diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 7232326f1b3d..474270e5a658 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -742,7 +742,7 @@ private Function getFunction(string namespace, string type, boolean subtypes, st elementSpec(namespace, type, subtypes, name, _, _) and ( funcHasQualifiedName(result, namespace, name) and - subtypes = false and + subtypes = [true, false] and type = "" or exists(Class namedClass, Class classWithMethod | @@ -990,7 +990,7 @@ private Element interpretElement0( elementSpec(namespace, type, subtypes, name, signature, _) and signature = "" and type = "" and - subtypes = false and + subtypes = [true, false] and result = any(GlobalOrNamespaceVariable v | v.hasQualifiedName(namespace, name)) } diff --git a/cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.expected b/cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.expected index e69de29bb2d1..72e39d88868a 100644 --- a/cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.expected +++ b/cpp/ql/test/library-tests/dataflow/models-as-data/interpretElement.expected @@ -0,0 +1 @@ +| tests.cpp:296:6:296:21 | subtypeNonSource | Unexpected result: interpretElement | diff --git a/cpp/ql/test/library-tests/dataflow/models-as-data/taint.expected b/cpp/ql/test/library-tests/dataflow/models-as-data/taint.expected index e69de29bb2d1..6a4419f21ee2 100644 --- a/cpp/ql/test/library-tests/dataflow/models-as-data/taint.expected +++ b/cpp/ql/test/library-tests/dataflow/models-as-data/taint.expected @@ -0,0 +1 @@ +| tests.cpp:340:11:340:26 | call to subtypeNonSource | Unexpected result: ir | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index e0002aa9c03f..d1e3a14e3f71 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -135,6 +135,7 @@ signatureMatches | stl.h:678:33:678:38 | format | std | (format_string,Args &&) | | format | 0 | | stl.h:678:33:678:38 | format | std | (format_string,Args &&) | | format | 1 | | stl.h:678:33:678:38 | format | std | (format_string,Args &&) | | format | 1 | +| taint.cpp:735:7:735:12 | malloc | | (size_t) | | malloc | 0 | | taint.cpp:847:5:847:11 | toupper | | (int) | | toupper | 0 | | taint.cpp:848:5:848:11 | tolower | | (int) | | tolower | 0 | getSignatureParameterName diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 1a067f2644bd..6ee082771ba8 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -3632,6 +3632,7 @@ summary | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.Int32);Argument[this];ReturnValue;taint;manual | | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.String);Argument[this];ReturnValue;taint;manual | | Microsoft.VisualBasic.FileIO;MalformedLineException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| Microsoft.VisualBasic.FileIO;MalformedLineException;ToString;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;Collection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | Microsoft.VisualBasic;Collection;Contains;(System.Object);Argument[0];Argument[this];taint;df-generated | @@ -3773,6 +3774,7 @@ summary | Newtonsoft.Json.Linq;JToken;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JValue;ToDateTime;(System.IFormatProvider);Argument[this];ReturnValue;value;df-generated | | Newtonsoft.Json.Linq;JValue;ToDecimal;(System.IFormatProvider);Argument[this];ReturnValue;value;df-generated | +| Newtonsoft.Json.Linq;JValue;ToString;();Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JValue;ToString;(System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | | Newtonsoft.Json.Linq;JValue;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | Newtonsoft.Json.Linq;JValue;ToType;(System.Type,System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | @@ -5352,6 +5354,7 @@ summary | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,ServiceStack.Script.Lisp+BuiltInFuncBody);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Sym;New;(System.String,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | +| ServiceStack.Script;LispEvalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Script;PageFormat;set_EncodeValue;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnExpressionException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnViewException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -5470,6 +5473,7 @@ summary | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span);Argument[this];Argument[0];taint;manual | +| ServiceStack.Text;RecyclableMemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.ReadOnlySpan);Argument[0].Element;Argument[this];taint;manual | @@ -5943,6 +5947,7 @@ summary | ServiceStack;IEventSubscription;set_OnUnsubscribe;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IEventSubscription;set_OnUnsubscribeAsync;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IServerEvents;QueueAsyncTask;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| ServiceStack;InfoException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;Inspect+Config;set_DumpTableFilter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;Inspect+Config;set_VarsFilter;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;InstanceMapper;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -6181,6 +6186,7 @@ summary | ServiceStack;UploadLocation;set_ValidateUpload;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlExtensions;ToUrl;(System.Object,System.String,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlResolverDelegate;BeginInvoke;(ServiceStack.IServiceClientMeta,System.String,System.String,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| ServiceStack;WebServiceException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;WebServiceException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | ServiceStack;WriteComplexTypeDelegate;BeginInvoke;(System.IO.TextWriter,System.String,System.Object,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | ServiceStack;X;Apply;(T,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -9610,6 +9616,7 @@ summary | System.ComponentModel;WarningException;WarningException;(System.String,System.String,System.String);Argument[1];Argument[this].Property[System.ComponentModel.WarningException.HelpUrl];value;dfc-generated | | System.ComponentModel;WarningException;WarningException;(System.String,System.String,System.String);Argument[2];Argument[this].Property[System.ComponentModel.WarningException.HelpTopic];value;dfc-generated | | System.ComponentModel;Win32Exception;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.ComponentModel;Win32Exception;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;CreateConfigurationContext;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamName;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | @@ -9759,6 +9766,7 @@ summary | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue.SyntheticField[System.Configuration.ConfigXmlWhitespace._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;dfc-generated | +| System.Configuration;ConfigXmlDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | | System.Configuration;ConfigXmlDocument;LoadSingleElement;(System.String,System.Xml.XmlTextReader);Argument[0];Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;LoadSingleElement;(System.String,System.Xml.XmlTextReader);Argument[1];Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._reader];taint;dfc-generated | | System.Configuration;ConfigXmlDocument;LoadSingleElement;(System.String,System.Xml.XmlTextReader);Argument[1];Argument[this];taint;dfc-generated | @@ -10459,7 +10467,10 @@ summary | System.Data.Entity.Core.EntityClient;EntityConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValue;(System.Int32);Argument[this];ReturnValue;taint;dfc-generated | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValues;(System.Object[]);Argument[this];Argument[0].Element;taint;dfc-generated | @@ -10951,8 +10962,11 @@ summary | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.SqlClient;SqlDataAdapter;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -10976,6 +10990,7 @@ summary | System.Data.SqlClient;SqlErrorCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.SqlClient;SqlErrorCollection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.Data.SqlClient;SqlException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data.SqlClient;SqlInfoMessageEventHandler;BeginInvoke;(System.Object,System.Data.SqlClient.SqlInfoMessageEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlParameter;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlParameterCollection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | @@ -11081,6 +11096,7 @@ summary | System.Data;DBConcurrencyException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[0];Argument[this];taint;df-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[2];Argument[this];taint;df-generated | +| System.Data;DataColumn;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumn;get_Table;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumnChangeEventArgs;DataColumnChangeEventArgs;(System.Data.DataRow,System.Data.DataColumn,System.Object);Argument[0];Argument[this].Property[System.Data.DataColumnChangeEventArgs.Row];value;dfc-generated | | System.Data;DataColumnChangeEventArgs;DataColumnChangeEventArgs;(System.Data.DataRow,System.Data.DataColumn,System.Object);Argument[1];Argument[this].SyntheticField[System.Data.DataColumnChangeEventArgs._column];value;dfc-generated | @@ -11242,6 +11258,7 @@ summary | System.Data;DataTable;Select;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String,System.Data.DataViewRowState);Argument[this];ReturnValue;taint;df-generated | +| System.Data;DataTable;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;WriteXml;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | | System.Data;DataTable;add_ColumnChanged;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data;DataTable;add_ColumnChanging;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -11826,6 +11843,7 @@ summary | System.Diagnostics;Process;Start;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;Process;Start;(System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;Process;Start;(System.String,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Diagnostics;Process;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;Process;add_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -11841,7 +11859,10 @@ summary | System.Diagnostics;Process;remove_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;dfc-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;dfc-generated | | System.Diagnostics;ProcessModule;get_FileName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;get_ModuleName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModuleCollection;CopyTo;(System.Diagnostics.ProcessModule[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | @@ -11970,6 +11991,7 @@ summary | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;value;df-generated | | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;value;dfc-generated | | System.Drawing.Printing;PageSettings;Clone;();Argument[this];ReturnValue;value;dfc-generated | +| System.Drawing.Printing;PrintDocument;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Drawing.Printing;PrintDocument;add_BeginPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_EndPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_PrintPage;(System.Drawing.Printing.PrintPageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -12716,9 +12738,11 @@ summary | System.IO;FileInfo;get_DirectoryName;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue;value;dfc-generated | | System.IO;FileInfo;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileLoadException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.IO;FileLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileLoadException;get_Message;();Argument[this].Property[System.IO.FileLoadException.FileName];Argument[this].SyntheticField[System.Exception._message];taint;dfc-generated | | System.IO;FileLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.IO;FileNotFoundException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.IO;FileNotFoundException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileNotFoundException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual | | System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0];taint;manual | @@ -15639,6 +15663,8 @@ summary | System.Net.Http.Headers;NameValueHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;get_Name;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;NameValueWithParametersHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | @@ -16913,6 +16939,7 @@ summary | System.Reflection.Emit;GenericTypeParameterBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;SetInterfaceConstraintsCore;(System.Type[]);Argument[0].Element;Argument[this];taint;df-generated | +| System.Reflection.Emit;GenericTypeParameterBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_Assembly;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_AssemblyQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_BaseType;();Argument[this];ReturnValue;taint;df-generated | @@ -17040,11 +17067,17 @@ summary | System.Reflection.Emit;ParameterBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Emit;ParameterBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;ParameterBuilder;get_Name;();Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;dfc-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[this];ReturnValue;taint;dfc-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];Argument[2];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;GetDynamicModuleCore;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;PersistedAssemblyBuilder;(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable);Argument[1];Argument[this];taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[0];Argument[this];taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;get_FullName;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;get_ManifestModule;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PropertyBuilder;AddOtherMethodCore;(System.Reflection.Emit.MethodBuilder);Argument[0];Argument[this];taint;df-generated | @@ -17162,6 +17195,7 @@ summary | System.Reflection.Emit;TypeBuilder;MakePointerType;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Emit;TypeBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[1];Argument[this];taint;df-generated | +| System.Reflection.Emit;TypeBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_Assembly;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_AssemblyQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_BaseType;();Argument[this];ReturnValue;taint;df-generated | @@ -17937,6 +17971,7 @@ summary | System.Reflection;ReflectionContext;MapAssembly;(System.Reflection.Assembly);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionContext;MapType;(System.Reflection.TypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionTypeLoadException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.Reflection;ReflectionTypeLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.Reflection;RuntimeReflectionExtensions;GetMethodInfo;(System.Delegate);Argument[0].Property[System.Delegate.Method];ReturnValue;value;dfc-generated | @@ -18249,6 +18284,7 @@ summary | System.Runtime.InteropServices;ArrayWithOffset;GetArray;();Argument[this].SyntheticField[System.Runtime.InteropServices.ArrayWithOffset.m_array];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CLong;CLong;(System.IntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];value;dfc-generated | | System.Runtime.InteropServices;CLong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;COMException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;CULong;CULong;(System.UIntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];value;dfc-generated | | System.Runtime.InteropServices;CULong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CollectionsMarshal;AsBytes;(System.Collections.BitArray);Argument[0].Element;ReturnValue;taint;df-generated | @@ -18264,6 +18300,7 @@ summary | System.Runtime.InteropServices;CriticalHandle;CriticalHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;CriticalHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;DllImportResolver;BeginInvoke;(System.String,System.Reflection.Assembly,System.Nullable,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| System.Runtime.InteropServices;ExternalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;GCHandle;FromIntPtr;(System.IntPtr);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.GCHandle._handle];value;dfc-generated | | System.Runtime.InteropServices;GCHandle;ToIntPtr;(System.Runtime.InteropServices.GCHandle);Argument[0].SyntheticField[System.Runtime.InteropServices.GCHandle._handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;GCHandle;FromIntPtr;(System.IntPtr);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.GCHandle`1._handle];value;dfc-generated | @@ -19260,6 +19297,7 @@ summary | System.Security;CodeAccessPermission;Intersect;(System.Security.IPermission);Argument[0];ReturnValue;value;dfc-generated | | System.Security;CodeAccessPermission;Union;(System.Security.IPermission);Argument[this];ReturnValue;taint;df-generated | | System.Security;HostProtectionException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.Security;HostProtectionException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Security;IPermission;Copy;();Argument[this];ReturnValue;value;dfc-generated | | System.Security;IPermission;Intersect;(System.Security.IPermission);Argument[0];ReturnValue;value;dfc-generated | | System.Security;IPermission;Union;(System.Security.IPermission);Argument[this];ReturnValue;taint;df-generated | @@ -19283,6 +19321,7 @@ summary | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._tag];ReturnValue;taint;dfc-generated | | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._text];ReturnValue;taint;dfc-generated | | System.Security;SecurityException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System.Security;SecurityException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.ServiceProcess;ServiceControllerPermissionEntryCollection;OnInsert;(System.Int32,System.Object);Argument[1];Argument[this];taint;df-generated | | System.ServiceProcess;ServiceControllerPermissionEntryCollection;OnSet;(System.Int32,System.Object,System.Object);Argument[2];Argument[this];taint;df-generated | | System.Text.Encodings.Web;TextEncoder;Encode;(System.IO.TextWriter,System.Char[],System.Int32,System.Int32);Argument[1].Element;Argument[0];taint;df-generated | @@ -22116,6 +22155,10 @@ summary | System.Xml;XmlDataDocument;GetElementFromRow;(System.Data.DataRow);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetElementsByTagName;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetRowFromElement;(System.Xml.XmlElement);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Xml;XmlDataDocument;Load;(System.IO.Stream);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.IO.TextReader);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.Xml.XmlReader);Argument[0];Argument[this];taint;manual | | System.Xml;XmlDataDocument;XmlDataDocument;(System.Data.DataSet);Argument[0];Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];value;dfc-generated | | System.Xml;XmlDataDocument;get_DataSet;();Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];ReturnValue;value;dfc-generated | | System.Xml;XmlDeclaration;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated | @@ -22982,6 +23025,7 @@ summary | System;AggregateException;Handle;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;dfc-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;hq-generated | +| System;AggregateException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;AggregateException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System;AggregateException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System;AppDomain;ApplyPolicy;(System.String);Argument[0];ReturnValue;value;dfc-generated | @@ -23128,6 +23172,7 @@ summary | System;BadImageFormatException;BadImageFormatException;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | | System;BadImageFormatException;BadImageFormatException;(System.String,System.String,System.Exception);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | | System;BadImageFormatException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | +| System;BadImageFormatException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;BadImageFormatException;get_FileName;();Argument[this].SyntheticField[System.BadImageFormatException._fileName];ReturnValue;value;dfc-generated | | System;BadImageFormatException;get_FusionLog;();Argument[this];ReturnValue;taint;df-generated | | System;BadImageFormatException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.expected deleted file mode 100644 index 55e9aed2e93c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.expected +++ /dev/null @@ -1,2 +0,0 @@ -testFailures -invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ext.yml deleted file mode 100644 index a50fb9449a35..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ext.yml +++ /dev/null @@ -1,16 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: sourceModel - data: - - ["github.com/nonexistent/test", "I1", False, "Source", "", "", "ReturnValue", "qltest", "manual"] - - addsTo: - pack: codeql/go-all - extensible: summaryModel - data: - - ["github.com/nonexistent/test", "I1", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/nonexistent/test", "I1", False, "Sink", "", "", "Argument[0]", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ql deleted file mode 100644 index c69cedce6e17..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I1_subtypes_false.ql +++ /dev/null @@ -1,25 +0,0 @@ -import go -import ModelValidation -import utils.test.InlineExpectationsTest -import MakeTest - -module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") } - - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") } -} - -module Flow = TaintTracking::Global; - -module FlowTest implements TestSig { - string getARelevantTag() { result = "I1[f]" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "I1[f]" and - exists(DataFlow::Node sink | Flow::flowTo(sink) | - sink.getLocation() = location and - element = sink.toString() and - value = "" - ) - } -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.expected deleted file mode 100644 index 55e9aed2e93c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.expected +++ /dev/null @@ -1,2 +0,0 @@ -testFailures -invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ext.yml deleted file mode 100644 index 660eb326eaaf..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ext.yml +++ /dev/null @@ -1,16 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: sourceModel - data: - - ["github.com/nonexistent/test", "I2", False, "Source", "", "", "ReturnValue", "qltest", "manual"] - - addsTo: - pack: codeql/go-all - extensible: summaryModel - data: - - ["github.com/nonexistent/test", "I2", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/nonexistent/test", "I2", False, "Sink", "", "", "Argument[0]", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ql deleted file mode 100644 index 254c75804934..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_I2_subtypes_false.ql +++ /dev/null @@ -1,25 +0,0 @@ -import go -import ModelValidation -import utils.test.InlineExpectationsTest -import MakeTest - -module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") } - - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") } -} - -module Flow = TaintTracking::Global; - -module FlowTest implements TestSig { - string getARelevantTag() { result = "I2[f]" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "I2[f]" and - exists(DataFlow::Node sink | Flow::flowTo(sink) | - sink.getLocation() = location and - element = sink.toString() and - value = "" - ) - } -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.expected deleted file mode 100644 index 55e9aed2e93c..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.expected +++ /dev/null @@ -1,2 +0,0 @@ -testFailures -invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ext.yml deleted file mode 100644 index 804a920b3242..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ext.yml +++ /dev/null @@ -1,18 +0,0 @@ -extensions: - - addsTo: - pack: codeql/go-all - extensible: sourceModel - data: - - ["github.com/nonexistent/test", "S1", False, "Source", "", "", "ReturnValue", "qltest", "manual"] - - ["github.com/nonexistent/test", "S1", False, "SourceField", "", "", "", "qltest", "manual"] - - addsTo: - pack: codeql/go-all - extensible: summaryModel - data: - - ["github.com/nonexistent/test", "S1", False, "Step", "", "", "Argument[0]", "ReturnValue", "value", "manual"] - - addsTo: - pack: codeql/go-all - extensible: sinkModel - data: - - ["github.com/nonexistent/test", "S1", False, "Sink", "", "", "Argument[0]", "qltest", "manual"] - - ["github.com/nonexistent/test", "S1", False, "SinkField", "", "", "", "qltest", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ql b/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ql deleted file mode 100644 index 62320657df27..000000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalFlowInheritance/mad_S1_subtypes_false.ql +++ /dev/null @@ -1,25 +0,0 @@ -import go -import ModelValidation -import utils.test.InlineExpectationsTest -import MakeTest - -module Config implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { sourceNode(source, "qltest") } - - predicate isSink(DataFlow::Node sink) { sinkNode(sink, "qltest") } -} - -module Flow = TaintTracking::Global; - -module FlowTest implements TestSig { - string getARelevantTag() { result = "S1[f]" } - - predicate hasActualResult(Location location, string element, string tag, string value) { - tag = "S1[f]" and - exists(DataFlow::Node sink | Flow::flowTo(sink) | - sink.getLocation() = location and - element = sink.toString() and - value = "" - ) - } -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected index f99ee92a4928..627f5d63b03f 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected @@ -3,9 +3,11 @@ invalidModelRow | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | +| test.go:41:8:41:16 | call to Src2 | qltest | | test.go:41:8:41:16 | call to Src2 | qltest-w-subtypes | | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | +| test.go:43:2:43:22 | ... = ...[0] | qltest | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | | test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected index 009238baa4d8..ad67c1440a38 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -3,9 +3,11 @@ invalidModelRow | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | +| test.go:41:8:41:16 | call to Src2 | qltest | | test.go:41:8:41:16 | call to Src2 | qltest-w-subtypes | | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | +| test.go:43:2:43:22 | ... = ...[0] | qltest | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | | test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | diff --git a/java/ql/test/library-tests/dataflow/external-models/srcs.expected b/java/ql/test/library-tests/dataflow/external-models/srcs.expected index 637deb94fba7..b358414460a5 100644 --- a/java/ql/test/library-tests/dataflow/external-models/srcs.expected +++ b/java/ql/test/library-tests/dataflow/external-models/srcs.expected @@ -7,6 +7,7 @@ invalidModelRow | A.java:7:9:7:16 | src1(...) | qltest-alt | | A.java:10:9:10:18 | src2(...) | qltest | | A.java:10:9:10:18 | src2(...) | qltest-w-subtypes | +| A.java:11:9:11:18 | src3(...) | qltest | | A.java:11:9:11:18 | src3(...) | qltest-w-subtypes | | A.java:13:5:13:13 | this <.method> [post update] | qltest-argany | | A.java:13:12:13:12 | x [post update] | qltest-argany | diff --git a/java/ql/test/query-tests/security/CWE-094/GroovyInjection/GroovyInjectionTest.expected b/java/ql/test/query-tests/security/CWE-094/GroovyInjection/GroovyInjectionTest.expected index 3a00c80a7043..7f7cc32905e7 100644 --- a/java/ql/test/query-tests/security/CWE-094/GroovyInjection/GroovyInjectionTest.expected +++ b/java/ql/test/query-tests/security/CWE-094/GroovyInjection/GroovyInjectionTest.expected @@ -14,6 +14,7 @@ | GroovyCompilationUnitTest.java:72:13:72:14 | cu | GroovyCompilationUnitTest.java:70:55:70:84 | getParameter(...) : String | GroovyCompilationUnitTest.java:72:13:72:14 | cu | Groovy script depends on a $@. | GroovyCompilationUnitTest.java:70:55:70:84 | getParameter(...) | user-provided value | | GroovyCompilationUnitTest.java:78:13:78:14 | cu | GroovyCompilationUnitTest.java:76:55:76:84 | getParameter(...) : String | GroovyCompilationUnitTest.java:78:13:78:14 | cu | Groovy script depends on a $@. | GroovyCompilationUnitTest.java:76:55:76:84 | getParameter(...) | user-provided value | | GroovyCompilationUnitTest.java:89:13:89:14 | cu | GroovyCompilationUnitTest.java:88:34:88:63 | getParameter(...) : String | GroovyCompilationUnitTest.java:89:13:89:14 | cu | Groovy script depends on a $@. | GroovyCompilationUnitTest.java:88:34:88:63 | getParameter(...) | user-provided value | +| GroovyCompilationUnitTest.java:94:13:94:14 | cu | GroovyCompilationUnitTest.java:93:34:93:63 | getParameter(...) : String | GroovyCompilationUnitTest.java:94:13:94:14 | cu | Groovy script depends on a $@. | GroovyCompilationUnitTest.java:93:34:93:63 | getParameter(...) | user-provided value | | GroovyEvalTest.java:15:21:15:26 | script | GroovyEvalTest.java:14:29:14:58 | getParameter(...) : String | GroovyEvalTest.java:15:21:15:26 | script | Groovy script depends on a $@. | GroovyEvalTest.java:14:29:14:58 | getParameter(...) | user-provided value | | GroovyEvalTest.java:20:39:20:44 | script | GroovyEvalTest.java:19:29:19:58 | getParameter(...) : String | GroovyEvalTest.java:20:39:20:44 | script | Groovy script depends on a $@. | GroovyEvalTest.java:19:29:19:58 | getParameter(...) | user-provided value | | GroovyEvalTest.java:25:31:25:36 | script | GroovyEvalTest.java:24:29:24:58 | getParameter(...) : String | GroovyEvalTest.java:25:31:25:36 | script | Groovy script depends on a $@. | GroovyEvalTest.java:24:29:24:58 | getParameter(...) | user-provided value | @@ -93,6 +94,8 @@ edges | GroovyCompilationUnitTest.java:77:26:77:27 | su : SourceUnit | GroovyCompilationUnitTest.java:77:13:77:14 | cu [post update] : CompilationUnit | provenance | Config | | GroovyCompilationUnitTest.java:88:13:88:14 | cu [post update] : JavaAwareCompilationUnit | GroovyCompilationUnitTest.java:89:13:89:14 | cu | provenance | Sink:MaD:32 | | GroovyCompilationUnitTest.java:88:34:88:63 | getParameter(...) : String | GroovyCompilationUnitTest.java:88:13:88:14 | cu [post update] : JavaAwareCompilationUnit | provenance | Src:MaD:33 Config | +| GroovyCompilationUnitTest.java:93:13:93:14 | cu [post update] : JavaStubCompilationUnit | GroovyCompilationUnitTest.java:94:13:94:14 | cu | provenance | Sink:MaD:32 | +| GroovyCompilationUnitTest.java:93:34:93:63 | getParameter(...) : String | GroovyCompilationUnitTest.java:93:13:93:14 | cu [post update] : JavaStubCompilationUnit | provenance | Src:MaD:33 Config | | GroovyEvalTest.java:14:29:14:58 | getParameter(...) : String | GroovyEvalTest.java:15:21:15:26 | script | provenance | Src:MaD:33 Sink:MaD:27 | | GroovyEvalTest.java:19:29:19:58 | getParameter(...) : String | GroovyEvalTest.java:20:39:20:44 | script | provenance | Src:MaD:33 Sink:MaD:28 | | GroovyEvalTest.java:24:29:24:58 | getParameter(...) : String | GroovyEvalTest.java:25:31:25:36 | script | provenance | Src:MaD:33 Sink:MaD:29 | @@ -246,6 +249,9 @@ nodes | GroovyCompilationUnitTest.java:88:13:88:14 | cu [post update] : JavaAwareCompilationUnit | semmle.label | cu [post update] : JavaAwareCompilationUnit | | GroovyCompilationUnitTest.java:88:34:88:63 | getParameter(...) : String | semmle.label | getParameter(...) : String | | GroovyCompilationUnitTest.java:89:13:89:14 | cu | semmle.label | cu | +| GroovyCompilationUnitTest.java:93:13:93:14 | cu [post update] : JavaStubCompilationUnit | semmle.label | cu [post update] : JavaStubCompilationUnit | +| GroovyCompilationUnitTest.java:93:34:93:63 | getParameter(...) : String | semmle.label | getParameter(...) : String | +| GroovyCompilationUnitTest.java:94:13:94:14 | cu | semmle.label | cu | | GroovyEvalTest.java:14:29:14:58 | getParameter(...) : String | semmle.label | getParameter(...) : String | | GroovyEvalTest.java:15:21:15:26 | script | semmle.label | script | | GroovyEvalTest.java:19:29:19:58 | getParameter(...) : String | semmle.label | getParameter(...) : String | @@ -325,3 +331,6 @@ nodes | TemplateEngineTest.java:24:35:24:49 | (...)... | semmle.label | (...)... | | TemplateEngineTest.java:25:35:25:46 | (...)... | semmle.label | (...)... | subpaths +testFailures +| GroovyCompilationUnitTest.java:93:34:93:63 | getParameter(...) : String | Unexpected result: Source | +| GroovyCompilationUnitTest.java:94:13:94:14 | cu | Unexpected result: Alert | diff --git a/java/ql/test/query-tests/security/CWE-094/MvelInjection/MvelInjectionTest.expected b/java/ql/test/query-tests/security/CWE-094/MvelInjection/MvelInjectionTest.expected index eb2034ab06de..f4fd695172b9 100644 --- a/java/ql/test/query-tests/security/CWE-094/MvelInjection/MvelInjectionTest.expected +++ b/java/ql/test/query-tests/security/CWE-094/MvelInjection/MvelInjectionTest.expected @@ -25,6 +25,7 @@ edges | MvelInjectionTest.java:41:37:41:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:41:37:41:54 | compile(...) : CompiledExpression | provenance | Config | | MvelInjectionTest.java:41:37:41:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:42:5:42:14 | expression | provenance | Sink:MaD:4 | | MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | MvelInjectionTest.java:48:5:48:14 | expression | provenance | Sink:MaD:3 | +| MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | MvelInjectionTest.java:48:5:48:14 | expression | provenance | Sink:MaD:5 | | MvelInjectionTest.java:47:35:47:46 | read(...) : String | MvelInjectionTest.java:47:35:47:60 | toCharArray(...) : char[] | provenance | MaD:16 | | MvelInjectionTest.java:47:35:47:60 | toCharArray(...) : char[] | MvelInjectionTest.java:47:9:47:96 | new CompiledAccExpression(...) : CompiledAccExpression | provenance | Config | | MvelInjectionTest.java:52:20:52:31 | read(...) : String | MvelInjectionTest.java:55:52:55:56 | input : String | provenance | | @@ -37,6 +38,7 @@ edges | MvelInjectionTest.java:64:58:64:69 | read(...) : String | MvelInjectionTest.java:64:35:64:70 | new ExpressionCompiler(...) : ExpressionCompiler | provenance | Config | | MvelInjectionTest.java:65:37:65:44 | compiler : ExpressionCompiler | MvelInjectionTest.java:65:37:65:54 | compile(...) : CompiledExpression | provenance | Config | | MvelInjectionTest.java:65:37:65:54 | compile(...) : CompiledExpression | MvelInjectionTest.java:66:64:66:72 | statement : CompiledExpression | provenance | | +| MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | MvelInjectionTest.java:67:5:67:10 | script | provenance | Sink:MaD:1 | | MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | MvelInjectionTest.java:67:5:67:10 | script | provenance | Sink:MaD:6 | | MvelInjectionTest.java:66:64:66:72 | statement : CompiledExpression | MvelInjectionTest.java:66:33:66:73 | new MvelCompiledScript(...) : MvelCompiledScript | provenance | Config | | MvelInjectionTest.java:75:62:75:73 | read(...) : String | MvelInjectionTest.java:75:29:75:74 | compileTemplate(...) | provenance | Config Sink:MaD:9 | diff --git a/shared/mad/codeql/mad/static/ModelsAsData.qll b/shared/mad/codeql/mad/static/ModelsAsData.qll index 84daaa9b6c86..7d24b04745d1 100644 --- a/shared/mad/codeql/mad/static/ModelsAsData.qll +++ b/shared/mad/codeql/mad/static/ModelsAsData.qll @@ -194,15 +194,16 @@ module ModelsAsData { string namespace, string type, boolean subtypes, string name, string signature, string ext, string output, string kind, string provenance, string model ) { + subtypes = true and exists(string namespaceOrGroup | namespace = getNamespace(namespaceOrGroup) | exists(QlBuiltins::ExtensionId madId | - Extensions::sourceModel(namespaceOrGroup, type, subtypes, name, signature, ext, output, - kind, provenance, madId) and + Extensions::sourceModel(namespaceOrGroup, type, _, name, signature, ext, output, kind, + provenance, madId) and model = "MaD:" + madId.toString() ) or - Input::additionalSourceModel(namespaceOrGroup, type, subtypes, name, signature, ext, output, - kind, provenance, model) + Input::additionalSourceModel(namespaceOrGroup, type, _, name, signature, ext, output, kind, + provenance, model) ) } @@ -213,15 +214,16 @@ module ModelsAsData { string namespace, string type, boolean subtypes, string name, string signature, string ext, string input, string kind, string provenance, string model ) { + subtypes = true and exists(string namespaceOrGroup | namespace = getNamespace(namespaceOrGroup) | exists(QlBuiltins::ExtensionId madId | - Extensions::sinkModel(namespaceOrGroup, type, subtypes, name, signature, ext, input, kind, + Extensions::sinkModel(namespaceOrGroup, type, _, name, signature, ext, input, kind, provenance, madId) and model = "MaD:" + madId.toString() ) or - Input::additionalSinkModel(namespaceOrGroup, type, subtypes, name, signature, ext, input, - kind, provenance, model) + Input::additionalSinkModel(namespaceOrGroup, type, _, name, signature, ext, input, kind, + provenance, model) ) } @@ -230,9 +232,10 @@ module ModelsAsData { string namespace, string type, boolean subtypes, string name, string signature, string ext, string output, string kind, string provenance, string model ) { + subtypes = true and exists(string namespaceOrGroup, QlBuiltins::ExtensionId madId | namespace = getNamespace(namespaceOrGroup) and - Extensions::barrierModel(namespaceOrGroup, type, subtypes, name, signature, ext, output, kind, + Extensions::barrierModel(namespaceOrGroup, type, _, name, signature, ext, output, kind, provenance, madId) and model = "MaD:" + madId.toString() ) @@ -243,9 +246,10 @@ module ModelsAsData { string namespace, string type, boolean subtypes, string name, string signature, string ext, string input, string acceptingvalue, string kind, string provenance, string model ) { + subtypes = true and exists(string namespaceOrGroup, QlBuiltins::ExtensionId madId | namespace = getNamespace(namespaceOrGroup) and - Extensions::barrierGuardModel(namespaceOrGroup, type, subtypes, name, signature, ext, input, + Extensions::barrierGuardModel(namespaceOrGroup, type, _, name, signature, ext, input, acceptingvalue, kind, provenance, madId) and model = "MaD:" + madId.toString() ) @@ -258,15 +262,16 @@ module ModelsAsData { string namespace, string type, boolean subtypes, string name, string signature, string ext, string input, string output, string kind, string provenance, string model ) { + subtypes = true and exists(string namespaceOrGroup | namespace = getNamespace(namespaceOrGroup) | exists(QlBuiltins::ExtensionId madId | - Extensions::summaryModel(namespaceOrGroup, type, subtypes, name, signature, ext, input, - output, kind, provenance, madId) and + Extensions::summaryModel(namespaceOrGroup, type, _, name, signature, ext, input, output, + kind, provenance, madId) and model = "MaD:" + madId.toString() ) or - Input::additionalSummaryModel(namespaceOrGroup, type, subtypes, name, signature, ext, input, - output, kind, provenance, model) + Input::additionalSummaryModel(namespaceOrGroup, type, _, name, signature, ext, input, output, + kind, provenance, model) ) }