ID | semmle.label | resident_ID | +| testURL.swift:73:18:73:67 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:73:52:73:67 | call to get_secret_key() | semmle.label | call to get_secret_key() | +| testURL.swift:75:18:75:69 | ... .+(_:_:) ... | semmle.label | ... .+(_:_:) ... | +| testURL.swift:75:53:75:69 | call to get_cert_string() | semmle.label | call to get_cert_string() | +| testURL.swift:96:18:96:18 | "..." | semmle.label | "..." | +| testURL.swift:96:51:96:51 | certificate | semmle.label | certificate | subpaths | testSend.swift:60:17:60:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:60:13:60:25 | call to pad(_:) | | testSend.swift:94:27:94:30 | .password | testSend.swift:86:7:86:7 | self | file://:0:0:0:0 | .value | testSend.swift:94:27:94:39 | .value | @@ -94,13 +94,13 @@ subpaths | testSend.swift:79:27:79:30 | .BankCardNo | testSend.swift:79:27:79:30 | .BankCardNo | testSend.swift:79:27:79:30 | .BankCardNo | This operation transmits '.BankCardNo', which may contain unencrypted sensitive data from $@. | testSend.swift:79:27:79:30 | .BankCardNo | .BankCardNo | | testSend.swift:80:27:80:30 | .MyCreditRating | testSend.swift:80:27:80:30 | .MyCreditRating | testSend.swift:80:27:80:30 | .MyCreditRating | This operation transmits '.MyCreditRating', which may contain unencrypted sensitive data from $@. | testSend.swift:80:27:80:30 | .MyCreditRating | .MyCreditRating | | testSend.swift:94:27:94:39 | .value | testSend.swift:94:27:94:30 | .password | testSend.swift:94:27:94:39 | .value | This operation transmits '.value', which may contain unencrypted sensitive data from $@. | testSend.swift:94:27:94:30 | .password | .password | -| testURL.swift:17:18:17:50 | ... .+(_:_:) ... | testURL.swift:17:50:17:50 | passwd | testURL.swift:17:18:17:50 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:17:50:17:50 | passwd | passwd | -| testURL.swift:19:18:19:51 | ... .+(_:_:) ... | testURL.swift:19:51:19:51 | account_no | testURL.swift:19:18:19:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:19:51:19:51 | account_no | account_no | -| testURL.swift:20:18:20:51 | ... .+(_:_:) ... | testURL.swift:20:51:20:51 | credit_card_no | testURL.swift:20:18:20:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:20:51:20:51 | credit_card_no | credit_card_no | -| testURL.swift:24:22:24:22 | passwd | testURL.swift:24:22:24:22 | passwd | testURL.swift:24:22:24:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:24:22:24:22 | passwd | passwd | -| testURL.swift:28:18:28:51 | ... .+(_:_:) ... | testURL.swift:28:51:28:51 | e_mail | testURL.swift:28:18:28:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:28:51:28:51 | e_mail | e_mail | -| testURL.swift:30:18:30:53 | ... .+(_:_:) ... | testURL.swift:30:53:30:53 | a_homeaddr_z | testURL.swift:30:18:30:53 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:30:53:30:53 | a_homeaddr_z | a_homeaddr_z | -| testURL.swift:32:18:32:51 | ... .+(_:_:) ... | testURL.swift:32:51:32:51 | resident_ID | testURL.swift:32:18:32:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:32:51:32:51 | resident_ID | resident_ID | -| testURL.swift:51:18:51:67 | ... .+(_:_:) ... | testURL.swift:51:52:51:67 | call to get_secret_key() | testURL.swift:51:18:51:67 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:51:52:51:67 | call to get_secret_key() | call to get_secret_key() | -| testURL.swift:53:18:53:69 | ... .+(_:_:) ... | testURL.swift:53:53:53:69 | call to get_cert_string() | testURL.swift:53:18:53:69 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:53:53:53:69 | call to get_cert_string() | call to get_cert_string() | -| testURL.swift:74:18:74:18 | "..." | testURL.swift:74:51:74:51 | certificate | testURL.swift:74:18:74:18 | "..." | This operation transmits '"..."', which may contain unencrypted sensitive data from $@. | testURL.swift:74:51:74:51 | certificate | certificate | +| testURL.swift:39:18:39:50 | ... .+(_:_:) ... | testURL.swift:39:50:39:50 | passwd | testURL.swift:39:18:39:50 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:39:50:39:50 | passwd | passwd | +| testURL.swift:41:18:41:51 | ... .+(_:_:) ... | testURL.swift:41:51:41:51 | account_no | testURL.swift:41:18:41:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:41:51:41:51 | account_no | account_no | +| testURL.swift:42:18:42:51 | ... .+(_:_:) ... | testURL.swift:42:51:42:51 | credit_card_no | testURL.swift:42:18:42:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:42:51:42:51 | credit_card_no | credit_card_no | +| testURL.swift:46:22:46:22 | passwd | testURL.swift:46:22:46:22 | passwd | testURL.swift:46:22:46:22 | passwd | This operation transmits 'passwd', which may contain unencrypted sensitive data from $@. | testURL.swift:46:22:46:22 | passwd | passwd | +| testURL.swift:50:18:50:51 | ... .+(_:_:) ... | testURL.swift:50:51:50:51 | e_mail | testURL.swift:50:18:50:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:50:51:50:51 | e_mail | e_mail | +| testURL.swift:52:18:52:53 | ... .+(_:_:) ... | testURL.swift:52:53:52:53 | a_homeaddr_z | testURL.swift:52:18:52:53 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:52:53:52:53 | a_homeaddr_z | a_homeaddr_z | +| testURL.swift:54:18:54:51 | ... .+(_:_:) ... | testURL.swift:54:51:54:51 | resident_ID | testURL.swift:54:18:54:51 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:54:51:54:51 | resident_ID | resident_ID | +| testURL.swift:73:18:73:67 | ... .+(_:_:) ... | testURL.swift:73:52:73:67 | call to get_secret_key() | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:73:52:73:67 | call to get_secret_key() | call to get_secret_key() | +| testURL.swift:75:18:75:69 | ... .+(_:_:) ... | testURL.swift:75:53:75:69 | call to get_cert_string() | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:75:53:75:69 | call to get_cert_string() | call to get_cert_string() | +| testURL.swift:96:18:96:18 | "..." | testURL.swift:96:51:96:51 | certificate | testURL.swift:96:18:96:18 | "..." | This operation transmits '"..."', which may contain unencrypted sensitive data from $@. | testURL.swift:96:51:96:51 | certificate | certificate | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 8a4d54aa6dd..70776f54bd8 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -165,13 +165,13 @@ | testSend.swift:79:27:79:30 | .BankCardNo | label:BankCardNo, type:private information | | testSend.swift:80:27:80:30 | .MyCreditRating | label:MyCreditRating, type:private information | | testSend.swift:94:27:94:30 | .password | label:password, type:credential | -| testURL.swift:17:50:17:50 | passwd | label:passwd, type:credential | -| testURL.swift:19:51:19:51 | account_no | label:account_no, type:private information | -| testURL.swift:20:51:20:51 | credit_card_no | label:credit_card_no, type:private information | -| testURL.swift:24:22:24:22 | passwd | label:passwd, type:credential | -| testURL.swift:28:51:28:51 | e_mail | label:e_mail, type:private information | -| testURL.swift:30:53:30:53 | a_homeaddr_z | label:a_homeaddr_z, type:private information | -| testURL.swift:32:51:32:51 | resident_ID | label:resident_ID, type:private information | -| testURL.swift:51:52:51:67 | call to get_secret_key() | label:get_secret_key, type:credential | -| testURL.swift:53:53:53:69 | call to get_cert_string() | label:get_cert_string, type:credential | -| testURL.swift:74:51:74:51 | certificate | label:certificate, type:credential | +| testURL.swift:39:50:39:50 | passwd | label:passwd, type:credential | +| testURL.swift:41:51:41:51 | account_no | label:account_no, type:private information | +| testURL.swift:42:51:42:51 | credit_card_no | label:credit_card_no, type:private information | +| testURL.swift:46:22:46:22 | passwd | label:passwd, type:credential | +| testURL.swift:50:51:50:51 | e_mail | label:e_mail, type:private information | +| testURL.swift:52:53:52:53 | a_homeaddr_z | label:a_homeaddr_z, type:private information | +| testURL.swift:54:51:54:51 | resident_ID | label:resident_ID, type:private information | +| testURL.swift:73:52:73:67 | call to get_secret_key() | label:get_secret_key, type:credential | +| testURL.swift:75:53:75:69 | call to get_cert_string() | label:get_cert_string, type:credential | +| testURL.swift:96:51:96:51 | certificate | label:certificate, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index b1b93de536c..2fef2c446bf 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -7,6 +7,28 @@ struct URL init?(string: String, relativeTo: URL?) {} } +class Data { +} + +extension String { + struct Encoding { + static let utf8 = Encoding() + } + + init?(data: Data, encoding: Encoding) { self.init() } +} + +class SecKey { +} + +class CFData { +} + +class CFError { +} + +func SecKeyCopyExternalRepresentation(_ key: SecKey, _ error: UnsafeMutablePointer?>?) -> CFData? { return nil } + // --- tests --- var myString = "" @@ -51,7 +73,7 @@ func test2() { _ = URL(string: "http://example.com/login?key=" + get_secret_key()); // BAD _ = URL(string: "http://example.com/login?key=" + get_key_press()); // GOOD (not sensitive) _ = URL(string: "http://example.com/login?cert=" + get_cert_string()); // BAD - _ = URL(string: "http://example.com/login?cert=" + get_certain()); // GOOD (not sensitive) + _ = URL(string: "http://example.com/login?certain=" + get_certain()); // GOOD (not sensitive) } func get_string() -> String { return "" } @@ -77,3 +99,11 @@ func test3() { _ = URL(string: "http://example.com/login?tok=\(auth_token)"); // BAD [NOT DETECTED] _ = URL(string: "http://example.com/login?tok=\(next_token)"); // GOOD (not sensitive) } + +func test4(key: SecKey) { + if let data = SecKeyCopyExternalRepresentation(key, nil) as? Data { + if let string = String(data: data, encoding: .utf8) { + _ = URL(string: "http://example.com/login?tok=\(string)"); // BAD [NOT DETECTED] + } + } +} From 5095031110874bdc44ed506663c1de67498e43c4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 5 Dec 2023 11:24:27 +0000 Subject: [PATCH 12/31] Swift: Model SecKeyCopyExternalRepresentation as an explicit sensitive data source. --- .../swift/frameworks/StandardLibrary/Security.qll | 13 +++++++++++++ .../frameworks/StandardLibrary/StandardLibrary.qll | 1 + .../lib/codeql/swift/security/SensitiveExprs.qll | 14 ++++++++++++++ .../CWE-311/CleartextTransmission.expected | 12 ++++++++++++ .../Security/CWE-311/SensitiveExprs.expected | 1 + .../query-tests/Security/CWE-311/testURL.swift | 2 +- 6 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll new file mode 100644 index 00000000000..4e926ec5d04 --- /dev/null +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll @@ -0,0 +1,13 @@ +/** + * Provides models for standard library Swift classses related to security + * (certificate, key and trust services). + */ + +import swift +private import codeql.swift.dataflow.ExternalFlow + +private class SensitiveSources extends SourceModelCsv { + override predicate row(string row) { + row = ";;false;SecKeyCopyExternalRepresentation(_:_:);;;ReturnValue;sensitive-credential" + } +} diff --git a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll index 7fe479162b5..f39330309ad 100644 --- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll +++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/StandardLibrary.qll @@ -19,6 +19,7 @@ private import NsUrl private import Numeric private import RawRepresentable private import PointerTypes +private import Security private import Sequence private import Set private import Stream diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index 9de1047642e..b230c29a78b 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -6,6 +6,8 @@ import swift import internal.SensitiveDataHeuristics +private import codeql.swift.dataflow.DataFlow +private import codeql.swift.dataflow.ExternalFlow private newtype TSensitiveDataType = TCredential() or @@ -172,6 +174,18 @@ class SensitiveExpr extends Expr { ) and // do not mark as sensitive it if it is probably safe not label.regexpMatch(regexpProbablySafe()) + or + ( + // modelled sensitive credential + sourceNode(DataFlow::exprNode(this), "sensitive-credential") and + sensitiveType = TCredential() and + label = "credential" + or + // modelled sensitive private information + sourceNode(DataFlow::exprNode(this), "sensitive-private-info") and + sensitiveType = TPrivateInfo() and + label = "private information" + ) } /** diff --git a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected index 7b11cbebde8..561dec9d13b 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/CleartextTransmission.expected @@ -23,6 +23,11 @@ edges | testURL.swift:73:52:73:67 | call to get_secret_key() | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | | testURL.swift:75:53:75:69 | call to get_cert_string() | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | | testURL.swift:96:51:96:51 | certificate | testURL.swift:96:18:96:18 | "..." | +| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:105:32:105:32 | data | +| testURL.swift:105:6:105:10 | let ...? [some:0] | testURL.swift:105:10:105:10 | string | +| testURL.swift:105:10:105:10 | string | testURL.swift:106:20:106:20 | "..." | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | testURL.swift:105:6:105:10 | let ...? [some:0] | +| testURL.swift:105:32:105:32 | data | testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | nodes | file://:0:0:0:0 | .value | semmle.label | .value | | file://:0:0:0:0 | self | semmle.label | self | @@ -74,6 +79,12 @@ nodes | testURL.swift:75:53:75:69 | call to get_cert_string() | semmle.label | call to get_cert_string() | | testURL.swift:96:18:96:18 | "..." | semmle.label | "..." | | testURL.swift:96:51:96:51 | certificate | semmle.label | certificate | +| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | semmle.label | call to SecKeyCopyExternalRepresentation(_:_:) | +| testURL.swift:105:6:105:10 | let ...? [some:0] | semmle.label | let ...? [some:0] | +| testURL.swift:105:10:105:10 | string | semmle.label | string | +| testURL.swift:105:19:105:53 | call to String.init(data:encoding:) [some:0] | semmle.label | call to String.init(data:encoding:) [some:0] | +| testURL.swift:105:32:105:32 | data | semmle.label | data | +| testURL.swift:106:20:106:20 | "..." | semmle.label | "..." | subpaths | testSend.swift:60:17:60:17 | password | testSend.swift:41:10:41:18 | data | testSend.swift:41:45:41:45 | data | testSend.swift:60:13:60:25 | call to pad(_:) | | testSend.swift:94:27:94:30 | .password | testSend.swift:86:7:86:7 | self | file://:0:0:0:0 | .value | testSend.swift:94:27:94:39 | .value | @@ -104,3 +115,4 @@ subpaths | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | testURL.swift:73:52:73:67 | call to get_secret_key() | testURL.swift:73:18:73:67 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:73:52:73:67 | call to get_secret_key() | call to get_secret_key() | | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | testURL.swift:75:53:75:69 | call to get_cert_string() | testURL.swift:75:18:75:69 | ... .+(_:_:) ... | This operation transmits '... .+(_:_:) ...', which may contain unencrypted sensitive data from $@. | testURL.swift:75:53:75:69 | call to get_cert_string() | call to get_cert_string() | | testURL.swift:96:18:96:18 | "..." | testURL.swift:96:51:96:51 | certificate | testURL.swift:96:18:96:18 | "..." | This operation transmits '"..."', which may contain unencrypted sensitive data from $@. | testURL.swift:96:51:96:51 | certificate | certificate | +| testURL.swift:106:20:106:20 | "..." | testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | testURL.swift:106:20:106:20 | "..." | This operation transmits '"..."', which may contain unencrypted sensitive data from $@. | testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | call to SecKeyCopyExternalRepresentation(_:_:) | diff --git a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected index 70776f54bd8..705f02257f9 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected +++ b/swift/ql/test/query-tests/Security/CWE-311/SensitiveExprs.expected @@ -175,3 +175,4 @@ | testURL.swift:73:52:73:67 | call to get_secret_key() | label:get_secret_key, type:credential | | testURL.swift:75:53:75:69 | call to get_cert_string() | label:get_cert_string, type:credential | | testURL.swift:96:51:96:51 | certificate | label:certificate, type:credential | +| testURL.swift:104:16:104:57 | call to SecKeyCopyExternalRepresentation(_:_:) | label:credential, type:credential | diff --git a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift index 2fef2c446bf..1a43fcd6679 100644 --- a/swift/ql/test/query-tests/Security/CWE-311/testURL.swift +++ b/swift/ql/test/query-tests/Security/CWE-311/testURL.swift @@ -103,7 +103,7 @@ func test3() { func test4(key: SecKey) { if let data = SecKeyCopyExternalRepresentation(key, nil) as? Data { if let string = String(data: data, encoding: .utf8) { - _ = URL(string: "http://example.com/login?tok=\(string)"); // BAD [NOT DETECTED] + _ = URL(string: "http://example.com/login?tok=\(string)"); // BAD } } } From 11d582db5197f77efad982704bb720711a82e1a6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 5 Dec 2023 13:17:23 +0000 Subject: [PATCH 13/31] Swift: Change note. --- swift/ql/lib/change-notes/2023-12-05-seckey.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 swift/ql/lib/change-notes/2023-12-05-seckey.md diff --git a/swift/ql/lib/change-notes/2023-12-05-seckey.md b/swift/ql/lib/change-notes/2023-12-05-seckey.md new file mode 100644 index 00000000000..883eedd48a5 --- /dev/null +++ b/swift/ql/lib/change-notes/2023-12-05-seckey.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added a sensitive data model for `SecKeyCopyExternalRepresentation`. From 9390b482284a92c210b33dbb8f472acdbc951656 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 5 Dec 2023 15:07:50 +0100 Subject: [PATCH 14/31] C#: Add (U)IntPtr parameter default test cases. --- .../library-tests/parameters/Parameters.cs | 4 +++- .../library-tests/parameters/Parameters.cs_ | 4 +++- .../library-tests/parameters/Parameters.dll | Bin 6144 -> 6144 bytes 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs b/csharp/ql/test/library-tests/parameters/Parameters.cs index ee62454b404..0810be7fe94 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs @@ -27,6 +27,8 @@ public class Parameters public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; public void M20([Optional, DefaultParameterValue(7)] MyStruct arg10) => throw null; public void M21([Optional, DefaultParameterValue("mystring")] MyStruct arg10) => throw null; + public void M22(nuint arg11 = 0) => throw null; + public void M23(nint arg12 = 0) => throw null; public struct MyStruct { @@ -35,4 +37,4 @@ public class Parameters } public enum MyEnum { A = 1, B = 2 } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/parameters/Parameters.cs_ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ index 136e7262b98..b9042bf83d6 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.cs_ +++ b/csharp/ql/test/library-tests/parameters/Parameters.cs_ @@ -27,6 +27,8 @@ public class ParametersDll public void M19([Optional, DecimalConstant(1, 0, 0, 0, 103)] decimal arg9) => throw null; public void M20([Optional, DefaultParameterValue(7)] MyStruct arg10) => throw null; public void M21([Optional, DefaultParameterValue("mystring")] MyStruct arg10) => throw null; + public void M22(nuint arg11 = 0) => throw null; + public void M23(nint arg12 = 0) => throw null; public struct MyStruct { @@ -35,4 +37,4 @@ public class ParametersDll } public enum MyEnum { A = 1, B = 2 } -} \ No newline at end of file +} diff --git a/csharp/ql/test/library-tests/parameters/Parameters.dll b/csharp/ql/test/library-tests/parameters/Parameters.dll index 3358306fc8976442d42361e9615275591f8a928d..a7b95138c125e6e10726d8e68d0fc9450d9d673b 100644 GIT binary patch delta 1709 zcmZXVe@s_9kE0juL(5g#Bg7 zxb~surae1b)I7b(fQx;wt`>cac^ZOi>T0Ulze<0^eq2_jE})h0P}MwpR2D@IDHsDL zl8uNoF{rszESGce0Iy-9ReWHWc-AOl^`cNbtofQ|sm?d**e%oyBgP!^m{cqfif45E zJyd*AGoV>zM50VJ=u6J%)BJkqBx7|`XB8m$2Vvn?9Fj{Cwt*K@X6V|(oMQ=NE&)gW ztZS0XD)^|saL7tl_=v2HaOTytJQ$odnn7)#22hNsJVIVDj*_{u52iVRK5S_}j~B_e z$Vfol&;fs#w=GbgumM_g!Uk#k5~gb12~!W#KWoUvP?UPy(P|9wMg|?bm*&Pv$L_-! zZi6Am_R>;t%CV>LCem=)u^vpohc_JS=YnTo*s&qne2h9KX!hqx{_VHm6J%l1N#BJl z$i_R4?P4tl?>W}WS}vv>JHT;y_|UO#T*U%ha_j|Mytr5?IbpS(j)w@7E!=u89Y!u@0t+DL&Z`Cpdl{GFPO+`_Y*LZWo(|mp1T&%xa87}M4&9~jdL$z#-lYVYo z)w{S!$L;66S#n$RPW!aCFpqsj2W~;A+*pcDw&CY>+O=(s;&;%^83>@=l8vP zq4dv%HSzXTmq>O6gveCz$2-&Zh|u-LGv7h1kMRG7P9DAd@b{{3t<(6y;d;(~f^+x- zkmIw9tpe*(R_3Q4o&9mc!TEb18$EZ>W8Y)7hMZ*E+fI^mH?6+)j+ayI`p?eQT_4!( j{D7#bpHOiimY*S7ZNINSo;LS4Y4qM6_hnoYv2yocCFCLr delta 1615 zcmZ{ke@vBC7{|ZoJ(m~m1?j!sIO3j-@=xQrSziyE{V30~`XTS!1K5BQSBLJj+?RFf4=&bNvkz=vxAb;)YEDQE+soxlK}Gm>%h zBVF4%JG%8OO+LWGXJ}J1S{QR6LiL*(YWTdD`eD^CD;MNY74p{Ep!z@-Mt-&gW5C95 zVwJSSKQ1(P7!Dey8GnO`FGG)wS%0#ApVUkhn!_eO z4ILjh%rabRt%`6!gZaucW|+s6zR6fGYD5Eq9|#8*&?A@6tCd`?RxD)h9?r3xF^_=i zoXJTZs^C`7v!t3C8$RY@+*B=95PIhki?WS!F_vJve1V*@21&0Rf^AP?2)Fl*;Q;vt z*_5jn^khbe%NA&zSEE#2^D0KQYhLNxbMs1XX5@-OI>tLG54v(0#<`G~tLmr{G3Kf} z@irS_+*KV^DVTKCqnJi2-g4D0d;~wHT(uXoNW&3Vy`;WKC}}UpS!Cg3*ISG8$i^qG zYGE#jldfuKE(f2xs*81tamrOY@dK{GSFU;*bI8RRSM67Ac6KCyzYxNOE1o&B0{mpu z{-jCi5e4w%ftOZ3q1#g6J<{TS0EuI+<2c%J9PK!cuK9oG-z*}WuGEySF@ran=?aZg zWt;}mgUw_D?k5GN<$qah{FR0q*h~Uj3?DR3kKq%BQRBaC;si1x*nfIYU+Wgd0qI3Z z3jQ{_c``{KN=OG4hBp{i8#WkjG;B58O4{fl7h#yp#vw8n+l=3Dn1riQg@steZcjpn z%1IimFXGE%i&chXIHC*zWRlrfL55IGUWW)-iD$_h@gjK(4wCDQ-%M6=#t!B6=4?JH zcJr{Ru$!Hz*^Y~1)HtKY8KvX1P9Pueh!Y$&AuckW5K?HqZ@5QpM}_r@)HSa%UTqb4 zy0KpMdvgNE_*YEiiT!hxVMa}Q1I34FWUvqQ)5D%S%nqs5MU55Z*xJ=WHimhtU%UlQ zV;J{^wHrovm=*D5z5(f+ez$JwGqIy_V79wg40-$GCl`1`{A_BcNC(2-wx5D%Y~s&^ zJ-lo97OzolPP#qAXvR^!PQEky>FOW9zns}H*mUHO_QrCRy8`tDaxBdQ5 x(QCC?-%bBommEuXU-5de6{^XfEkf!6|A?CKx5QHy{voZJHF1C1oQReu{tZ0A8I=G4 From 172445f5e71228924a6ee751b058639fd15a6810 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 21 Nov 2022 12:28:18 -0500 Subject: [PATCH 15/31] C++: replace Guards with IRGuards --- .../semmle/code/cpp/controlflow/Guards.qll | 366 +----------------- 1 file changed, 1 insertion(+), 365 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/Guards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/Guards.qll index e7809358bce..e248d97ae03 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/Guards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/Guards.qll @@ -7,371 +7,7 @@ import cpp import semmle.code.cpp.controlflow.BasicBlocks import semmle.code.cpp.controlflow.SSA import semmle.code.cpp.controlflow.Dominance - -/** - * A Boolean condition that guards one or more basic blocks. This includes - * operands of logical operators but not switch statements. - */ -class GuardCondition extends Expr { - GuardCondition() { is_condition(this) } - - /** - * Holds if this condition controls `block`, meaning that `block` is only - * entered if the value of this condition is `testIsTrue`. - * - * Illustration: - * - * ``` - * [ (testIsTrue) ] - * [ this ----------------succ ---- controlled ] - * [ | | ] - * [ (testIsFalse) | ------ ... ] - * [ other ] - * ``` - * - * The predicate holds if all paths to `controlled` go via the `testIsTrue` - * edge of the control-flow graph. In other words, the `testIsTrue` edge - * must dominate `controlled`. This means that `controlled` must be - * dominated by both `this` and `succ` (the target of the `testIsTrue` - * edge). It also means that any other edge into `succ` must be a back-edge - * from a node which is dominated by `succ`. - * - * The short-circuit boolean operations have slightly surprising behavior - * here: because the operation itself only dominates one branch (due to - * being short-circuited) then it will only control blocks dominated by the - * true (for `&&`) or false (for `||`) branch. - */ - cached - predicate controls(BasicBlock controlled, boolean testIsTrue) { - // This condition must determine the flow of control; that is, this - // node must be a top-level condition. - this.controlsBlock(controlled, testIsTrue) - or - exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | - this = binop and - lhs = binop.getLeftOperand() and - rhs = binop.getRightOperand() and - lhs.controls(controlled, testIsTrue) and - rhs.controls(controlled, testIsTrue) - ) - or - exists(GuardCondition ne, GuardCondition operand | - this = operand and - operand = ne.(NotExpr).getOperand() and - ne.controls(controlled, testIsTrue.booleanNot()) - ) - } - - /** Holds if (determined by this guard) `left < right + k` evaluates to `isLessThan` if this expression evaluates to `testIsTrue`. */ - cached - predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { - compares_lt(this, left, right, k, isLessThan, testIsTrue) - } - - /** - * Holds if (determined by this guard) `left < right + k` must be `isLessThan` in `block`. - * If `isLessThan = false` then this implies `left >= right + k`. - */ - cached - predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { - exists(boolean testIsTrue | - compares_lt(this, left, right, k, isLessThan, testIsTrue) and this.controls(block, testIsTrue) - ) - } - - /** Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this expression evaluates to `testIsTrue`. */ - cached - predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { - compares_eq(this, left, right, k, areEqual, testIsTrue) - } - - /** - * Holds if (determined by this guard) `left == right + k` must be `areEqual` in `block`. - * If `areEqual = false` then this implies `left != right + k`. - */ - cached - predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { - exists(boolean testIsTrue | - compares_eq(this, left, right, k, areEqual, testIsTrue) and this.controls(block, testIsTrue) - ) - } - - /** - * Holds if this condition controls `block`, meaning that `block` is only - * entered if the value of this condition is `testIsTrue`. This helper - * predicate does not necessarily hold for binary logical operations like - * `&&` and `||`. See the detailed explanation on predicate `controls`. - */ - private predicate controlsBlock(BasicBlock controlled, boolean testIsTrue) { - exists(BasicBlock thisblock | thisblock.contains(this) | - exists(BasicBlock succ | - testIsTrue = true and succ = this.getATrueSuccessor() - or - testIsTrue = false and succ = this.getAFalseSuccessor() - | - bbDominates(succ, controlled) and - forall(BasicBlock pred | pred.getASuccessor() = succ | - pred = thisblock or bbDominates(succ, pred) or not reachable(pred) - ) - ) - ) - } -} - -private predicate is_condition(Expr guard) { - guard.isCondition() - or - is_condition(guard.(BinaryLogicalOperation).getAnOperand()) - or - exists(NotExpr cond | is_condition(cond) and cond.getOperand() = guard) -} - -/* - * Simplification of equality expressions: - * Simplify conditions in the source to the canonical form l op r + k. - */ - -/** - * Holds if `left == right + k` is `areEqual` given that test is `testIsTrue`. - * - * Beware making mistaken logical implications here relating `areEqual` and `testIsTrue`. - */ -private predicate compares_eq( - Expr test, Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue -) { - /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */ - exists(boolean eq | simple_comparison_eq(test, left, right, k, eq) | - areEqual = true and testIsTrue = eq - or - areEqual = false and testIsTrue = eq.booleanNot() - ) - or - logical_comparison_eq(test, left, right, k, areEqual, testIsTrue) - or - /* a == b + k => b == a - k */ - exists(int mk | k = -mk | compares_eq(test, right, left, mk, areEqual, testIsTrue)) - or - complex_eq(test, left, right, k, areEqual, testIsTrue) - or - /* (x is true => (left == right + k)) => (!x is false => (left == right + k)) */ - exists(boolean isFalse | testIsTrue = isFalse.booleanNot() | - compares_eq(test.(NotExpr).getOperand(), left, right, k, areEqual, isFalse) - ) -} - -/** - * If `test => part` and `part => left == right + k` then `test => left == right + k`. - * Similarly for the case where `test` is false. - */ -private predicate logical_comparison_eq( - BinaryLogicalOperation test, Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue -) { - exists(boolean partIsTrue, Expr part | test.impliesValue(part, partIsTrue, testIsTrue) | - compares_eq(part, left, right, k, areEqual, partIsTrue) - ) -} - -/** Rearrange various simple comparisons into `left == right + k` form. */ -private predicate simple_comparison_eq( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean areEqual -) { - left = cmp.getLeftOperand() and - cmp.getOperator() = "==" and - right = cmp.getRightOperand() and - k = 0 and - areEqual = true - or - left = cmp.getLeftOperand() and - cmp.getOperator() = "!=" and - right = cmp.getRightOperand() and - k = 0 and - areEqual = false -} - -private predicate complex_eq( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue -) { - sub_eq(cmp, left, right, k, areEqual, testIsTrue) - or - add_eq(cmp, left, right, k, areEqual, testIsTrue) -} - -// left - x == right + c => left == right + (c+x) -// left == (right - x) + c => left == right + (c-x) -private predicate sub_eq( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue -) { - exists(SubExpr lhs, int c, int x | - compares_eq(cmp, lhs, right, c, areEqual, testIsTrue) and - left = lhs.getLeftOperand() and - x = int_value(lhs.getRightOperand()) and - k = c + x - ) - or - exists(SubExpr rhs, int c, int x | - compares_eq(cmp, left, rhs, c, areEqual, testIsTrue) and - right = rhs.getLeftOperand() and - x = int_value(rhs.getRightOperand()) and - k = c - x - ) -} - -// left + x == right + c => left == right + (c-x) -// left == (right + x) + c => left == right + (c+x) -private predicate add_eq( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue -) { - exists(AddExpr lhs, int c, int x | - compares_eq(cmp, lhs, right, c, areEqual, testIsTrue) and - ( - left = lhs.getLeftOperand() and x = int_value(lhs.getRightOperand()) - or - left = lhs.getRightOperand() and x = int_value(lhs.getLeftOperand()) - ) and - k = c - x - ) - or - exists(AddExpr rhs, int c, int x | - compares_eq(cmp, left, rhs, c, areEqual, testIsTrue) and - ( - right = rhs.getLeftOperand() and x = int_value(rhs.getRightOperand()) - or - right = rhs.getRightOperand() and x = int_value(rhs.getLeftOperand()) - ) and - k = c + x - ) -} - -/* - * Simplification of inequality expressions: - * Simplify conditions in the source to the canonical form l < r + k. - */ - -/** Holds if `left < right + k` evaluates to `isLt` given that test is `testIsTrue`. */ -private predicate compares_lt( - Expr test, Expr left, Expr right, int k, boolean isLt, boolean testIsTrue -) { - /* In the simple case, the test is the comparison, so isLt = testIsTrue */ - simple_comparison_lt(test, left, right, k) and isLt = true and testIsTrue = true - or - simple_comparison_lt(test, left, right, k) and isLt = false and testIsTrue = false - or - logical_comparison_lt(test, left, right, k, isLt, testIsTrue) - or - complex_lt(test, left, right, k, isLt, testIsTrue) - or - /* (not (left < right + k)) => (left >= right + k) */ - exists(boolean isGe | isLt = isGe.booleanNot() | - compares_ge(test, left, right, k, isGe, testIsTrue) - ) - or - /* (x is true => (left < right + k)) => (!x is false => (left < right + k)) */ - exists(boolean isFalse | testIsTrue = isFalse.booleanNot() | - compares_lt(test.(NotExpr).getOperand(), left, right, k, isLt, isFalse) - ) -} - -/** `(a < b + k) => (b > a - k) => (b >= a + (1-k))` */ -private predicate compares_ge( - Expr test, Expr left, Expr right, int k, boolean isGe, boolean testIsTrue -) { - exists(int onemk | k = 1 - onemk | compares_lt(test, right, left, onemk, isGe, testIsTrue)) -} - -/** - * If `test => part` and `part => left < right + k` then `test => left < right + k`. - * Similarly for the case where `test` evaluates false. - */ -private predicate logical_comparison_lt( - BinaryLogicalOperation test, Expr left, Expr right, int k, boolean isLt, boolean testIsTrue -) { - exists(boolean partIsTrue, Expr part | test.impliesValue(part, partIsTrue, testIsTrue) | - compares_lt(part, left, right, k, isLt, partIsTrue) - ) -} - -/** Rearrange various simple comparisons into `left < right + k` form. */ -private predicate simple_comparison_lt(ComparisonOperation cmp, Expr left, Expr right, int k) { - left = cmp.getLeftOperand() and - cmp.getOperator() = "<" and - right = cmp.getRightOperand() and - k = 0 - or - left = cmp.getLeftOperand() and - cmp.getOperator() = "<=" and - right = cmp.getRightOperand() and - k = 1 - or - right = cmp.getLeftOperand() and - cmp.getOperator() = ">" and - left = cmp.getRightOperand() and - k = 0 - or - right = cmp.getLeftOperand() and - cmp.getOperator() = ">=" and - left = cmp.getRightOperand() and - k = 1 -} - -private predicate complex_lt( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean isLt, boolean testIsTrue -) { - sub_lt(cmp, left, right, k, isLt, testIsTrue) - or - add_lt(cmp, left, right, k, isLt, testIsTrue) -} - -// left - x < right + c => left < right + (c+x) -// left < (right - x) + c => left < right + (c-x) -private predicate sub_lt( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean isLt, boolean testIsTrue -) { - exists(SubExpr lhs, int c, int x | - compares_lt(cmp, lhs, right, c, isLt, testIsTrue) and - left = lhs.getLeftOperand() and - x = int_value(lhs.getRightOperand()) and - k = c + x - ) - or - exists(SubExpr rhs, int c, int x | - compares_lt(cmp, left, rhs, c, isLt, testIsTrue) and - right = rhs.getLeftOperand() and - x = int_value(rhs.getRightOperand()) and - k = c - x - ) -} - -// left + x < right + c => left < right + (c-x) -// left < (right + x) + c => left < right + (c+x) -private predicate add_lt( - ComparisonOperation cmp, Expr left, Expr right, int k, boolean isLt, boolean testIsTrue -) { - exists(AddExpr lhs, int c, int x | - compares_lt(cmp, lhs, right, c, isLt, testIsTrue) and - ( - left = lhs.getLeftOperand() and x = int_value(lhs.getRightOperand()) - or - left = lhs.getRightOperand() and x = int_value(lhs.getLeftOperand()) - ) and - k = c - x - ) - or - exists(AddExpr rhs, int c, int x | - compares_lt(cmp, left, rhs, c, isLt, testIsTrue) and - ( - right = rhs.getLeftOperand() and x = int_value(rhs.getRightOperand()) - or - right = rhs.getRightOperand() and x = int_value(rhs.getLeftOperand()) - ) and - k = c + x - ) -} - -/** The `int` value of integer constant expression. */ -private int int_value(Expr e) { - e.getUnderlyingType() instanceof IntegralType and - result = e.getValue().toInt() -} +import IRGuards /** An `SsaDefinition` with an additional predicate `isLt`. */ class GuardedSsa extends SsaDefinition { From 88073a5fb20538945d3d383db9e6eea6c4808bd8 Mon Sep 17 00:00:00 2001 From: Robert Marsh Date: Mon, 21 Nov 2022 12:41:09 -0500 Subject: [PATCH 16/31] C++: change note for IRGuards replacing Guards --- cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md diff --git a/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md b/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md new file mode 100644 index 00000000000..aa924c2a497 --- /dev/null +++ b/cpp/ql/lib/change-notes/2022-11-21-ir-guards-replacement.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `Guards` library has been replaced with the API-compatible `IRGuards` implementation, which has better precision in some cases. \ No newline at end of file From edf178696deb68383ebff83d743102a91268a827 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Mon, 4 Dec 2023 11:56:30 +0100 Subject: [PATCH 17/31] C++: accept test changes for IR Guards replacement --- .../controlflow/controlflow/SsaLt.expected | 7 +------ .../controlflow/guards/Guards.expected | 1 - .../controlflow/guards/GuardsControl.expected | 12 +++++------- .../controlflow/guards/GuardsEnsure.expected | 16 ++++++---------- 4 files changed, 12 insertions(+), 24 deletions(-) diff --git a/cpp/ql/test/library-tests/controlflow/controlflow/SsaLt.expected b/cpp/ql/test/library-tests/controlflow/controlflow/SsaLt.expected index 35c1c7aec9c..2535eee7184 100644 --- a/cpp/ql/test/library-tests/controlflow/controlflow/SsaLt.expected +++ b/cpp/ql/test/library-tests/controlflow/controlflow/SsaLt.expected @@ -11,7 +11,6 @@ | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 50 | 52 | | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 53 | 53 | | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 53 | 55 | -| test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 56 | 63 | | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 59 | 61 | | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | < | test.c:17:12:17:12 | 0 | 64 | 71 | | test.c:2:31:72:1 | { ... } | test.c:2:14:2:14 | x | > | test.c:7:13:7:13 | 0 | 7 | 9 | @@ -23,7 +22,6 @@ | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 50 | 52 | | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 53 | 53 | | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 53 | 55 | -| test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 56 | 63 | | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 59 | 61 | | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | < | test.c:34:15:34:15 | 0 | 64 | 71 | | test.c:34:11:34:11 | x | test.c:2:14:2:14 | x | > | test.c:34:15:34:15 | 0 | 34 | 36 | @@ -33,20 +31,17 @@ | test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 50 | 52 | | test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 53 | 53 | | test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 53 | 55 | -| test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 56 | 63 | | test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 59 | 61 | | test.c:42:16:42:16 | j | test.c:3:9:3:9 | j | > | test.c:42:20:42:21 | 10 | 64 | 71 | +| test.c:47:5:47:10 | ... += ... | test.c:2:28:2:28 | z | < | test.c:52:16:52:16 | 0 | 50 | 50 | | test.c:47:5:47:10 | ... += ... | test.c:2:28:2:28 | z | < | test.c:52:16:52:16 | 0 | 59 | 61 | | test.c:47:5:47:10 | ... += ... | test.c:2:28:2:28 | z | > | test.c:52:16:52:16 | 0 | 53 | 53 | | test.c:47:5:47:10 | ... += ... | test.c:2:28:2:28 | z | > | test.c:52:16:52:16 | 0 | 53 | 55 | -| test.c:47:5:47:10 | ... += ... | test.c:2:28:2:28 | z | > | test.c:52:16:52:16 | 0 | 56 | 63 | | test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 50 | 50 | | test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 50 | 52 | | test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 53 | 53 | | test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 53 | 55 | -| test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 56 | 63 | | test.c:50:16:50:16 | j | test.c:3:9:3:9 | j | < | test.c:50:20:50:21 | 10 | 59 | 61 | -| test.c:51:9:51:14 | ... = ... | test.c:4:10:4:10 | y | < | test.c:53:20:53:20 | 0 | 56 | 63 | | test.c:51:9:51:14 | ... = ... | test.c:4:10:4:10 | y | > | test.c:53:20:53:20 | 0 | 53 | 55 | | test.c:74:19:89:1 | { ... } | test.c:74:16:74:16 | a | > | test.c:79:17:79:19 | 100 | 79 | 81 | | test.cpp:9:19:9:19 | i | test.cpp:9:12:9:12 | i | < | test.cpp:9:23:9:24 | 10 | 9 | 9 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected index b73e7064339..4193bd49fef 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected @@ -24,7 +24,6 @@ | test.c:126:12:126:26 | call to test3_condition | | test.c:131:7:131:7 | b | | test.c:137:7:137:7 | 0 | -| test.c:138:9:138:9 | i | | test.c:146:7:146:8 | ! ... | | test.c:146:8:146:8 | x | | test.cpp:18:8:18:10 | call to get | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index a9f1c7aa6c4..1e0aed878bf 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -12,7 +12,6 @@ | test.c:26:11:26:15 | ... > ... | false | 42 | 44 | | test.c:26:11:26:15 | ... > ... | false | 45 | 45 | | test.c:26:11:26:15 | ... > ... | false | 45 | 47 | -| test.c:26:11:26:15 | ... > ... | false | 48 | 55 | | test.c:26:11:26:15 | ... > ... | false | 51 | 53 | | test.c:26:11:26:15 | ... > ... | false | 56 | 58 | | test.c:26:11:26:15 | ... > ... | false | 58 | 58 | @@ -25,7 +24,6 @@ | test.c:34:16:34:21 | ... < ... | false | 42 | 44 | | test.c:34:16:34:21 | ... < ... | false | 45 | 45 | | test.c:34:16:34:21 | ... < ... | false | 45 | 47 | -| test.c:34:16:34:21 | ... < ... | false | 48 | 55 | | test.c:34:16:34:21 | ... < ... | false | 51 | 53 | | test.c:34:16:34:21 | ... < ... | false | 56 | 58 | | test.c:34:16:34:21 | ... < ... | false | 58 | 58 | @@ -36,13 +34,11 @@ | test.c:42:16:42:21 | ... < ... | true | 42 | 44 | | test.c:42:16:42:21 | ... < ... | true | 45 | 45 | | test.c:42:16:42:21 | ... < ... | true | 45 | 47 | -| test.c:42:16:42:21 | ... < ... | true | 48 | 55 | | test.c:42:16:42:21 | ... < ... | true | 51 | 53 | +| test.c:44:12:44:16 | ... > ... | false | 42 | 42 | | test.c:44:12:44:16 | ... > ... | false | 51 | 53 | | test.c:44:12:44:16 | ... > ... | true | 45 | 45 | | test.c:44:12:44:16 | ... > ... | true | 45 | 47 | -| test.c:44:12:44:16 | ... > ... | true | 48 | 55 | -| test.c:45:16:45:20 | ... > ... | false | 48 | 55 | | test.c:45:16:45:20 | ... > ... | true | 45 | 47 | | test.c:58:9:58:14 | ... == ... | false | 58 | 58 | | test.c:58:9:58:14 | ... == ... | false | 62 | 62 | @@ -81,10 +77,12 @@ | test.c:126:12:126:26 | call to test3_condition | true | 126 | 128 | | test.c:131:7:131:7 | b | true | 131 | 132 | | test.c:137:7:137:7 | 0 | false | 142 | 136 | -| test.c:138:9:138:9 | i | true | 138 | 139 | | test.c:146:7:146:8 | ! ... | true | 146 | 147 | | test.c:146:8:146:8 | x | false | 146 | 147 | -| test.cpp:18:8:18:10 | call to get | false | 20 | 16 | +| test.cpp:18:8:18:10 | call to get | true | 19 | 19 | +| test.cpp:31:7:31:13 | ... == ... | false | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | false | 34 | 34 | +| test.cpp:31:7:31:13 | ... == ... | true | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | true | 31 | 32 | +| test.cpp:42:13:42:20 | call to getABool | false | 53 | 53 | | test.cpp:42:13:42:20 | call to getABool | true | 43 | 45 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index 99a1097618d..e5328aefa62 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -20,7 +20,6 @@ | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 42 | 44 | | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 45 | 45 | | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 45 | 47 | -| test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 48 | 55 | | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 51 | 53 | | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 56 | 58 | | test.c:26:11:26:15 | ... > ... | test.c:26:11:26:11 | x | < | test.c:26:15:26:15 | 0 | 1 | 58 | 58 | @@ -36,7 +35,6 @@ | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 42 | 44 | | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 45 | 45 | | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 45 | 47 | -| test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 48 | 55 | | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 51 | 53 | | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 56 | 58 | | test.c:26:11:26:15 | ... > ... | test.c:26:15:26:15 | 0 | >= | test.c:26:11:26:11 | x | 0 | 58 | 58 | @@ -49,7 +47,6 @@ | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 42 | 44 | | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 45 | 45 | | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 45 | 47 | -| test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 48 | 55 | | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 51 | 53 | | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 56 | 58 | | test.c:34:16:34:21 | ... < ... | test.c:34:16:34:16 | j | >= | test.c:34:20:34:21 | 10 | 0 | 58 | 58 | @@ -61,7 +58,6 @@ | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 42 | 44 | | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 45 | 45 | | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 45 | 47 | -| test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 48 | 55 | | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 51 | 53 | | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 56 | 58 | | test.c:34:16:34:21 | ... < ... | test.c:34:20:34:21 | 10 | < | test.c:34:16:34:16 | j | 1 | 58 | 58 | @@ -72,26 +68,22 @@ | test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | test.c:42:20:42:21 | 10 | 0 | 42 | 44 | | test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | test.c:42:20:42:21 | 10 | 0 | 45 | 45 | | test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | test.c:42:20:42:21 | 10 | 0 | 45 | 47 | -| test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | test.c:42:20:42:21 | 10 | 0 | 48 | 55 | | test.c:42:16:42:21 | ... < ... | test.c:42:16:42:16 | j | < | test.c:42:20:42:21 | 10 | 0 | 51 | 53 | | test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 42 | 42 | | test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 42 | 44 | | test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 45 | 45 | | test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 45 | 47 | -| test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 48 | 55 | | test.c:42:16:42:21 | ... < ... | test.c:42:20:42:21 | 10 | >= | test.c:42:16:42:16 | j | 1 | 51 | 53 | +| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | < | test.c:44:16:44:16 | 0 | 1 | 42 | 42 | | test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | < | test.c:44:16:44:16 | 0 | 1 | 51 | 53 | | test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | >= | test.c:44:16:44:16 | 0 | 1 | 45 | 45 | | test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | >= | test.c:44:16:44:16 | 0 | 1 | 45 | 47 | -| test.c:44:12:44:16 | ... > ... | test.c:44:12:44:12 | z | >= | test.c:44:16:44:16 | 0 | 1 | 48 | 55 | | test.c:44:12:44:16 | ... > ... | test.c:44:16:44:16 | 0 | < | test.c:44:12:44:12 | z | 0 | 45 | 45 | | test.c:44:12:44:16 | ... > ... | test.c:44:16:44:16 | 0 | < | test.c:44:12:44:12 | z | 0 | 45 | 47 | -| test.c:44:12:44:16 | ... > ... | test.c:44:16:44:16 | 0 | < | test.c:44:12:44:12 | z | 0 | 48 | 55 | +| test.c:44:12:44:16 | ... > ... | test.c:44:16:44:16 | 0 | >= | test.c:44:12:44:12 | z | 0 | 42 | 42 | | test.c:44:12:44:16 | ... > ... | test.c:44:16:44:16 | 0 | >= | test.c:44:12:44:12 | z | 0 | 51 | 53 | -| test.c:45:16:45:20 | ... > ... | test.c:45:16:45:16 | y | < | test.c:45:20:45:20 | 0 | 1 | 48 | 55 | | test.c:45:16:45:20 | ... > ... | test.c:45:16:45:16 | y | >= | test.c:45:20:45:20 | 0 | 1 | 45 | 47 | | test.c:45:16:45:20 | ... > ... | test.c:45:20:45:20 | 0 | < | test.c:45:16:45:16 | y | 0 | 45 | 47 | -| test.c:45:16:45:20 | ... > ... | test.c:45:20:45:20 | 0 | >= | test.c:45:16:45:16 | y | 0 | 48 | 55 | | test.c:58:9:58:14 | ... == ... | test.c:58:9:58:9 | x | != | test.c:58:14:58:14 | 0 | 0 | 58 | 58 | | test.c:58:9:58:14 | ... == ... | test.c:58:9:58:9 | x | != | test.c:58:14:58:14 | 0 | 0 | 62 | 62 | | test.c:58:9:58:14 | ... == ... | test.c:58:14:58:14 | 0 | != | test.c:58:9:58:9 | x | 0 | 58 | 58 | @@ -154,7 +146,11 @@ | test.c:109:9:109:23 | ... \|\| ... | test.c:109:23:109:23 | 0 | < | test.c:109:19:109:19 | y | 1 | 113 | 113 | | test.c:109:19:109:23 | ... < ... | test.c:109:19:109:19 | y | >= | test.c:109:23:109:23 | 0 | 0 | 113 | 113 | | test.c:109:19:109:23 | ... < ... | test.c:109:23:109:23 | 0 | < | test.c:109:19:109:19 | y | 1 | 113 | 113 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | != | test.cpp:31:12:31:13 | - ... | 0 | 34 | 34 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | test.cpp:31:12:31:13 | - ... | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:7 | x | == | test.cpp:31:12:31:13 | - ... | 0 | 31 | 32 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | != | test.cpp:31:7:31:7 | x | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | != | test.cpp:31:7:31:7 | x | 0 | 34 | 34 | +| test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 30 | 30 | | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:12:31:13 | - ... | == | test.cpp:31:7:31:7 | x | 0 | 31 | 32 | From 50b7ab8448515aa3330da094acdde77c8a068acc Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 5 Dec 2023 17:11:44 +0100 Subject: [PATCH 18/31] C#: Add interpolated string handler attributes to generated stubs --- .../StubVisitor.cs | 18 ++++++++---- .../Microsoft.NETCore.App/System.Memory.cs | 5 ++-- .../Microsoft.NETCore.App/System.Runtime.cs | 28 +++++++++++-------- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/StubVisitor.cs b/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/StubVisitor.cs index a9bd82d2617..57a1c823fc1 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/StubVisitor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp.StubGenerator/StubVisitor.cs @@ -203,10 +203,12 @@ internal sealed class StubVisitor : SymbolVisitor private static readonly HashSet attributeAllowList = new() { "System.FlagsAttribute", - "System.AttributeUsageAttribute" + "System.AttributeUsageAttribute", + "System.Runtime.CompilerServices.InterpolatedStringHandlerAttribute", + "System.Runtime.CompilerServices.InterpolatedStringHandlerArgumentAttribute", }; - private void StubAttribute(AttributeData a, string prefix) + private void StubAttribute(AttributeData a, string prefix, bool addNewLine) { if (a.AttributeClass is not INamedTypeSymbol @class) return; @@ -232,14 +234,18 @@ internal sealed class StubVisitor : SymbolVisitor }); stubWriter.Write(")"); } - stubWriter.WriteLine("]"); + stubWriter.Write("]"); + if (addNewLine) + { + stubWriter.WriteLine(); + } } - public void StubAttributes(IEnumerable a, string prefix = "") + public void StubAttributes(IEnumerable a, string prefix = "", bool addNewLine = true) { foreach (var attribute in a) { - StubAttribute(attribute, prefix); + StubAttribute(attribute, prefix, addNewLine); } } @@ -513,6 +519,8 @@ internal sealed class StubVisitor : SymbolVisitor { WriteCommaSep(parameters, parameter => { + StubAttributes(parameter.GetAttributes(), addNewLine: false); + switch (parameter.RefKind) { case RefKind.None: diff --git a/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Memory.cs b/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Memory.cs index 1c74d23a818..e43408de36f 100644 --- a/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Memory.cs +++ b/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Memory.cs @@ -436,8 +436,9 @@ namespace System public static System.ReadOnlySpan TrimStart(this System.ReadOnlySpan span, T trimElement) where T : System.IEquatable => throw null; public static System.Span TrimStart(this System.Span span, System.ReadOnlySpan trimElements) where T : System.IEquatable => throw null; public static System.Span TrimStart(this System.Span span, T trimElement) where T : System.IEquatable => throw null; - public static bool TryWrite(this System.Span destination, ref System.MemoryExtensions.TryWriteInterpolatedStringHandler handler, out int charsWritten) => throw null; - public static bool TryWrite(this System.Span destination, System.IFormatProvider provider, ref System.MemoryExtensions.TryWriteInterpolatedStringHandler handler, out int charsWritten) => throw null; + public static bool TryWrite(this System.Span destination, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("destination")] ref System.MemoryExtensions.TryWriteInterpolatedStringHandler handler, out int charsWritten) => throw null; + public static bool TryWrite(this System.Span destination, System.IFormatProvider provider, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument(new[] { "destination", "provider" })] ref System.MemoryExtensions.TryWriteInterpolatedStringHandler handler, out int charsWritten) => throw null; + [System.Runtime.CompilerServices.InterpolatedStringHandler] public struct TryWriteInterpolatedStringHandler { public bool AppendFormatted(System.ReadOnlySpan value) => throw null; diff --git a/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Runtime.cs b/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Runtime.cs index d399e0ae98e..59642cd816b 100644 --- a/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Runtime.cs +++ b/csharp/ql/test/resources/stubs/_frameworks/Microsoft.NETCore.App/System.Runtime.cs @@ -2697,11 +2697,12 @@ namespace System public static class Debug { public static void Assert(bool condition) => throw null; - public static void Assert(bool condition, ref System.Diagnostics.Debug.AssertInterpolatedStringHandler message) => throw null; - public static void Assert(bool condition, ref System.Diagnostics.Debug.AssertInterpolatedStringHandler message, ref System.Diagnostics.Debug.AssertInterpolatedStringHandler detailMessage) => throw null; + public static void Assert(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.AssertInterpolatedStringHandler message) => throw null; + public static void Assert(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.AssertInterpolatedStringHandler message, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.AssertInterpolatedStringHandler detailMessage) => throw null; public static void Assert(bool condition, string message) => throw null; public static void Assert(bool condition, string message, string detailMessage) => throw null; public static void Assert(bool condition, string message, string detailMessageFormat, params object[] args) => throw null; + [System.Runtime.CompilerServices.InterpolatedStringHandler] public struct AssertInterpolatedStringHandler { public void AppendFormatted(object value, int alignment = default(int), string format = default(string)) => throw null; @@ -2731,12 +2732,13 @@ namespace System public static void Write(object value, string category) => throw null; public static void Write(string message) => throw null; public static void Write(string message, string category) => throw null; - public static void WriteIf(bool condition, ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message) => throw null; - public static void WriteIf(bool condition, ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message, string category) => throw null; + public static void WriteIf(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message) => throw null; + public static void WriteIf(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message, string category) => throw null; public static void WriteIf(bool condition, object value) => throw null; public static void WriteIf(bool condition, object value, string category) => throw null; public static void WriteIf(bool condition, string message) => throw null; public static void WriteIf(bool condition, string message, string category) => throw null; + [System.Runtime.CompilerServices.InterpolatedStringHandler] public struct WriteIfInterpolatedStringHandler { public void AppendFormatted(object value, int alignment = default(int), string format = default(string)) => throw null; @@ -2756,8 +2758,8 @@ namespace System public static void WriteLine(string message) => throw null; public static void WriteLine(string format, params object[] args) => throw null; public static void WriteLine(string message, string category) => throw null; - public static void WriteLineIf(bool condition, ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message) => throw null; - public static void WriteLineIf(bool condition, ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message, string category) => throw null; + public static void WriteLineIf(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message) => throw null; + public static void WriteLineIf(bool condition, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("condition")] ref System.Diagnostics.Debug.WriteIfInterpolatedStringHandler message, string category) => throw null; public static void WriteLineIf(bool condition, object value) => throw null; public static void WriteLineIf(bool condition, object value, string category) => throw null; public static void WriteLineIf(bool condition, string message) => throw null; @@ -9036,6 +9038,7 @@ namespace System public DefaultDependencyAttribute(System.Runtime.CompilerServices.LoadHint loadHintArgument) => throw null; public System.Runtime.CompilerServices.LoadHint LoadHint { get => throw null; } } + [System.Runtime.CompilerServices.InterpolatedStringHandler] public struct DefaultInterpolatedStringHandler { public void AppendFormatted(object value, int alignment = default(int), string format = default(string)) => throw null; @@ -10876,8 +10879,8 @@ namespace System public static string Copy(string str) => throw null; public void CopyTo(int sourceIndex, char[] destination, int destinationIndex, int count) => throw null; public void CopyTo(System.Span destination) => throw null; - public static string Create(System.IFormatProvider provider, ref System.Runtime.CompilerServices.DefaultInterpolatedStringHandler handler) => throw null; - public static string Create(System.IFormatProvider provider, System.Span initialBuffer, ref System.Runtime.CompilerServices.DefaultInterpolatedStringHandler handler) => throw null; + public static string Create(System.IFormatProvider provider, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("provider")] ref System.Runtime.CompilerServices.DefaultInterpolatedStringHandler handler) => throw null; + public static string Create(System.IFormatProvider provider, System.Span initialBuffer, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument(new[] { "provider", "initialBuffer" })] ref System.Runtime.CompilerServices.DefaultInterpolatedStringHandler handler) => throw null; public static string Create(int length, TState state, System.Buffers.SpanAction action) => throw null; public unsafe String(char* value) => throw null; public unsafe String(char* value, int startIndex, int length) => throw null; @@ -11419,7 +11422,7 @@ namespace System public System.Text.StringBuilder Append(char[] value, int startIndex, int charCount) => throw null; public System.Text.StringBuilder Append(decimal value) => throw null; public System.Text.StringBuilder Append(double value) => throw null; - public System.Text.StringBuilder Append(System.IFormatProvider provider, ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; + public System.Text.StringBuilder Append(System.IFormatProvider provider, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument(new[] { "", "provider" })] ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; public System.Text.StringBuilder Append(short value) => throw null; public System.Text.StringBuilder Append(int value) => throw null; public System.Text.StringBuilder Append(long value) => throw null; @@ -11432,7 +11435,7 @@ namespace System public System.Text.StringBuilder Append(string value, int startIndex, int count) => throw null; public System.Text.StringBuilder Append(System.Text.StringBuilder value) => throw null; public System.Text.StringBuilder Append(System.Text.StringBuilder value, int startIndex, int count) => throw null; - public System.Text.StringBuilder Append(ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; + public System.Text.StringBuilder Append([System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("")] ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; public System.Text.StringBuilder Append(ushort value) => throw null; public System.Text.StringBuilder Append(uint value) => throw null; public System.Text.StringBuilder Append(ulong value) => throw null; @@ -11444,6 +11447,7 @@ namespace System public System.Text.StringBuilder AppendFormat(string format, object arg0, object arg1) => throw null; public System.Text.StringBuilder AppendFormat(string format, object arg0, object arg1, object arg2) => throw null; public System.Text.StringBuilder AppendFormat(string format, params object[] args) => throw null; + [System.Runtime.CompilerServices.InterpolatedStringHandler] public struct AppendInterpolatedStringHandler { public void AppendFormatted(object value, int alignment = default(int), string format = default(string)) => throw null; @@ -11466,9 +11470,9 @@ namespace System public System.Text.StringBuilder AppendJoin(char separator, System.Collections.Generic.IEnumerable values) => throw null; public System.Text.StringBuilder AppendJoin(string separator, System.Collections.Generic.IEnumerable values) => throw null; public System.Text.StringBuilder AppendLine() => throw null; - public System.Text.StringBuilder AppendLine(System.IFormatProvider provider, ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; + public System.Text.StringBuilder AppendLine(System.IFormatProvider provider, [System.Runtime.CompilerServices.InterpolatedStringHandlerArgument(new[] { "", "provider" })] ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; public System.Text.StringBuilder AppendLine(string value) => throw null; - public System.Text.StringBuilder AppendLine(ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; + public System.Text.StringBuilder AppendLine([System.Runtime.CompilerServices.InterpolatedStringHandlerArgument("")] ref System.Text.StringBuilder.AppendInterpolatedStringHandler handler) => throw null; public int Capacity { get => throw null; set { } } public struct ChunkEnumerator { From a705f6dc0dd598141b4daa713eefc4e7bf75a383 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Wed, 6 Dec 2023 15:54:30 +0100 Subject: [PATCH 19/31] C#: Change `StringBuilder` flow models to not use `Element` access path --- csharp/ql/lib/ext/System.Text.model.yml | 81 +++++++++---------- .../internal/TaintTrackingPrivate.qll | 8 +- 2 files changed, 47 insertions(+), 42 deletions(-) diff --git a/csharp/ql/lib/ext/System.Text.model.yml b/csharp/ql/lib/ext/System.Text.model.yml index 17ceac37a11..c36c3359ab4 100644 --- a/csharp/ql/lib/ext/System.Text.model.yml +++ b/csharp/ql/lib/ext/System.Text.model.yml @@ -25,81 +25,80 @@ extensions: - ["System.Text", "StringBuilder", False, "Append", "(System.Char)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Char*,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Char,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.Char[])", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Char[])", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Char[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Char[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Decimal)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Double)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Int16)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Int64)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.ReadOnlyMemory)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.SByte)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Single)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.String)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.String)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.String,System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder,System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt16)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt64)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[2]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[2]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[3]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[3]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[2]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[3]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[4]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[3]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[4]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object,System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object[])", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object[])", "", "Argument[2].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object[])", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object[])", "", "Argument[2].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[2]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[1]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[2]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[3]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[3]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object,System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object[])", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object[])", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object[])", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object[])", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.String,System.Object[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Object[])", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Object[])", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Object[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.String[])", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.String[])", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.String[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Object[])", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Object[])", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Object[])", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Object[])", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Object[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.String[])", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.String[])", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.String[])", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.String[])", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.String[])", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.Char,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Collections.Generic.IEnumerable)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Collections.Generic.IEnumerable)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Collections.Generic.IEnumerable)", "", "Argument[1].Element", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendJoin", "(System.String,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "()", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"] - - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] - - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this].Element", "value", "manual"] + - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "ToString", "()", "", "Argument[this].Element", "ReturnValue", "taint", "manual"] - ["System.Text", "StringBuilder", False, "ToString", "(System.Int32,System.Int32)", "", "Argument[this].Element", "ReturnValue", "taint", "manual"] diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index d7e2444c7d5..d62f66ac3f6 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -18,7 +18,13 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote * Holds if `node` should be a sanitizer in all global taint flow configurations * but not in local taint. */ -predicate defaultTaintSanitizer(DataFlow::Node node) { none() } +predicate defaultTaintSanitizer(DataFlow::Node node) { + exists(MethodCall mc | + mc.getTarget().hasFullyQualifiedName("System.Text.StringBuilder", "Clear") + | + node.asExpr() = mc.getQualifier() + ) +} /** * Holds if default `TaintTracking::Configuration`s should allow implicit reads From eeabb8197311c474e12da85054ae9538950db97d Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Wed, 6 Dec 2023 16:00:43 +0100 Subject: [PATCH 20/31] Adjust expected test files --- .../global/TaintTrackingPath.expected | 16 ++-- .../dataflow/library/FlowSummaries.expected | 81 +++++++++---------- .../library/FlowSummariesFiltered.expected | 81 +++++++++---------- .../CWE-079/XSSAsp/XSS.expected | 22 ++--- .../CWE-338/InsecureRandomness.expected | 10 +-- 5 files changed, 104 insertions(+), 106 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index dec8a134712..1b492d183bc 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -268,11 +268,11 @@ edges | GlobalDataFlow.cs:427:9:427:11 | value : String | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | | GlobalDataFlow.cs:446:64:446:64 | s : String | GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | -| GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder [element] : String | -| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder [element] : String | GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder [element] : String | +| GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | +| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | | GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:446:64:446:64 | s : String | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder [element] : String | -| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder [element] : String | GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | +| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | | GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | | GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | | GlobalDataFlow.cs:465:51:465:64 | "taint source" : String | GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | @@ -592,11 +592,11 @@ nodes | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | semmle.label | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | semmle.label | "taint source" : String | | GlobalDataFlow.cs:446:64:446:64 | s : String | semmle.label | s : String | -| GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder [element] : String | semmle.label | [post] access to parameter sb : StringBuilder [element] : String | +| GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | | GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | semmle.label | access to parameter s : String | -| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder [element] : String | semmle.label | [post] access to local variable sb : StringBuilder [element] : String | +| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | | GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder [element] : String | semmle.label | access to local variable sb : StringBuilder [element] : String | +| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | | GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | semmle.label | call to method ToString : String | | GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | semmle.label | access to local variable sink43 | | GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | semmle.label | call to method Join : String | @@ -707,7 +707,7 @@ subpaths | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:300:27:300:28 | x0 : String | GlobalDataFlow.cs:300:33:300:34 | access to parameter x0 : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:446:64:446:64 | s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder [element] : String | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder [element] : String | +| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:446:64:446:64 | s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | | GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 7d03a8c2c67..92d6b62b8ca 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -12779,9 +12779,9 @@ summary | System.Text;StringBuilder;false;Append;(System.Char);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Char*,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Char,System.Int32);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[0].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[0].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[0].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | @@ -12789,15 +12789,15 @@ summary | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Object);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Object);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Object);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.ReadOnlyMemory);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.ReadOnlySpan);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.SByte);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Single);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.String);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | @@ -12805,57 +12805,56 @@ summary | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt64);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[2];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[2];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[4];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[4];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[2].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[2].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[1];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[1];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | -| System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | -| System.Text;StringBuilder;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated | @@ -12882,9 +12881,9 @@ summary | System.Text;StringBuilder;false;Replace;(System.Char,System.Char,System.Int32,System.Int32);;Argument[this];ReturnValue;value;df-generated | | System.Text;StringBuilder;false;Replace;(System.String,System.String);;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;Replace;(System.String,System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;df-generated | -| System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;ToString;();;Argument[this].Element;ReturnValue;taint;manual | | System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this].Element;ReturnValue;taint;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 6fbe5f9af58..d01acad4af6 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -10893,9 +10893,9 @@ summary | System.Text;StringBuilder;false;Append;(System.Char);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Char*,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Char,System.Int32);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[0].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[0].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[0].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | @@ -10903,15 +10903,15 @@ summary | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Object);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.Object);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Object);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.ReadOnlyMemory);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.ReadOnlySpan);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.SByte);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Single);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.String);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | @@ -10919,57 +10919,56 @@ summary | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt64);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[2];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[2];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[4];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[4];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[2].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[2].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[1];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[1];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[2];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[3];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | -| System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | -| System.Text;StringBuilder;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated | @@ -10996,9 +10995,9 @@ summary | System.Text;StringBuilder;false;Replace;(System.Char,System.Char,System.Int32,System.Int32);;Argument[this];ReturnValue;value;df-generated | | System.Text;StringBuilder;false;Replace;(System.String,System.String);;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;Replace;(System.String,System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;df-generated | -| System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this].Element;value;manual | -| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this].Element;value;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;ToString;();;Argument[this].Element;ReturnValue;taint;manual | | System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this].Element;ReturnValue;taint;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this];ReturnValue;value;df-generated | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index 4b1440cee4a..941b4b359a9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -1,12 +1,12 @@ edges -| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder [element] : String | XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder [element] : String | -| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder [element] : String | XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder [element] : String | -| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder [element] : String | XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder [element] : String | +| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | +| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | +| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | -| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder [element] : String | -| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder [element] : String | XSS.cs:26:32:26:51 | call to method ToString | -| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder [element] : String | XSS.cs:27:29:27:48 | call to method ToString | -| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder [element] : String | XSS.cs:28:26:28:45 | call to method ToString | +| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | +| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | +| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | +| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:38:36:38:39 | access to local variable name | | XSS.cs:37:27:37:61 | access to indexer : String | XSS.cs:38:36:38:39 | access to local variable name | @@ -29,14 +29,14 @@ edges | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | nodes -| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder [element] : String | semmle.label | [post] access to local variable userInput : StringBuilder [element] : String | +| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | semmle.label | [post] access to local variable userInput : StringBuilder | | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox | | XSS.cs:25:48:25:67 | access to property Text : String | semmle.label | access to property Text : String | -| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder [element] : String | semmle.label | access to local variable userInput : StringBuilder [element] : String | +| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | semmle.label | access to local variable userInput : StringBuilder | | XSS.cs:26:32:26:51 | call to method ToString | semmle.label | call to method ToString | -| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder [element] : String | semmle.label | access to local variable userInput : StringBuilder [element] : String | +| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | semmle.label | access to local variable userInput : StringBuilder | | XSS.cs:27:29:27:48 | call to method ToString | semmle.label | call to method ToString | -| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder [element] : String | semmle.label | access to local variable userInput : StringBuilder [element] : String | +| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | semmle.label | access to local variable userInput : StringBuilder | | XSS.cs:28:26:28:45 | call to method ToString | semmle.label | call to method ToString | | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | XSS.cs:37:27:37:61 | access to indexer : String | semmle.label | access to indexer : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected index fa510ff2498..20312f4c17b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected @@ -2,10 +2,10 @@ edges | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | -| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder [element] : String | InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder [element] : String | -| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder [element] : String | +| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | +| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | | InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | -| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder [element] : String | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | +| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | | InsecureRandomness.cs:60:23:60:40 | access to array element : String | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | @@ -21,10 +21,10 @@ nodes | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | semmle.label | [post] access to local variable data : Byte[] [element] : Byte | | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | semmle.label | (...) ... : Byte | | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | semmle.label | call to method Next : Int32 | -| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder [element] : String | semmle.label | [post] access to local variable result : StringBuilder [element] : String | +| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | semmle.label | [post] access to local variable result : StringBuilder | | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | semmle.label | call to method GetString : String | | InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | semmle.label | access to local variable data : Byte[] [element] : Byte | -| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder [element] : String | semmle.label | access to local variable result : StringBuilder [element] : String | +| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | semmle.label | access to local variable result : StringBuilder | | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | semmle.label | call to method ToString : String | | InsecureRandomness.cs:60:23:60:40 | access to array element : String | semmle.label | access to array element : String | | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | semmle.label | call to method Next : Int32 | From af1da1e9ae834fabe5b4817437e6a2d24d342143 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Wed, 6 Dec 2023 18:08:39 +0100 Subject: [PATCH 21/31] C++: Also support the `__noreturn__` attribute in `exits` Observed this attribute while working on coding standards test regression when replacing Guards by IRGuards. --- cpp/ql/lib/DefaultOptions.qll | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/DefaultOptions.qll b/cpp/ql/lib/DefaultOptions.qll index 5b46e0cd4a3..dd6fe38e792 100644 --- a/cpp/ql/lib/DefaultOptions.qll +++ b/cpp/ql/lib/DefaultOptions.qll @@ -52,12 +52,13 @@ class Options extends string { /** * Holds if a call to this function will never return. * - * By default, this holds for `exit`, `_exit`, `abort`, `__assert_fail`, - * `longjmp`, `__builtin_unreachable` and any function with a - * `noreturn` attribute or specifier. + * By default, this holds for `exit`, `_exit`, `_Exit`, `abort`, + * `__assert_fail`, `longjmp`, `__builtin_unreachable` and any + * function with a `noreturn` or `__noreturn__` attribute or + * `noreturn` specifier. */ predicate exits(Function f) { - f.getAnAttribute().hasName("noreturn") + f.getAnAttribute().hasName(["noreturn", "__noreturn__"]) or f.getASpecifier().hasName("noreturn") or From 669a0c68275e128914f559a603b9c7ca3ccf9f20 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 09:20:33 +0100 Subject: [PATCH 22/31] Fix `StringBuilder.ToString` summaries --- csharp/ql/lib/ext/System.Text.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/ext/System.Text.model.yml b/csharp/ql/lib/ext/System.Text.model.yml index c36c3359ab4..979caeda5b3 100644 --- a/csharp/ql/lib/ext/System.Text.model.yml +++ b/csharp/ql/lib/ext/System.Text.model.yml @@ -100,5 +100,5 @@ extensions: - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["System.Text", "StringBuilder", False, "ToString", "()", "", "Argument[this].Element", "ReturnValue", "taint", "manual"] - - ["System.Text", "StringBuilder", False, "ToString", "(System.Int32,System.Int32)", "", "Argument[this].Element", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "ToString", "(System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"] From c1db689f2f4051a270d89814978621dc5351cad6 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 09:59:33 +0100 Subject: [PATCH 23/31] Fix expected test results --- .../library-tests/dataflow/library/FlowSummaries.expected | 4 ++-- .../dataflow/library/FlowSummariesFiltered.expected | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 92d6b62b8ca..89cf3684691 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -12884,8 +12884,8 @@ summary | System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;ToString;();;Argument[this].Element;ReturnValue;taint;manual | -| System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this].Element;ReturnValue;taint;manual | +| System.Text;StringBuilder;false;ToString;();;Argument[this];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this];ReturnValue;value;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index d01acad4af6..647edc00f6a 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -10998,8 +10998,8 @@ summary | System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;ToString;();;Argument[this].Element;ReturnValue;taint;manual | -| System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this].Element;ReturnValue;taint;manual | +| System.Text;StringBuilder;false;ToString;();;Argument[this];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual | | System.Text;StringRuneEnumerator;false;GetEnumerator;();;Argument[this];ReturnValue;value;df-generated | | System.Text;StringRuneEnumerator;false;get_Current;();;Argument[this];ReturnValue;taint;df-generated | | System.Threading.Channels;Channel;false;CreateBounded;(System.Threading.Channels.BoundedChannelOptions,System.Action);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | From 9f24b026fb153df106d6739e204e765768d372c9 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 08:49:02 +0100 Subject: [PATCH 24/31] C#: Move `StringBuilder` dataflow tests to separate file --- .../dataflow/global/DataFlow.expected | 28 +- .../dataflow/global/DataFlowPath.expected | 268 +++++++-------- .../dataflow/global/GetAnOutNode.expected | 46 +-- .../dataflow/global/GlobalDataFlow.cs | 17 - .../global/GlobalDataFlowStringBuilder.cs | 33 ++ .../dataflow/global/TaintTracking.expected | 32 +- .../global/TaintTrackingPath.expected | 314 +++++++++--------- 7 files changed, 377 insertions(+), 361 deletions(-) create mode 100644 csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlow.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlow.expected index d4eafc621f1..c57da19dc66 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlow.expected @@ -51,21 +51,21 @@ | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | | GlobalDataFlow.cs:404:15:404:20 | access to local variable sink11 | | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | | GlobalDataFlow.cs:533:15:533:21 | access to field field | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected index 767e66301ce..00d45708afc 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected @@ -129,7 +129,7 @@ edges | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | -| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | +| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | | GlobalDataFlow.cs:81:57:81:65 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | | GlobalDataFlow.cs:81:59:81:63 | access to local variable sink3 : String | GlobalDataFlow.cs:81:57:81:65 | { ..., ... } : null [element] : String | | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | @@ -250,63 +250,63 @@ edges | GlobalDataFlow.cs:405:16:405:21 | access to local variable sink11 : String | GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | | GlobalDataFlow.cs:427:9:427:11 | value : String | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | -| GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | -| GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | -| GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | -| GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | -| GlobalDataFlow.cs:483:53:483:55 | arg : String | GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | -| GlobalDataFlow.cs:486:21:486:21 | s : String | GlobalDataFlow.cs:486:32:486:32 | access to parameter s | -| GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | GlobalDataFlow.cs:486:21:486:21 | s : String | -| GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | GlobalDataFlow.cs:483:53:483:55 | arg : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:508:15:508:22 | access to field field | -| GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:22 | access to field field | -| GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:515:15:515:22 | access to field field | -| GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:22 | access to field field | -| GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:22 | access to field field | -| GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:526:15:526:21 | access to field field | -| GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | -| GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:534:15:534:21 | access to field field | -| GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:548:15:548:21 | access to field field | -| GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:549:15:549:21 | access to field field | -| GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:550:15:550:21 | access to field field | -| GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:556:15:556:22 | access to field field | -| GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:564:15:564:21 | access to field field | -| GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | -| GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | -| GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | +| GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | +| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | +| GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | +| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | +| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | +| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | +| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | +| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | +| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | +| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | +| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | +| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | +| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | +| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | +| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | +| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | +| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | +| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | +| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | +| GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | +| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | @@ -548,66 +548,66 @@ nodes | GlobalDataFlow.cs:427:9:427:11 | value : String | semmle.label | value : String | | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | semmle.label | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | semmle.label | call to method Run : Task [property Result] : String | -| GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | semmle.label | access to local variable task : Task [property Result] : String | -| GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | semmle.label | call to method GetResult : String | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | semmle.label | access to local variable sink45 | -| GlobalDataFlow.cs:483:53:483:55 | arg : String | semmle.label | arg : String | -| GlobalDataFlow.cs:486:21:486:21 | s : String | semmle.label | s : String | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | semmle.label | access to parameter s | -| GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | semmle.label | access to parameter arg : String | -| GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | semmle.label | call to method Run : Task [property Result] : String | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | semmle.label | access to local variable task : Task [property Result] : String | +| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | semmle.label | call to method GetResult : String | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | semmle.label | access to local variable sink45 | +| GlobalDataFlow.cs:466:53:466:55 | arg : String | semmle.label | arg : String | +| GlobalDataFlow.cs:469:21:469:21 | s : String | semmle.label | s : String | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | semmle.label | access to parameter s | +| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | semmle.label | access to parameter arg : String | +| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | | GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | semmle.label | e : null [element] : String | -| GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | semmle.label | SSA def(x) : String | -| GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | semmle.label | access to parameter e : null [element] : String | -| GlobalDataFlow.cs:575:44:575:47 | delegate call : String | semmle.label | delegate call : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | semmle.label | access to local variable x : String | +| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String | +| GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | semmle.label | SSA def(x) : String | +| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | semmle.label | access to parameter e : null [element] : String | +| GlobalDataFlow.cs:558:44:558:47 | delegate call : String | semmle.label | delegate call : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | semmle.label | access to local variable x : String | | Splitting.cs:3:28:3:34 | tainted : String | semmle.label | tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | semmle.label | [b (line 3): false] call to method Return : String | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | semmle.label | [b (line 3): true] call to method Return : String | @@ -645,7 +645,7 @@ subpaths | GlobalDataFlow.cs:73:94:73:98 | access to local variable sink0 : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:73:29:73:101 | call to method Invoke : String | | GlobalDataFlow.cs:76:19:76:23 | access to local variable sink1 : String | GlobalDataFlow.cs:304:32:304:32 | x : String | GlobalDataFlow.cs:306:9:306:13 | SSA def(y) : String | GlobalDataFlow.cs:76:30:76:34 | SSA def(sink2) : String | | GlobalDataFlow.cs:79:19:79:23 | access to local variable sink2 : String | GlobalDataFlow.cs:310:32:310:32 | x : String | GlobalDataFlow.cs:312:9:312:13 | SSA def(y) : String | GlobalDataFlow.cs:79:30:79:34 | SSA def(sink3) : String | -| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | +| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | | GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | GlobalDataFlow.cs:387:46:387:46 | x : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc : String | | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | GlobalDataFlow.cs:138:40:138:40 | x : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc : String | GlobalDataFlow.cs:139:21:139:34 | delegate call : String | | GlobalDataFlow.cs:147:39:147:43 | access to local variable sink4 : String | GlobalDataFlow.cs:387:46:387:46 | x : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | GlobalDataFlow.cs:147:21:147:44 | call to method ApplyFunc : String | @@ -653,7 +653,7 @@ subpaths | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:300:27:300:28 | x0 : String | GlobalDataFlow.cs:300:33:300:34 | access to parameter x0 : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | | Splitting.cs:20:29:20:29 | access to parameter s : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:20:22:20:30 | call to method Return : String | @@ -666,19 +666,19 @@ subpaths | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | [b (line 3): true] access to local variable x | | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | GlobalDataFlow.cs:18:27:18:40 | "taint source" : String | GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 | access to field SinkField0 | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:508:15:508:22 | access to field field | access to field field | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:509:15:509:22 | access to field field | access to field field | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:515:15:515:22 | access to field field | access to field field | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:516:15:516:22 | access to field field | access to field field | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:517:15:517:22 | access to field field | access to field field | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:526:15:526:21 | access to field field | access to field field | -| GlobalDataFlow.cs:533:15:533:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | access to field field | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:534:15:534:21 | access to field field | access to field field | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:548:15:548:21 | access to field field | access to field field | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:549:15:549:21 | access to field field | access to field field | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:550:15:550:21 | access to field field | access to field field | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:556:15:556:22 | access to field field | access to field field | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:564:15:564:21 | access to field field | access to field field | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | access to field field | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | access to field field | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | access to field field | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | access to field field | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | access to field field | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | access to field field | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | access to field field | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | access to field field | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | access to field field | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | access to field field | +| GlobalDataFlow.cs:533:15:533:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | access to field field | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | access to field field | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | access to field field | | Splitting.cs:41:19:41:19 | access to local variable s | Splitting.cs:39:21:39:34 | [b (line 37): true] "taint source" : String | Splitting.cs:41:19:41:19 | access to local variable s | access to local variable s | | Splitting.cs:50:19:50:19 | access to local variable s | Splitting.cs:48:36:48:49 | "taint source" : String | Splitting.cs:50:19:50:19 | access to local variable s | access to local variable s | | Splitting.cs:52:19:52:19 | access to local variable s | Splitting.cs:48:36:48:49 | "taint source" : String | Splitting.cs:52:19:52:19 | access to local variable s | access to local variable s | @@ -715,7 +715,7 @@ subpaths | Capture.cs:122:15:122:20 | access to local variable sink40 | Capture.cs:115:26:115:39 | "taint source" : String | Capture.cs:122:15:122:20 | access to local variable sink40 | access to local variable sink40 | | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | access to local variable sink41 | | GlobalDataFlow.cs:245:15:245:20 | access to local variable sink42 | GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:245:15:245:20 | access to local variable sink42 | access to local variable sink42 | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | access to local variable sink45 | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | access to local variable sink45 | | GlobalDataFlow.cs:148:15:148:19 | access to local variable sink5 | GlobalDataFlow.cs:18:27:18:40 | "taint source" : String | GlobalDataFlow.cs:148:15:148:19 | access to local variable sink5 | access to local variable sink5 | | GlobalDataFlow.cs:158:15:158:19 | access to local variable sink6 | GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:158:15:158:19 | access to local variable sink6 | access to local variable sink6 | | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | GlobalDataFlow.cs:346:13:346:26 | "taint source" : String | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | access to local variable sink7 | @@ -723,7 +723,7 @@ subpaths | GlobalDataFlow.cs:185:15:185:19 | access to local variable sink9 | GlobalDataFlow.cs:183:35:183:48 | "taint source" : String | GlobalDataFlow.cs:185:15:185:19 | access to local variable sink9 | access to local variable sink9 | | Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x | | Splitting.cs:34:19:34:19 | access to local variable x | Splitting.cs:24:28:24:34 | tainted : String | Splitting.cs:34:19:34:19 | access to local variable x | access to local variable x | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | GlobalDataFlow.cs:486:32:486:32 | access to parameter s | access to parameter s | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | access to parameter s | | Capture.cs:57:27:57:32 | access to parameter sink39 | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:57:27:57:32 | access to parameter sink39 | access to parameter sink39 | | GlobalDataFlow.cs:260:15:260:24 | access to parameter sinkParam0 | GlobalDataFlow.cs:18:27:18:40 | "taint source" : String | GlobalDataFlow.cs:260:15:260:24 | access to parameter sinkParam0 | access to parameter sinkParam0 | | GlobalDataFlow.cs:265:15:265:24 | access to parameter sinkParam1 | GlobalDataFlow.cs:18:27:18:40 | "taint source" : String | GlobalDataFlow.cs:265:15:265:24 | access to parameter sinkParam1 | access to parameter sinkParam1 | diff --git a/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected b/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected index c5ec637c38f..503b28538f0 100644 --- a/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected +++ b/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected @@ -147,29 +147,29 @@ | GlobalDataFlow.cs:249:24:249:34 | access to property Result | normal | GlobalDataFlow.cs:249:24:249:34 | access to property Result | | GlobalDataFlow.cs:300:17:300:38 | call to method ApplyFunc | normal | GlobalDataFlow.cs:300:17:300:38 | call to method ApplyFunc | | GlobalDataFlow.cs:389:16:389:19 | delegate call | normal | GlobalDataFlow.cs:389:16:389:19 | delegate call | -| GlobalDataFlow.cs:448:9:448:20 | call to method Append | normal | GlobalDataFlow.cs:448:9:448:20 | call to method Append | -| GlobalDataFlow.cs:453:18:453:36 | object creation of type StringBuilder | normal | GlobalDataFlow.cs:453:18:453:36 | object creation of type StringBuilder | -| GlobalDataFlow.cs:455:22:455:34 | call to method ToString | normal | GlobalDataFlow.cs:455:22:455:34 | call to method ToString | -| GlobalDataFlow.cs:458:9:458:18 | call to method Clear | normal | GlobalDataFlow.cs:458:9:458:18 | call to method Clear | -| GlobalDataFlow.cs:459:23:459:35 | call to method ToString | normal | GlobalDataFlow.cs:459:23:459:35 | call to method ToString | -| GlobalDataFlow.cs:465:22:465:65 | call to method Join | normal | GlobalDataFlow.cs:465:22:465:65 | call to method Join | -| GlobalDataFlow.cs:468:23:468:65 | call to method Join | normal | GlobalDataFlow.cs:468:23:468:65 | call to method Join | -| GlobalDataFlow.cs:474:20:474:49 | call to method Run | normal | GlobalDataFlow.cs:474:20:474:49 | call to method Run | -| GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait | normal | GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait | -| GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter | normal | GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter | -| GlobalDataFlow.cs:477:22:477:40 | call to method GetResult | normal | GlobalDataFlow.cs:477:22:477:40 | call to method GetResult | -| GlobalDataFlow.cs:505:18:505:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:505:18:505:34 | object creation of type SimpleClass | -| GlobalDataFlow.cs:506:18:506:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:506:18:506:34 | object creation of type SimpleClass | -| GlobalDataFlow.cs:511:18:511:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:511:18:511:34 | object creation of type SimpleClass | -| GlobalDataFlow.cs:512:18:512:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:512:18:512:34 | object creation of type SimpleClass | -| GlobalDataFlow.cs:513:18:513:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:513:18:513:34 | object creation of type SimpleClass | -| GlobalDataFlow.cs:524:17:524:36 | object creation of type SubSimpleClass | normal | GlobalDataFlow.cs:524:17:524:36 | object creation of type SubSimpleClass | -| GlobalDataFlow.cs:531:17:531:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:531:17:531:33 | object creation of type SimpleClass | -| GlobalDataFlow.cs:539:17:539:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:539:17:539:33 | object creation of type SimpleClass | -| GlobalDataFlow.cs:540:17:540:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:540:17:540:33 | object creation of type SimpleClass | -| GlobalDataFlow.cs:541:17:541:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:541:17:541:33 | object creation of type SimpleClass | -| GlobalDataFlow.cs:562:17:562:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:562:17:562:33 | object creation of type SimpleClass | -| GlobalDataFlow.cs:575:44:575:47 | delegate call | normal | GlobalDataFlow.cs:575:44:575:47 | delegate call | +| GlobalDataFlow.cs:448:22:448:65 | call to method Join | normal | GlobalDataFlow.cs:448:22:448:65 | call to method Join | +| GlobalDataFlow.cs:451:23:451:65 | call to method Join | normal | GlobalDataFlow.cs:451:23:451:65 | call to method Join | +| GlobalDataFlow.cs:457:20:457:49 | call to method Run | normal | GlobalDataFlow.cs:457:20:457:49 | call to method Run | +| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait | normal | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait | +| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter | normal | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter | +| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult | normal | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult | +| GlobalDataFlow.cs:488:18:488:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:488:18:488:34 | object creation of type SimpleClass | +| GlobalDataFlow.cs:489:18:489:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:489:18:489:34 | object creation of type SimpleClass | +| GlobalDataFlow.cs:494:18:494:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:494:18:494:34 | object creation of type SimpleClass | +| GlobalDataFlow.cs:495:18:495:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:495:18:495:34 | object creation of type SimpleClass | +| GlobalDataFlow.cs:496:18:496:34 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:496:18:496:34 | object creation of type SimpleClass | +| GlobalDataFlow.cs:507:17:507:36 | object creation of type SubSimpleClass | normal | GlobalDataFlow.cs:507:17:507:36 | object creation of type SubSimpleClass | +| GlobalDataFlow.cs:514:17:514:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:514:17:514:33 | object creation of type SimpleClass | +| GlobalDataFlow.cs:522:17:522:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:522:17:522:33 | object creation of type SimpleClass | +| GlobalDataFlow.cs:523:17:523:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:523:17:523:33 | object creation of type SimpleClass | +| GlobalDataFlow.cs:524:17:524:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:524:17:524:33 | object creation of type SimpleClass | +| GlobalDataFlow.cs:545:17:545:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:545:17:545:33 | object creation of type SimpleClass | +| GlobalDataFlow.cs:558:44:558:47 | delegate call | normal | GlobalDataFlow.cs:558:44:558:47 | delegate call | +| GlobalDataFlowStringBuilder.cs:19:9:19:20 | call to method Append | normal | GlobalDataFlowStringBuilder.cs:19:9:19:20 | call to method Append | +| GlobalDataFlowStringBuilder.cs:24:18:24:36 | object creation of type StringBuilder | normal | GlobalDataFlowStringBuilder.cs:24:18:24:36 | object creation of type StringBuilder | +| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:29:9:29:18 | call to method Clear | normal | GlobalDataFlowStringBuilder.cs:29:9:29:18 | call to method Clear | +| GlobalDataFlowStringBuilder.cs:30:23:30:35 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:30:23:30:35 | call to method ToString | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | normal | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | normal | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | | Splitting.cs:20:22:20:30 | call to method Return | normal | Splitting.cs:20:22:20:30 | call to method Return | diff --git a/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlow.cs b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlow.cs index 31fcdc5302f..75adfbf4164 100644 --- a/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlow.cs +++ b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlow.cs @@ -443,23 +443,6 @@ public class DataFlow get { return ""; } } - static void AppendToStringBuilder(StringBuilder sb, string s) - { - sb.Append(s); - } - - void TestStringBuilderFlow() - { - var sb = new StringBuilder(); - AppendToStringBuilder(sb, "taint source"); - var sink43 = sb.ToString(); - Check(sink43); - - sb.Clear(); - var nonSink = sb.ToString(); - Check(nonSink); - } - void TestStringFlow() { var sink44 = string.Join(",", "whatever", "taint source"); diff --git a/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs new file mode 100644 index 00000000000..e278a40a3cf --- /dev/null +++ b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs @@ -0,0 +1,33 @@ +using System; +using System.Text; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; + +/// +/// All (tainted) sinks are named `sink[Param|Field|Property]N`, for some N, and all +/// non-sinks are named `nonSink[Param|Field|Property]N`, for some N. +/// Both sinks and non-sinks are passed to the method `Check` for convenience in the +/// test query. +/// +public class DataFlowStringBuilder +{ + static void Check(T x) { } + + static void AppendToStringBuilder(StringBuilder sb, string s) + { + sb.Append(s); + } + + void TestStringBuilderFlow() + { + var sb = new StringBuilder(); + AppendToStringBuilder(sb, "taint source"); + var sink43 = sb.ToString(); + Check(sink43); + + sb.Clear(); + var nonSink = sb.ToString(); + Check(nonSink); + } +} diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected index c61a22be645..759a95b9d97 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected @@ -56,23 +56,23 @@ | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | | GlobalDataFlow.cs:404:15:404:20 | access to local variable sink11 | | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | -| GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | -| GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | +| GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | | GlobalDataFlow.cs:533:15:533:21 | access to field field | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | +| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index 1b492d183bc..cb5e3e92a54 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -129,7 +129,7 @@ edges | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | | GlobalDataFlow.cs:81:22:81:93 | call to method First : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | -| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | +| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | | GlobalDataFlow.cs:81:57:81:65 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | | GlobalDataFlow.cs:81:59:81:63 | access to local variable sink3 : String | GlobalDataFlow.cs:81:57:81:65 | { ..., ... } : null [element] : String | | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | @@ -267,72 +267,72 @@ edges | GlobalDataFlow.cs:405:16:405:21 | access to local variable sink11 : String | GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | | GlobalDataFlow.cs:427:9:427:11 | value : String | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | -| GlobalDataFlow.cs:446:64:446:64 | s : String | GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | -| GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | -| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:446:64:446:64 | s : String | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | -| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | -| GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | -| GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | -| GlobalDataFlow.cs:465:51:465:64 | "taint source" : String | GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | -| GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | -| GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | -| GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | -| GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | -| GlobalDataFlow.cs:483:53:483:55 | arg : String | GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | -| GlobalDataFlow.cs:486:21:486:21 | s : String | GlobalDataFlow.cs:486:32:486:32 | access to parameter s | -| GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | GlobalDataFlow.cs:486:21:486:21 | s : String | -| GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | GlobalDataFlow.cs:483:53:483:55 | arg : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:508:15:508:22 | access to field field | -| GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:22 | access to field field | -| GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:515:15:515:22 | access to field field | -| GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:22 | access to field field | -| GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:22 | access to field field | -| GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:526:15:526:21 | access to field field | -| GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | -| GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:534:15:534:21 | access to field field | -| GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:548:15:548:21 | access to field field | -| GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:549:15:549:21 | access to field field | -| GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:550:15:550:21 | access to field field | -| GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:556:15:556:22 | access to field field | -| GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:564:15:564:21 | access to field field | -| GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | -| GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | -| GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | +| GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | +| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | +| GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | +| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | +| GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | +| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | +| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | GlobalDataFlow.cs:469:21:469:21 | s : String | +| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:466:53:466:55 | arg : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | +| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | +| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | +| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | +| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | +| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | +| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | +| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | +| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | +| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | +| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | +| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | +| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | +| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | +| GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | +| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | +| GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | +| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | +| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | @@ -591,77 +591,77 @@ nodes | GlobalDataFlow.cs:427:9:427:11 | value : String | semmle.label | value : String | | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | semmle.label | access to local variable sink20 | | GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:446:64:446:64 | s : String | semmle.label | s : String | -| GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | -| GlobalDataFlow.cs:448:19:448:19 | access to parameter s : String | semmle.label | access to parameter s : String | -| GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:455:22:455:23 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | -| GlobalDataFlow.cs:455:22:455:34 | call to method ToString : String | semmle.label | call to method ToString : String | -| GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | semmle.label | access to local variable sink43 | -| GlobalDataFlow.cs:465:22:465:65 | call to method Join : String | semmle.label | call to method Join : String | -| GlobalDataFlow.cs:465:51:465:64 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | semmle.label | access to local variable sink44 | -| GlobalDataFlow.cs:474:20:474:49 | call to method Run : Task [property Result] : String | semmle.label | call to method Run : Task [property Result] : String | -| GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:475:25:475:28 | access to local variable task : Task [property Result] : String | semmle.label | access to local variable task : Task [property Result] : String | -| GlobalDataFlow.cs:475:25:475:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:476:23:476:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | -| GlobalDataFlow.cs:477:22:477:40 | call to method GetResult : String | semmle.label | call to method GetResult : String | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | semmle.label | access to local variable sink45 | -| GlobalDataFlow.cs:483:53:483:55 | arg : String | semmle.label | arg : String | -| GlobalDataFlow.cs:486:21:486:21 | s : String | semmle.label | s : String | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | semmle.label | access to parameter s | -| GlobalDataFlow.cs:487:15:487:17 | access to parameter arg : String | semmle.label | access to parameter arg : String | -| GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:500:9:500:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlow.cs:507:25:507:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:507:30:507:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:509:15:509:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:514:31:514:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:36:514:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:514:42:514:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:516:15:516:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:517:15:517:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:525:33:525:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:532:20:532:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:532:25:532:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:533:15:533:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | semmle.label | call to method Join : String | +| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | semmle.label | access to local variable sink44 | +| GlobalDataFlow.cs:457:20:457:49 | call to method Run : Task [property Result] : String | semmle.label | call to method Run : Task [property Result] : String | +| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task [property Result] : String | semmle.label | access to local variable task : Task [property Result] : String | +| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method ConfigureAwait : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaitable : ConfiguredTaskAwaitable [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | call to method GetAwaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | semmle.label | access to local variable awaiter : ConfiguredTaskAwaitable.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | +| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | semmle.label | call to method GetResult : String | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | semmle.label | access to local variable sink45 | +| GlobalDataFlow.cs:466:53:466:55 | arg : String | semmle.label | arg : String | +| GlobalDataFlow.cs:469:21:469:21 | s : String | semmle.label | s : String | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | semmle.label | access to parameter s | +| GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | semmle.label | access to parameter arg : String | +| GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:483:9:483:10 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlow.cs:490:25:490:26 | [post] access to local variable x1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:490:30:490:31 | [post] access to local variable x2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:16 | access to local variable x1 : SimpleClass [field field] : String | semmle.label | access to local variable x1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:492:15:492:16 | access to local variable x2 : SimpleClass [field field] : String | semmle.label | access to local variable x2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:497:31:497:32 | [post] access to local variable y1 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:36:497:37 | [post] access to local variable y2 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:497:42:497:43 | [post] access to local variable y3 : SimpleClass [field field] : String | semmle.label | [post] access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:16 | access to local variable y1 : SimpleClass [field field] : String | semmle.label | access to local variable y1 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:499:15:499:16 | access to local variable y2 : SimpleClass [field field] : String | semmle.label | access to local variable y2 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:500:15:500:16 | access to local variable y3 : SimpleClass [field field] : String | semmle.label | access to local variable y3 : SimpleClass [field field] : String | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:508:33:508:33 | [post] access to local variable x : SubSimpleClass [field field] : String | semmle.label | [post] access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:15 | access to local variable x : SubSimpleClass [field field] : String | semmle.label | access to local variable x : SubSimpleClass [field field] : String | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:515:20:515:20 | [post] access to parameter x : SimpleClass [field field] : String | semmle.label | [post] access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:515:25:515:25 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:15 | access to parameter x : SimpleClass [field field] : String | semmle.label | access to parameter x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:517:15:517:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:527:20:527:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:528:20:528:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:529:18:529:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:532:15:532:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:533:15:533:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | | GlobalDataFlow.cs:533:15:533:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:534:15:534:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:544:20:544:20 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:545:20:545:20 | [post] access to local variable y : SimpleClass [field field] : String | semmle.label | [post] access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:546:18:546:18 | [post] access to local variable z : SimpleClass [field field] : String | semmle.label | [post] access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:549:15:549:15 | access to local variable y : SimpleClass [field field] : String | semmle.label | access to local variable y : SimpleClass [field field] : String | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:550:15:550:15 | access to local variable z : SimpleClass [field field] : String | semmle.label | access to local variable z : SimpleClass [field field] : String | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:555:20:555:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:563:24:563:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | semmle.label | access to field field | -| GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | semmle.label | e : null [element] : String | -| GlobalDataFlow.cs:573:22:573:22 | SSA def(x) : String | semmle.label | SSA def(x) : String | -| GlobalDataFlow.cs:573:27:573:27 | access to parameter e : null [element] : String | semmle.label | access to parameter e : null [element] : String | -| GlobalDataFlow.cs:575:44:575:47 | delegate call : String | semmle.label | delegate call : String | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | semmle.label | access to local variable x : String | +| GlobalDataFlow.cs:538:20:538:21 | [post] access to parameter sc : SimpleClass [field field] : String | semmle.label | [post] access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:16 | access to parameter sc : SimpleClass [field field] : String | semmle.label | access to parameter sc : SimpleClass [field field] : String | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:546:24:546:24 | [post] access to local variable x : SimpleClass [field field] : String | semmle.label | [post] access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:15 | access to local variable x : SimpleClass [field field] : String | semmle.label | access to local variable x : SimpleClass [field field] : String | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | semmle.label | access to field field | +| GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | semmle.label | e : null [element] : String | +| GlobalDataFlow.cs:556:22:556:22 | SSA def(x) : String | semmle.label | SSA def(x) : String | +| GlobalDataFlow.cs:556:27:556:27 | access to parameter e : null [element] : String | semmle.label | access to parameter e : null [element] : String | +| GlobalDataFlow.cs:558:44:558:47 | delegate call : String | semmle.label | delegate call : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | semmle.label | access to local variable x : String | +| GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | semmle.label | s : String | +| GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | semmle.label | access to parameter s : String | +| GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | semmle.label | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | semmle.label | access to local variable sink43 | | Splitting.cs:3:28:3:34 | tainted : String | semmle.label | tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | semmle.label | [b (line 3): false] call to method Return : String | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | semmle.label | [b (line 3): true] call to method Return : String | @@ -699,7 +699,7 @@ subpaths | GlobalDataFlow.cs:73:94:73:98 | access to local variable sink0 : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:73:29:73:101 | call to method Invoke : String | | GlobalDataFlow.cs:76:19:76:23 | access to local variable sink1 : String | GlobalDataFlow.cs:304:32:304:32 | x : String | GlobalDataFlow.cs:306:9:306:13 | SSA def(y) : String | GlobalDataFlow.cs:76:30:76:34 | SSA def(sink2) : String | | GlobalDataFlow.cs:79:19:79:23 | access to local variable sink2 : String | GlobalDataFlow.cs:310:32:310:32 | x : String | GlobalDataFlow.cs:312:9:312:13 | SSA def(y) : String | GlobalDataFlow.cs:79:30:79:34 | SSA def(sink3) : String | -| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:570:71:570:71 | e : null [element] : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | +| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven : IEnumerable [element] : String | | GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | GlobalDataFlow.cs:387:46:387:46 | x : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc : String | | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | GlobalDataFlow.cs:138:40:138:40 | x : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc : String | GlobalDataFlow.cs:139:21:139:34 | delegate call : String | | GlobalDataFlow.cs:147:39:147:43 | access to local variable sink4 : String | GlobalDataFlow.cs:387:46:387:46 | x : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | GlobalDataFlow.cs:147:21:147:44 | call to method ApplyFunc : String | @@ -707,8 +707,8 @@ subpaths | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:300:27:300:28 | x0 : String | GlobalDataFlow.cs:300:33:300:34 | access to parameter x0 : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | -| GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:446:64:446:64 | s : String | GlobalDataFlow.cs:448:9:448:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlow.cs:454:31:454:32 | [post] access to local variable sb : StringBuilder | -| GlobalDataFlow.cs:575:46:575:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:575:44:575:47 | delegate call : String | +| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | +| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | | Splitting.cs:20:29:20:29 | access to parameter s : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:20:22:20:30 | call to method Return : String | @@ -774,23 +774,23 @@ subpaths | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | GlobalDataFlow.cs:211:46:211:59 | "taint source" : String | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | access to parameter sinkParam11 | | GlobalDataFlow.cs:404:15:404:20 | access to local variable sink11 | GlobalDataFlow.cs:401:39:401:45 | tainted : String | GlobalDataFlow.cs:404:15:404:20 | access to local variable sink11 | access to local variable sink11 | | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | GlobalDataFlow.cs:18:27:18:40 | "taint source" : String | GlobalDataFlow.cs:427:41:427:46 | access to local variable sink20 | access to local variable sink20 | -| GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | GlobalDataFlow.cs:454:35:454:48 | "taint source" : String | GlobalDataFlow.cs:456:15:456:20 | access to local variable sink43 | access to local variable sink43 | -| GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | GlobalDataFlow.cs:465:51:465:64 | "taint source" : String | GlobalDataFlow.cs:466:15:466:20 | access to local variable sink44 | access to local variable sink44 | -| GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | GlobalDataFlow.cs:474:35:474:48 | "taint source" : String | GlobalDataFlow.cs:478:15:478:20 | access to local variable sink45 | access to local variable sink45 | -| GlobalDataFlow.cs:486:32:486:32 | access to parameter s | GlobalDataFlow.cs:490:28:490:41 | "taint source" : String | GlobalDataFlow.cs:486:32:486:32 | access to parameter s | access to parameter s | -| GlobalDataFlow.cs:508:15:508:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:508:15:508:22 | access to field field | access to field field | -| GlobalDataFlow.cs:509:15:509:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:509:15:509:22 | access to field field | access to field field | -| GlobalDataFlow.cs:515:15:515:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:515:15:515:22 | access to field field | access to field field | -| GlobalDataFlow.cs:516:15:516:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:516:15:516:22 | access to field field | access to field field | -| GlobalDataFlow.cs:517:15:517:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:517:15:517:22 | access to field field | access to field field | -| GlobalDataFlow.cs:526:15:526:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:526:15:526:21 | access to field field | access to field field | -| GlobalDataFlow.cs:533:15:533:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | access to field field | -| GlobalDataFlow.cs:534:15:534:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:534:15:534:21 | access to field field | access to field field | -| GlobalDataFlow.cs:548:15:548:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:548:15:548:21 | access to field field | access to field field | -| GlobalDataFlow.cs:549:15:549:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:549:15:549:21 | access to field field | access to field field | -| GlobalDataFlow.cs:550:15:550:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:550:15:550:21 | access to field field | access to field field | -| GlobalDataFlow.cs:556:15:556:22 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:556:15:556:22 | access to field field | access to field field | -| GlobalDataFlow.cs:564:15:564:21 | access to field field | GlobalDataFlow.cs:500:20:500:33 | "taint source" : String | GlobalDataFlow.cs:564:15:564:21 | access to field field | access to field field | +| GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | access to local variable sink44 | +| GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | access to local variable sink45 | +| GlobalDataFlow.cs:469:32:469:32 | access to parameter s | GlobalDataFlow.cs:473:28:473:41 | "taint source" : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | access to parameter s | +| GlobalDataFlow.cs:491:15:491:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:491:15:491:22 | access to field field | access to field field | +| GlobalDataFlow.cs:492:15:492:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:492:15:492:22 | access to field field | access to field field | +| GlobalDataFlow.cs:498:15:498:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:498:15:498:22 | access to field field | access to field field | +| GlobalDataFlow.cs:499:15:499:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:499:15:499:22 | access to field field | access to field field | +| GlobalDataFlow.cs:500:15:500:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:500:15:500:22 | access to field field | access to field field | +| GlobalDataFlow.cs:509:15:509:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:509:15:509:21 | access to field field | access to field field | +| GlobalDataFlow.cs:516:15:516:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:516:15:516:21 | access to field field | access to field field | +| GlobalDataFlow.cs:517:15:517:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:517:15:517:21 | access to field field | access to field field | +| GlobalDataFlow.cs:531:15:531:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:531:15:531:21 | access to field field | access to field field | +| GlobalDataFlow.cs:532:15:532:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:532:15:532:21 | access to field field | access to field field | +| GlobalDataFlow.cs:533:15:533:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | access to field field | +| GlobalDataFlow.cs:539:15:539:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | access to field field | +| GlobalDataFlow.cs:547:15:547:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | access to field field | +| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | access to local variable sink43 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x | From 2c624c23ed66e84324d60952fb6074611ef9ff6b Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 09:19:12 +0100 Subject: [PATCH 25/31] Add test cases for missing flow with interpolated strings and `StringBuilder` --- .../dataflow/global/GetAnOutNode.expected | 16 +++++++++---- .../global/GlobalDataFlowStringBuilder.cs | 23 ++++++++++++++++-- .../dataflow/global/TaintTracking.expected | 2 +- .../global/TaintTrackingPath.expected | 24 +++++++++---------- 4 files changed, 46 insertions(+), 19 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected b/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected index 503b28538f0..bfe1895663c 100644 --- a/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected +++ b/csharp/ql/test/library-tests/dataflow/global/GetAnOutNode.expected @@ -166,10 +166,18 @@ | GlobalDataFlow.cs:545:17:545:33 | object creation of type SimpleClass | normal | GlobalDataFlow.cs:545:17:545:33 | object creation of type SimpleClass | | GlobalDataFlow.cs:558:44:558:47 | delegate call | normal | GlobalDataFlow.cs:558:44:558:47 | delegate call | | GlobalDataFlowStringBuilder.cs:19:9:19:20 | call to method Append | normal | GlobalDataFlowStringBuilder.cs:19:9:19:20 | call to method Append | -| GlobalDataFlowStringBuilder.cs:24:18:24:36 | object creation of type StringBuilder | normal | GlobalDataFlowStringBuilder.cs:24:18:24:36 | object creation of type StringBuilder | -| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString | -| GlobalDataFlowStringBuilder.cs:29:9:29:18 | call to method Clear | normal | GlobalDataFlowStringBuilder.cs:29:9:29:18 | call to method Clear | -| GlobalDataFlowStringBuilder.cs:30:23:30:35 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:30:23:30:35 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:24:9:24:27 | call to method Append | normal | GlobalDataFlowStringBuilder.cs:24:9:24:27 | call to method Append | +| GlobalDataFlowStringBuilder.cs:29:18:29:36 | object creation of type StringBuilder | normal | GlobalDataFlowStringBuilder.cs:29:18:29:36 | object creation of type StringBuilder | +| GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:34:19:34:37 | object creation of type StringBuilder | normal | GlobalDataFlowStringBuilder.cs:34:19:34:37 | object creation of type StringBuilder | +| GlobalDataFlowStringBuilder.cs:35:9:35:22 | call to method Append | normal | GlobalDataFlowStringBuilder.cs:35:9:35:22 | call to method Append | +| GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:39:19:39:37 | object creation of type StringBuilder | normal | GlobalDataFlowStringBuilder.cs:39:19:39:37 | object creation of type StringBuilder | +| GlobalDataFlowStringBuilder.cs:40:9:40:27 | call to method Append | normal | GlobalDataFlowStringBuilder.cs:40:9:40:27 | call to method Append | +| GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:44:9:44:18 | call to method Clear | normal | GlobalDataFlowStringBuilder.cs:44:9:44:18 | call to method Clear | +| GlobalDataFlowStringBuilder.cs:45:23:45:35 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:45:23:45:35 | call to method ToString | +| GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString | normal | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | normal | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | normal | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return | | Splitting.cs:20:22:20:30 | call to method Return | normal | Splitting.cs:20:22:20:30 | call to method Return | diff --git a/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs index e278a40a3cf..4ccf38d4cc9 100644 --- a/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs +++ b/csharp/ql/test/library-tests/dataflow/global/GlobalDataFlowStringBuilder.cs @@ -19,15 +19,34 @@ public class DataFlowStringBuilder sb.Append(s); } + static void AppendToStringBuilderInterpolated(StringBuilder sb, string s) + { + sb.Append($"a{s}b"); + } + void TestStringBuilderFlow() { var sb = new StringBuilder(); AppendToStringBuilder(sb, "taint source"); - var sink43 = sb.ToString(); - Check(sink43); + var sink0 = sb.ToString(); + Check(sink0); + + var sb1 = new StringBuilder(); + sb1.Append(sb); + var sink1 = sb1.ToString(); + Check(sink1); + + var sb2 = new StringBuilder(); + sb2.Append($"{sb}"); + var sink2 = sb2.ToString(); + Check(sink2); sb.Clear(); var nonSink = sb.ToString(); Check(nonSink); + + AppendToStringBuilderInterpolated(sb, "taint source"); + var sink3 = sb.ToString(); + Check(sink3); } } diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected index 759a95b9d97..c448987eb62 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected @@ -72,7 +72,7 @@ | GlobalDataFlow.cs:533:15:533:21 | access to field field | | GlobalDataFlow.cs:539:15:539:22 | access to field field | | GlobalDataFlow.cs:547:15:547:21 | access to field field | -| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | +| GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index cb5e3e92a54..6c7509e34a5 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -328,11 +328,11 @@ edges | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | -| GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | -| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | -| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | -| GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | -| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | +| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | +| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | @@ -657,11 +657,11 @@ nodes | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | semmle.label | s : String | | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | semmle.label | access to parameter s : String | -| GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | -| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | semmle.label | "taint source" : String | -| GlobalDataFlowStringBuilder.cs:26:22:26:23 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | -| GlobalDataFlowStringBuilder.cs:26:22:26:34 | call to method ToString : String | semmle.label | call to method ToString : String | -| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | semmle.label | access to local variable sink43 | +| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | semmle.label | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | semmle.label | access to local variable sink0 | | Splitting.cs:3:28:3:34 | tainted : String | semmle.label | tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | semmle.label | [b (line 3): false] call to method Return : String | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | semmle.label | [b (line 3): true] call to method Return : String | @@ -708,7 +708,7 @@ subpaths | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:298:26:298:26 | x : String | GlobalDataFlow.cs:301:16:301:41 | ... ? ... : ... : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:300:27:300:28 | x0 : String | GlobalDataFlow.cs:300:33:300:34 | access to parameter x0 : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | -| GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:25:31:25:32 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | | Splitting.cs:20:29:20:29 | access to parameter s : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:20:22:20:30 | call to method Return : String | @@ -790,7 +790,7 @@ subpaths | GlobalDataFlow.cs:533:15:533:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:533:15:533:21 | access to field field | access to field field | | GlobalDataFlow.cs:539:15:539:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | access to field field | | GlobalDataFlow.cs:547:15:547:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | access to field field | -| GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | GlobalDataFlowStringBuilder.cs:25:35:25:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:27:15:27:20 | access to local variable sink43 | access to local variable sink43 | +| GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | access to local variable sink0 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x | From 028326abada85f7461228140f4d6958e058e0be1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 7 Dec 2023 09:54:01 +0000 Subject: [PATCH 26/31] Swift: Correct US spellings. --- swift/ql/lib/codeql/swift/security/SensitiveExprs.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll index b230c29a78b..210306a6148 100644 --- a/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll +++ b/swift/ql/lib/codeql/swift/security/SensitiveExprs.qll @@ -176,12 +176,12 @@ class SensitiveExpr extends Expr { not label.regexpMatch(regexpProbablySafe()) or ( - // modelled sensitive credential + // modeled sensitive credential sourceNode(DataFlow::exprNode(this), "sensitive-credential") and sensitiveType = TCredential() and label = "credential" or - // modelled sensitive private information + // modeled sensitive private information sourceNode(DataFlow::exprNode(this), "sensitive-private-info") and sensitiveType = TPrivateInfo() and label = "private information" From 89df59a0832c0a87c12b2a62fd253b3275eca0aa Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 09:19:21 +0100 Subject: [PATCH 27/31] C#: Add missing models and fix interpolated string flow into `StringBuilder` --- csharp/ql/lib/ext/System.Text.model.yml | 10 +++++ .../internal/TaintTrackingPrivate.qll | 13 +++++++ .../dataflow/global/TaintTracking.expected | 3 ++ .../global/TaintTrackingPath.expected | 39 +++++++++++++++++++ .../dataflow/library/FlowSummaries.expected | 14 +++++-- .../library/FlowSummariesFiltered.expected | 14 +++++-- 6 files changed, 85 insertions(+), 8 deletions(-) diff --git a/csharp/ql/lib/ext/System.Text.model.yml b/csharp/ql/lib/ext/System.Text.model.yml index 979caeda5b3..136733ca556 100644 --- a/csharp/ql/lib/ext/System.Text.model.yml +++ b/csharp/ql/lib/ext/System.Text.model.yml @@ -45,10 +45,16 @@ extensions: - ["System.Text", "StringBuilder", False, "Append", "(System.String,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.String,System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder,System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt16)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt64)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] @@ -97,6 +103,10 @@ extensions: - ["System.Text", "StringBuilder", False, "AppendLine", "()", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32,System.Int32,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index d62f66ac3f6..ad0d08ef118 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -87,6 +87,19 @@ private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityCon or e1 = e2.(AwaitExpr).getExpr() and scope = e2 + or + // Taint flows from the operand of a cast to the cast expression if the cast is to an interpolated string handler. + e2 = + any(CastExpr ce | + e1 = ce.getExpr() and + scope = ce and + ce.getTargetType() + .(Attributable) + .getAnAttribute() + .getType() + .hasFullyQualifiedName("System.Runtime.CompilerServices", + "InterpolatedStringHandlerAttribute") + ) ) } } diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected index c448987eb62..9a2ea6bd3da 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected @@ -73,6 +73,9 @@ | GlobalDataFlow.cs:539:15:539:22 | access to field field | | GlobalDataFlow.cs:547:15:547:21 | access to field field | | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | +| GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | +| GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | +| GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index 6c7509e34a5..8dd706eb671 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -328,11 +328,28 @@ edges | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | +| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | +| GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | +| GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | +| GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | +| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | @@ -657,11 +674,29 @@ nodes | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | semmle.label | s : String | | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | semmle.label | access to parameter s : String | +| GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | semmle.label | s : String | +| GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | semmle.label | [post] access to parameter sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | semmle.label | (...) ... : AppendInterpolatedStringHandler | | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | semmle.label | "taint source" : String | | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | semmle.label | call to method ToString : String | | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | semmle.label | access to local variable sink0 | +| GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | semmle.label | [post] access to local variable sb1 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | semmle.label | access to local variable sb1 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | semmle.label | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | semmle.label | access to local variable sink1 | +| GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | semmle.label | [post] access to local variable sb2 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | semmle.label | (...) ... : AppendInterpolatedStringHandler | +| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | semmle.label | access to local variable sb2 : StringBuilder | +| GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | semmle.label | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | semmle.label | access to local variable sink2 | +| GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | semmle.label | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | semmle.label | "taint source" : String | +| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | semmle.label | access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | semmle.label | call to method ToString : String | +| GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | semmle.label | access to local variable sink3 | | Splitting.cs:3:28:3:34 | tainted : String | semmle.label | tainted : String | | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | semmle.label | [b (line 3): false] call to method Return : String | | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | semmle.label | [b (line 3): true] call to method Return : String | @@ -709,6 +744,7 @@ subpaths | GlobalDataFlow.cs:389:18:389:18 | access to parameter x : String | GlobalDataFlow.cs:300:27:300:28 | x0 : String | GlobalDataFlow.cs:300:33:300:34 | access to parameter x0 : String | GlobalDataFlow.cs:389:16:389:19 | delegate call : String | | GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | +| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | | Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return : String | | Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return : String | | Splitting.cs:20:29:20:29 | access to parameter s : String | Splitting.cs:16:26:16:26 | x : String | Splitting.cs:16:32:16:32 | access to parameter x : String | Splitting.cs:20:22:20:30 | call to method Return : String | @@ -791,6 +827,9 @@ subpaths | GlobalDataFlow.cs:539:15:539:22 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:539:15:539:22 | access to field field | access to field field | | GlobalDataFlow.cs:547:15:547:21 | access to field field | GlobalDataFlow.cs:483:20:483:33 | "taint source" : String | GlobalDataFlow.cs:547:15:547:21 | access to field field | access to field field | | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | access to local variable sink0 | +| GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | access to local variable sink1 | +| GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | access to local variable sink2 | +| GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | access to local variable sink3 | | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x | | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | [b (line 3): true] access to local variable x | | Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted : String | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 89cf3684691..2b4b222ec72 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -12785,7 +12785,8 @@ summary | System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | @@ -12799,8 +12800,11 @@ summary | System.Text;StringBuilder;false;Append;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt32);;Argument[this];ReturnValue;value;manual | @@ -12851,10 +12855,12 @@ summary | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 647edc00f6a..1f9ab82d80e 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -10899,7 +10899,8 @@ summary | System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | @@ -10913,8 +10914,11 @@ summary | System.Text;StringBuilder;false;Append;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;df-generated | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt32);;Argument[this];ReturnValue;value;manual | @@ -10965,10 +10969,12 @@ summary | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[1].Element;Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | -| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;taint;df-generated | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated | From e0c9be371f30c3c46ba76e8fdfdc787c0cb6d31f Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 10:57:18 +0100 Subject: [PATCH 28/31] Add change note --- csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md diff --git a/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md b/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md new file mode 100644 index 00000000000..8ea6ff9940f --- /dev/null +++ b/csharp/ql/lib/change-notes/2023-12-07-stringbuilder.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- + +* The dataflow models for the `System.Text.StringBuilder` class have been reworked. New summaries have been added for `Append` and `AppendLine`. With the changes, we expect queries that use taint tracking to find more results when interpolated strings or `StringBuilder` instances are passed to `Append` or `AppendLine`. \ No newline at end of file From aac3ec81f265d6bf8c10c27a4733800b85979cb3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 7 Dec 2023 13:13:29 +0100 Subject: [PATCH 29/31] C#: Add generated cast expression for nuint and nint parameter defaults. --- .../Entities/Expression.cs | 7 ++++- .../Entities/Expressions/ImplicitCast.cs | 28 +++++++++++++++++-- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index 6c5ac993ca6..e6d610de55a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -214,7 +214,7 @@ namespace Semmle.Extraction.CSharp.Entities if (type.SpecialType is SpecialType.None) { - return ImplicitCast.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); + return ImplicitCast.CreateGeneratedConversion(cx, parent, childIndex, type, defaultValue, location); } if (type.SpecialType is SpecialType.System_DateTime) @@ -222,6 +222,11 @@ namespace Semmle.Extraction.CSharp.Entities return DateTimeObjectCreation.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); } + if (type.SpecialType is SpecialType.System_IntPtr || type.SpecialType is SpecialType.System_UIntPtr) + { + return ImplicitCast.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); + } + // const literal: return Literal.CreateGenerated(cx, parent, childIndex, type, defaultValue, location); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs index d2762f20a07..57a37d86360 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitCast.cs @@ -51,8 +51,10 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions ) .FirstOrDefault(); - // Creates a new generated expression with an implicit cast added, if needed. - public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object value, + /// + /// Creates a new generated expression with an implicit conversion added. + /// + public static Expression CreateGeneratedConversion(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object value, Extraction.Entities.Location location) { ExpressionInfo create(ExprKind kind, string? v) => @@ -79,7 +81,27 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions } } - // Creates a new expression, adding casts as required. + /// + /// Creates a new generated cast expression. + /// + public static Expression CreateGenerated(Context cx, IExpressionParentEntity parent, int childIndex, ITypeSymbol type, object value, + Extraction.Entities.Location location) + { + var info = new ExpressionInfo(cx, + AnnotatedTypeSymbol.CreateNotAnnotated(type), + location, + ExprKind.CAST, + parent, + childIndex, + true, + ValueAsString(value)); + + return new Expression(info); + } + + /// + /// Creates a new expression, adding casts as required. + /// public static Expression Create(ExpressionNodeInfo info) { var resolvedType = info.ResolvedType; From d9c6d4e6cb1de51bd9e9fe44eaae72f74de868b4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 5 Dec 2023 16:28:51 +0100 Subject: [PATCH 30/31] C#: Update Parameters expected output. --- .../ql/test/library-tests/parameters/Parameters.expected | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/csharp/ql/test/library-tests/parameters/Parameters.expected b/csharp/ql/test/library-tests/parameters/Parameters.expected index 6a0f0f8bf77..16b46665736 100644 --- a/csharp/ql/test/library-tests/parameters/Parameters.expected +++ b/csharp/ql/test/library-tests/parameters/Parameters.expected @@ -5,8 +5,8 @@ noDefaultValue | Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:24:8:24 | a | 0 | | Parameters.cs:12:17:12:18 | M6 | Parameters.cs:12:29:12:30 | s1 | 0 | | Parameters.cs:13:17:13:18 | M7 | Parameters.cs:13:27:13:28 | e1 | 0 | -| Parameters.cs:33:32:33:39 | implicit conversion | Parameters.cs:33:54:33:54 | i | 0 | -| Parameters.cs:34:32:34:39 | implicit conversion | Parameters.cs:34:57:34:57 | s | 0 | +| Parameters.cs:35:32:35:39 | implicit conversion | Parameters.cs:35:54:35:54 | i | 0 | +| Parameters.cs:36:32:36:39 | implicit conversion | Parameters.cs:36:57:36:57 | s | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | a | 0 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | b | 1 | | Parameters.dll:0:0:0:0 | M1 | Parameters.dll:0:0:0:0 | c | 2 | @@ -45,6 +45,8 @@ withDefaultValue | Parameters.cs:27:17:27:19 | M19 | Parameters.cs:27:74:27:77 | arg9 | 0 | Parameters.cs:27:21:27:77 | 10.3 | 10.3 | | Parameters.cs:28:17:28:19 | M20 | Parameters.cs:28:67:28:71 | arg10 | 0 | Parameters.cs:28:21:28:71 | call to operator implicit conversion | - | | Parameters.cs:29:17:29:19 | M21 | Parameters.cs:29:76:29:80 | arg10 | 0 | Parameters.cs:29:21:29:80 | call to operator implicit conversion | - | +| Parameters.cs:30:17:30:19 | M22 | Parameters.cs:30:27:30:31 | arg11 | 0 | Parameters.cs:30:35:30:35 | (...) ... | 0 | +| Parameters.cs:31:17:31:19 | M23 | Parameters.cs:31:26:31:30 | arg12 | 0 | Parameters.cs:31:34:31:34 | (...) ... | 0 | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | b | 1 | Parameters.dll:0:0:0:0 | default | null | | Parameters.dll:0:0:0:0 | M2 | Parameters.dll:0:0:0:0 | c | 2 | Parameters.dll:0:0:0:0 | "default string" | default string | | Parameters.dll:0:0:0:0 | M3 | Parameters.dll:0:0:0:0 | a | 0 | Parameters.dll:0:0:0:0 | 1 | 1 | @@ -74,6 +76,8 @@ withDefaultValue | Parameters.dll:0:0:0:0 | M19 | Parameters.dll:0:0:0:0 | arg9 | 0 | Parameters.dll:0:0:0:0 | 10.3 | 10.3 | | Parameters.dll:0:0:0:0 | M20 | Parameters.dll:0:0:0:0 | arg10 | 0 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | - | | Parameters.dll:0:0:0:0 | M21 | Parameters.dll:0:0:0:0 | arg10 | 0 | Parameters.dll:0:0:0:0 | call to operator implicit conversion | - | +| Parameters.dll:0:0:0:0 | M22 | Parameters.dll:0:0:0:0 | arg11 | 0 | Parameters.dll:0:0:0:0 | (...) ... | 0 | +| Parameters.dll:0:0:0:0 | M23 | Parameters.dll:0:0:0:0 | arg12 | 0 | Parameters.dll:0:0:0:0 | (...) ... | 0 | dateTimeDefaults | Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | Parameters.cs:22:21:22:67 | object creation of type DateTime | DateTime(long) | 14 | | Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | Parameters.cs:23:21:23:71 | object creation of type DateTime | DateTime(long) | 10001 | From 75fa67726e73cf1a461739397eb10b29772d8f8d Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Thu, 7 Dec 2023 14:10:16 +0100 Subject: [PATCH 31/31] Fix models to support fluent chaining --- csharp/ql/lib/ext/System.Text.model.yml | 8 ++++---- .../library-tests/dataflow/library/FlowSummaries.expected | 8 ++++---- .../dataflow/library/FlowSummariesFiltered.expected | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/csharp/ql/lib/ext/System.Text.model.yml b/csharp/ql/lib/ext/System.Text.model.yml index 136733ca556..ab5f68a8d72 100644 --- a/csharp/ql/lib/ext/System.Text.model.yml +++ b/csharp/ql/lib/ext/System.Text.model.yml @@ -51,9 +51,9 @@ extensions: - ["System.Text", "StringBuilder", False, "Append", "(System.UInt16)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt32)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.UInt64)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["System.Text", "StringBuilder", False, "Append", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "Append", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "Append", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendFormat", "(System.IFormatProvider,System.String,System.Object)", "", "Argument[2]", "Argument[this]", "taint", "manual"] @@ -103,9 +103,9 @@ extensions: - ["System.Text", "StringBuilder", False, "AppendLine", "()", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.String)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["System.Text", "StringBuilder", False, "AppendLine", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["System.Text", "StringBuilder", False, "AppendLine", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["System.Text", "StringBuilder", False, "AppendLine", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["System.Text", "StringBuilder", False, "AppendLine", "(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.Text", "StringBuilder", False, "StringBuilder", "(System.String,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 2b4b222ec72..034d2893d99 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -12786,7 +12786,7 @@ summary | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | -| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | @@ -12803,7 +12803,7 @@ summary | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | @@ -12856,11 +12856,11 @@ summary | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | -| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 1f9ab82d80e..7e153b336ce 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -10900,7 +10900,7 @@ summary | System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Double);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | -| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int16);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Int64);;Argument[this];ReturnValue;value;manual | @@ -10917,7 +10917,7 @@ summary | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;Append;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[this];ReturnValue;value;manual | @@ -10970,11 +10970,11 @@ summary | System.Text;StringBuilder;false;AppendJoin;(System.String,System.Collections.Generic.IEnumerable);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;();;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];Argument[this];taint;manual | -| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[1];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.IFormatProvider,System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Argument[this];taint;manual | | System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];Argument[this];taint;manual | -| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[0];ReturnValue;taint;manual | +| System.Text;StringBuilder;false;AppendLine;(System.Text.StringBuilder+AppendInterpolatedStringHandler);;Argument[this];ReturnValue;value;manual | | System.Text;StringBuilder;false;GetChunks;();;Argument[this];ReturnValue;taint;df-generated | | System.Text;StringBuilder;false;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);;Argument[this];Argument[0];taint;df-generated | | System.Text;StringBuilder;false;Insert;(System.Int32,System.Boolean);;Argument[this];ReturnValue;taint;df-generated |