From fe9feb900d8351b380c716c837b7500d9477e808 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:29:26 +0000 Subject: [PATCH 01/65] C++: We will need all these types. --- .../dataflow/taint-tests/atl.cpp | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp new file mode 100644 index 000000000000..58a00385c33c --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -0,0 +1,65 @@ +namespace { + template T source(); + template T* indirect_source(); + void sink(...); +} + +typedef unsigned int UINT; +typedef long LONG; +typedef void* LPVOID; +typedef void* PVOID; +typedef bool BOOL; +typedef char* PSTR, *LPSTR; +typedef const char* LPCTSTR; +typedef unsigned short WORD; +typedef unsigned long DWORD; +typedef void* HANDLE; +typedef LONG HRESULT; +typedef unsigned long ULONG; +typedef const char* LPCSTR; +typedef wchar_t OLECHAR; +typedef OLECHAR* LPOLESTR; +typedef const LPOLESTR LPCOLESTR; +typedef OLECHAR* BSTR; +typedef wchar_t* LPWSTR, *PWSTR; +typedef BSTR* LPBSTR; +typedef unsigned short USHORT; +typedef char *LPTSTR; +struct __POSITION { int unused; };typedef __POSITION* POSITION; +typedef WORD ATL_URL_PORT; + +enum ATL_URL_SCHEME{ + ATL_URL_SCHEME_UNKNOWN = -1, + ATL_URL_SCHEME_FTP = 0, + ATL_URL_SCHEME_GOPHER = 1, + ATL_URL_SCHEME_HTTP = 2, + ATL_URL_SCHEME_HTTPS = 3, + ATL_URL_SCHEME_FILE = 4, + ATL_URL_SCHEME_NEWS = 5, + ATL_URL_SCHEME_MAILTO = 6, + ATL_URL_SCHEME_SOCKS = 7 +}; + +using HINSTANCE = void*; +using size_t = decltype(sizeof(int)); +using SIZE_T = size_t; + +#define NULL nullptr + +typedef struct tagSAFEARRAYBOUND { + ULONG cElements; + LONG lLbound; +} SAFEARRAYBOUND, *LPSAFEARRAYBOUND; + +typedef struct tagVARIANT { + /* ... */ +} VARIANT; + +typedef struct tagSAFEARRAY { + USHORT cDims; + USHORT fFeatures; + ULONG cbElements; + ULONG cLocks; + PVOID pvData; + SAFEARRAYBOUND rgsabound[1]; +} SAFEARRAY, *LPSAFEARRAY; From 16e5fa34d17ae874926ac8aa8c6b8d983e547aa1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:30:31 +0000 Subject: [PATCH 02/65] C++: Add failing tests with U_STRINGorID. --- .../dataflow/external-models/flow.expected | 10 ++++----- .../external-models/validatemodels.expected | 21 +++++++++++++++++++ .../dataflow/taint-tests/atl.cpp | 21 +++++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 7 +++++++ 4 files changed, 54 insertions(+), 5 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index a3d09178f2c3..d1e895f2eafb 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:819 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:817 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:818 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:818 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:819 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 2e0a493585c6..b02760131065 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -1,8 +1,27 @@ +| Dubious member name "operator +=" in summary model. | +| Dubious member name "operator BSTR" in summary model. | +| Dubious member name "operator LPCSTR" in summary model. | +| Dubious member name "operator LPSAFEARRAY" in summary model. | +| Dubious member name "operator LPSTR" in summary model. | +| Dubious member name "operator LPWSTR" in summary model. | +| Dubious member name "operator PCXSTR" in summary model. | +| Dubious member name "operator StringType&" in summary model. | +| Dubious member name "operator T*" in summary model. | +| Dubious member name "operator const StringType&" in summary model. | +| Dubious member name "operator&" in summary model. | | Dubious member name "operator*" in summary model. | +| Dubious member name "operator+=" in summary model. | | Dubious member name "operator->" in summary model. | | Dubious member name "operator=" in summary model. | | Dubious member name "operator[]" in summary model. | +| Dubious signature "(CRegKey&)" in summary model. | +| Dubious signature "(DWORD&,LPCTSTR)" in summary model. | | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | +| Dubious signature "(const CComBSTR&)" in summary model. | +| Dubious signature "(const CComSafeArray&)" in summary model. | +| Dubious signature "(const SAFEARRAY&)" in summary model. | +| Dubious signature "(const SAFEARRAY*)" in summary model. | +| Dubious signature "(const SAFEARRAYBOUND*, UINT)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | | Dubious signature "(const forward_list &)" in summary model. | @@ -25,3 +44,5 @@ | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. | | Dubious signature "(vector &&)" in summary model. | | Dubious signature "(vector &&,const Allocator &)" in summary model. | +| Dubious signature "operator HKEY" in summary model. | +| Dubious signature "operator=" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 58a00385c33c..54e8c65f4c76 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -63,3 +63,24 @@ typedef struct tagSAFEARRAY { PVOID pvData; SAFEARRAYBOUND rgsabound[1]; } SAFEARRAY, *LPSAFEARRAY; + +struct _U_STRINGorID { + _U_STRINGorID(UINT nID); + _U_STRINGorID(LPCTSTR lpString); + + LPCTSTR m_lpstr; +}; + +void test__U_STRINGorID() { + { + UINT x = source(); + _U_STRINGorID u(x); + sink(u.m_lpstr); // $ MISSING: ir + } + + { + LPCTSTR y = indirect_source(); + _U_STRINGorID u(y); + sink(u.m_lpstr); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index b5ddf84747ae..7809703f9c80 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -140,6 +140,13 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT | | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | | | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT | +| atl.cpp:32:30:32:30 | 1 | atl.cpp:32:29:32:30 | - ... | TAINT | +| atl.cpp:76:14:76:25 | call to source | atl.cpp:77:21:77:21 | x | | +| atl.cpp:77:21:77:21 | x | atl.cpp:77:21:77:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:77:21:77:22 | call to _U_STRINGorID | atl.cpp:78:10:78:10 | u | | +| atl.cpp:82:17:82:43 | call to indirect_source | atl.cpp:83:21:83:21 | y | | +| atl.cpp:83:21:83:21 | y | atl.cpp:83:21:83:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:83:21:83:22 | call to _U_STRINGorID | atl.cpp:84:10:84:10 | u | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From bf36f00bb0d2c6f75b698628611314abee7c4c39 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:50:30 +0000 Subject: [PATCH 03/65] C++: Add model. Observe that flow still fails. --- cpp/ql/lib/ext/CA2CAEX.model.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 cpp/ql/lib/ext/CA2CAEX.model.yml diff --git a/cpp/ql/lib/ext/CA2CAEX.model.yml b/cpp/ql/lib/ext/CA2CAEX.model.yml new file mode 100644 index 000000000000..f199d1fddead --- /dev/null +++ b/cpp/ql/lib/ext/CA2CAEX.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] From f688470324a5e4e5432c260fee776831e16cf886 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:53:24 +0000 Subject: [PATCH 04/65] C++: Since isConstructedFrom only holds for templates we need to explicitly handle the case where the function (or class) is not a template. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 20 +++++++++++++++---- .../dataflow/taint-tests/atl.cpp | 4 ++-- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 49610b7c85b6..ec25b08856c8 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -434,18 +434,30 @@ private predicate elementSpec( summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _) } +private predicate isClassConstructedFrom(Class c, Class templateClass) { + c.isConstructedFrom(templateClass) + or + not any(Class c_).isConstructedFrom(templateClass) and c = templateClass +} + +private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { + f.isConstructedFrom(templateFunc) + or + not any(Function f_).isConstructedFrom(templateFunc) and f = templateFunc +} + /** Gets the fully templated version of `f`. */ private Function getFullyTemplatedFunction(Function f) { not f.isFromUninstantiatedTemplate(_) and ( exists(Class c, Class templateClass, int i | - c.isConstructedFrom(templateClass) and + isClassConstructedFrom(c, templateClass) and f = c.getAMember(i) and result = templateClass.getCanonicalMember(i) ) or not exists(f.getDeclaringType()) and - f.isConstructedFrom(result) + isFunctionConstructedFrom(f, result) ) } @@ -489,7 +501,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) { // If there is a declaring type then we start by expanding the function templates exists(Class template | - f.getDeclaringType().isConstructedFrom(template) and + isClassConstructedFrom(f.getDeclaringType(), template) and remaining = template.getNumberOfTemplateArguments() and result = getTypeNameWithoutFunctionTemplates(f, n, 0) ) @@ -501,7 +513,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining or exists(string mid, TemplateParameter tp, Class template | mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and - f.getDeclaringType().isConstructedFrom(template) and + isClassConstructedFrom(f.getDeclaringType(), template) and tp = template.getTemplateArgument(remaining) and result = mid.replaceAll(tp.getName(), "class:" + remaining.toString()) ) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 54e8c65f4c76..c0507d3032d3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -75,12 +75,12 @@ void test__U_STRINGorID() { { UINT x = source(); _U_STRINGorID u(x); - sink(u.m_lpstr); // $ MISSING: ir + sink(u.m_lpstr); // $ ir } { LPCTSTR y = indirect_source(); _U_STRINGorID u(y); - sink(u.m_lpstr); // $ MISSING: ir + sink(u.m_lpstr); // $ ir } } From 749602c98216cc08223d55a9f00443517279af9a Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:54:54 +0000 Subject: [PATCH 05/65] C++: Add failing tests with CA2AEX and friends. --- .../dataflow/taint-tests/atl.cpp | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index c0507d3032d3..d05a2f22a01f 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -84,3 +84,85 @@ void test__U_STRINGorID() { sink(u.m_lpstr); // $ ir } } + +template +struct CA2AEX { + LPSTR m_psz; + char m_szBuffer[t_nBufferLength]; + + CA2AEX(LPCSTR psz, UINT nCodePage); + CA2AEX(LPCSTR psz); + + ~CA2AEX(); + + operator LPSTR() const throw(); +}; + +void test_CA2AEX() { + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_szBuffer); // $ MISSING: ir + } + + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x, 0); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_szBuffer); // $ MISSING: ir + } +} + +template +struct CA2CAEX { + CA2CAEX(LPCSTR psz, UINT nCodePage) ; + CA2CAEX(LPCSTR psz) ; + ~CA2CAEX() throw(); + operator LPCSTR() const throw(); + LPCSTR m_psz; +}; + +void test_CA2CAEX() { + LPCSTR x = indirect_source(); + { + CA2CAEX<128> a(x); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + } + { + CA2CAEX<128> a(x, 0); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + } +} + +template +struct CA2WEX { + CA2WEX(LPCSTR psz, UINT nCodePage) ; + CA2WEX(LPCSTR psz) ; + ~CA2WEX() throw(); + operator LPWSTR() const throw(); + LPWSTR m_psz; + wchar_t m_szBuffer[t_nBufferLength]; +}; + +void test_CA2WEX() { + LPCSTR x = indirect_source(); + { + CA2WEX<128> a(x); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + } + { + CA2WEX<128> a(x, 0); + sink(static_cast(a)); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ MISSING: ir + } +} From 763b991408c56341c4643dd117c0c7682dd2abd6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 17:56:32 +0000 Subject: [PATCH 06/65] C++: Add models. --- cpp/ql/lib/ext/CA2CAEX.model.yml | 11 +++++++++++ cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../code/cpp/models/implementations/CA2AEX.qll | 17 +++++++++++++++++ 3 files changed, 29 insertions(+) create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll diff --git a/cpp/ql/lib/ext/CA2CAEX.model.yml b/cpp/ql/lib/ext/CA2CAEX.model.yml index f199d1fddead..ee1d53a537cb 100644 --- a/cpp/ql/lib/ext/CA2CAEX.model.yml +++ b/cpp/ql/lib/ext/CA2CAEX.model.yml @@ -5,3 +5,14 @@ extensions: data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index f6776a623ffe..bb63416eaefa 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -50,3 +50,4 @@ private import implementations.System private import implementations.StructuredExceptionHandling private import implementations.ZMQ private import implementations.Win32CommandExecution +private import implementations.CA2AEX diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll new file mode 100644 index 000000000000..595b6e3bb3eb --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll @@ -0,0 +1,17 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** + * The `CA2AEX` (and related) classes from the Windows Active Template library. + */ +class Ca2Aex extends Class { + Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) } +} + +private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + Ca2AexTaintInheritingContent() { + // The two members m_psz and m_szBuffer + this.getField().getDeclaringType() instanceof Ca2Aex + } +} From 2c7d0dec7d4384a47a49448e1387c7bdd0e9abf0 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 18:01:33 +0000 Subject: [PATCH 07/65] C++: Accept test changes. --- .../dataflow/taint-tests/atl.cpp | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index d05a2f22a01f..5f0f12b31f8e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -103,16 +103,16 @@ void test_CA2AEX() { LPSTR x = indirect_source(); CA2AEX<128> a(x); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_szBuffer); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir } { LPSTR x = indirect_source(); CA2AEX<128> a(x, 0); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_szBuffer); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir } } @@ -130,14 +130,14 @@ void test_CA2CAEX() { { CA2CAEX<128> a(x); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir } { CA2CAEX<128> a(x, 0); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir } } @@ -156,13 +156,13 @@ void test_CA2WEX() { { CA2WEX<128> a(x); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir } { CA2WEX<128> a(x, 0); sink(static_cast(a)); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir - sink(a.m_psz); // $ MISSING: ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir } } From c00f84d74a0f209b4e25c2d080e0758845914940 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 18:03:30 +0000 Subject: [PATCH 08/65] C++: Work around the 'wrong' function name for conversion operators. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index ec25b08856c8..ac10651b5519 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -754,6 +754,22 @@ private predicate elementSpecMatchesSignature( signatureMatches(func, signature, type, name, 0) } +/** + * Holds when `method` has name `nameWithoutArgs`, and gets the enclosing + * class of `method`. Unlike `method.getClassAndName` this predicate does + * not strip typedefs from the name when `method` is an `ConversionOperator`. + */ +bindingset[nameWithoutArgs] +pragma[inline_late] +private Class getClassAndNameImpl(Function method, string nameWithoutArgs) { + exists(string memberName | result = method.getClassAndName(memberName) | + nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType() + or + not method instanceof ConversionOperator and + memberName = nameWithoutArgs + ) +} + /** * Holds if `classWithMethod` has `method` named `name` (excluding any * template parameters). @@ -763,7 +779,7 @@ pragma[inline_late] private predicate hasClassAndName(Class classWithMethod, Function method, string name) { exists(string nameWithoutArgs | parseAngles(name, nameWithoutArgs, _, "") and - classWithMethod = method.getClassAndName(nameWithoutArgs) + classWithMethod = getClassAndNameImpl(method, nameWithoutArgs) ) } From 4f2cd81f9e7956999ba2407adad3c9ef9fd64ce3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 26 Nov 2024 18:04:59 +0000 Subject: [PATCH 09/65] C++: Accept test changes. --- .../test/library-tests/dataflow/taint-tests/atl.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 5f0f12b31f8e..7396d4fce9ad 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -102,7 +102,7 @@ void test_CA2AEX() { { LPSTR x = indirect_source(); CA2AEX<128> a(x); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_szBuffer); // $ ir } @@ -110,7 +110,7 @@ void test_CA2AEX() { { LPSTR x = indirect_source(); CA2AEX<128> a(x, 0); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_szBuffer); // $ ir } @@ -129,13 +129,13 @@ void test_CA2CAEX() { LPCSTR x = indirect_source(); { CA2CAEX<128> a(x); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_psz); // $ ir } { CA2CAEX<128> a(x, 0); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_psz); // $ ir } @@ -155,13 +155,13 @@ void test_CA2WEX() { LPCSTR x = indirect_source(); { CA2WEX<128> a(x); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_psz); // $ ir } { CA2WEX<128> a(x, 0); - sink(static_cast(a)); // $ MISSING: ir + sink(static_cast(a)); // $ ir sink(a.m_psz); // $ ir sink(a.m_psz); // $ ir } From 1cd426e9f96af085c4e33e66a1dbe49eb33c6fae Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 11:31:53 +0000 Subject: [PATCH 10/65] C++: Add failing tests with 'CAtlArray'. --- .../dataflow/taint-tests/atl.cpp | 83 ++++++++++ .../dataflow/taint-tests/localTaint.expected | 145 ++++++++++++++++++ 2 files changed, 228 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 7396d4fce9ad..c26966c908e4 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -166,3 +166,86 @@ void test_CA2WEX() { sink(a.m_psz); // $ ir } } + +template +struct CElementTraitsBase { + typedef const T& INARGTYPE; + typedef T& OUTARGTYPE; + + static void CopyElements(T* pDest, const T* pSrc, size_t nElements); + static void RelocateElements(T* pDest, T* pSrc, size_t nElements); +}; + +template +struct CDefaultElementTraits : public CElementTraitsBase {}; + +template +struct CElementTraits : public CDefaultElementTraits {}; + +template> +struct CAtlArray { + using INARGTYPE = typename ETraits::INARGTYPE; + using OUTARGTYPE = typename ETraits::OUTARGTYPE; + + CAtlArray() throw(); + ~CAtlArray() throw(); + + size_t Add(INARGTYPE element); + size_t Add(); + size_t Append(const CAtlArray& aSrc); + void Copy(const CAtlArray& aSrc); + const E& GetAt(size_t iElement) const throw(); + E& GetAt(size_t iElement) throw(); + size_t GetCount() const throw(); + E* GetData() throw(); + const E* GetData() const throw(); + void InsertArrayAt(size_t iStart, const CAtlArray* paNew); + void InsertAt(size_t iElement, INARGTYPE element, size_t nCount); + bool IsEmpty() const throw(); + void RemoveAll() throw(); + void RemoveAt(size_t iElement, size_t nCount); + void SetAt(size_t iElement, INARGTYPE element); + void SetAtGrow(size_t iElement, INARGTYPE element); + bool SetCount(size_t nNewSize, int nGrowBy); + E& operator[](size_t ielement) throw(); + const E& operator[](size_t ielement) const throw(); +}; + +void test_CAtlArray() { + int x = source(); + + { + CAtlArray a; + a.Add(x); + sink(a[0]); // $ MISSING: ir + a.Add(0); + sink(a[0]); // $ MISSING: ir + + CAtlArray a2; + sink(a2[0]); + a2.Append(a); + sink(a2[0]); // $ MISSING: ir + + CAtlArray a3; + sink(a3[0]); + a3.Copy(a2); + sink(a3[0]); // $ MISSING: ir + + sink(a3.GetAt(0)); // $ MISSING: ir + sink(*a3.GetData()); // $ MISSING: ir + + CAtlArray a4; + sink(a4.GetAt(0)); + a4.InsertArrayAt(0, &a3); + sink(a4.GetAt(0)); // $ MISSING: ir + } + { + CAtlArray a5; + a5.InsertAt(0, source(), 1); + sink(a5[0]); // $ MISSING: ir + + CAtlArray a6; + a6.SetAtGrow(0, source()); + sink(a6[0]); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 7809703f9c80..cd0b25deb453 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -147,6 +147,151 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:82:17:82:43 | call to indirect_source | atl.cpp:83:21:83:21 | y | | | atl.cpp:83:21:83:21 | y | atl.cpp:83:21:83:22 | call to _U_STRINGorID | TAINT | | atl.cpp:83:21:83:22 | call to _U_STRINGorID | atl.cpp:84:10:84:10 | u | | +| atl.cpp:103:15:103:35 | call to indirect_source | atl.cpp:104:19:104:19 | x | | +| atl.cpp:104:19:104:19 | x | atl.cpp:104:19:104:20 | call to CA2AEX | TAINT | +| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:105:29:105:29 | a | | +| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:106:10:106:10 | a | | +| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | | +| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:108:3:108:3 | a | | +| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:106:10:106:10 | a | | +| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:107:10:107:10 | a | | +| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:108:3:108:3 | a | | +| atl.cpp:106:10:106:10 | a [post update] | atl.cpp:107:10:107:10 | a | | +| atl.cpp:106:10:106:10 | a [post update] | atl.cpp:108:3:108:3 | a | | +| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:3:108:3 | a | | +| atl.cpp:111:15:111:35 | call to indirect_source | atl.cpp:112:19:112:19 | x | | +| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:113:29:113:29 | a | | +| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:114:10:114:10 | a | | +| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | | +| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:116:3:116:3 | a | | +| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:114:10:114:10 | a | | +| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:115:10:115:10 | a | | +| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:116:3:116:3 | a | | +| atl.cpp:114:10:114:10 | a [post update] | atl.cpp:115:10:115:10 | a | | +| atl.cpp:114:10:114:10 | a [post update] | atl.cpp:116:3:116:3 | a | | +| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:3:116:3 | a | | +| atl.cpp:129:14:129:34 | call to indirect_source | atl.cpp:131:20:131:20 | x | | +| atl.cpp:129:14:129:34 | call to indirect_source | atl.cpp:137:20:137:20 | x | | +| atl.cpp:131:20:131:20 | x | atl.cpp:131:20:131:21 | call to CA2CAEX | TAINT | +| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:132:30:132:30 | a | | +| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:133:10:133:10 | a | | +| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | | +| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:135:3:135:3 | a | | +| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:138:30:138:30 | a | | +| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:139:10:139:10 | a | | +| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | | +| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:141:3:141:3 | a | | +| atl.cpp:155:14:155:34 | call to indirect_source | atl.cpp:157:19:157:19 | x | | +| atl.cpp:155:14:155:34 | call to indirect_source | atl.cpp:163:19:163:19 | x | | +| atl.cpp:157:19:157:19 | x | atl.cpp:157:19:157:20 | call to CA2WEX | TAINT | +| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:158:30:158:30 | a | | +| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:159:10:159:10 | a | | +| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | | +| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:161:3:161:3 | a | | +| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:159:10:159:10 | a | | +| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:160:10:160:10 | a | | +| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:161:3:161:3 | a | | +| atl.cpp:159:10:159:10 | a [post update] | atl.cpp:160:10:160:10 | a | | +| atl.cpp:159:10:159:10 | a [post update] | atl.cpp:161:3:161:3 | a | | +| atl.cpp:159:12:159:16 | ref arg m_psz | atl.cpp:160:12:160:16 | m_psz | | +| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:3:161:3 | a | | +| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:164:30:164:30 | a | | +| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:165:10:165:10 | a | | +| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | | +| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:167:3:167:3 | a | | +| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:165:10:165:10 | a | | +| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:166:10:166:10 | a | | +| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:167:3:167:3 | a | | +| atl.cpp:165:10:165:10 | a [post update] | atl.cpp:166:10:166:10 | a | | +| atl.cpp:165:10:165:10 | a [post update] | atl.cpp:167:3:167:3 | a | | +| atl.cpp:165:12:165:16 | ref arg m_psz | atl.cpp:166:12:166:16 | m_psz | | +| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:3:167:3 | a | | +| atl.cpp:215:11:215:21 | call to source | atl.cpp:219:11:219:11 | x | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:219:5:219:5 | a | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:220:10:220:10 | a | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:221:5:221:5 | a | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:222:10:222:10 | a | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:226:15:226:15 | a | | +| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:241:3:241:3 | a | | +| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:220:10:220:10 | a | | +| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:221:5:221:5 | a | | +| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:222:10:222:10 | a | | +| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:226:15:226:15 | a | | +| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:241:3:241:3 | a | | +| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:221:5:221:5 | a | | +| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:222:10:222:10 | a | | +| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:226:15:226:15 | a | | +| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:241:3:241:3 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:222:10:222:10 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:226:15:226:15 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:241:3:241:3 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:226:15:226:15 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:241:3:241:3 | a | | +| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:225:10:225:11 | a2 | | +| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:226:5:226:6 | a2 | | +| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:227:10:227:11 | a2 | | +| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:231:13:231:14 | a2 | | +| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a2 | | +| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:226:5:226:6 | a2 | | +| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:227:10:227:11 | a2 | | +| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | +| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | +| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:227:10:227:11 | a2 | | +| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | +| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:230:10:230:11 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:231:5:231:6 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:232:10:232:11 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:235:11:235:12 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:231:5:231:6 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:232:10:232:11 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:232:10:232:11 | a3 | | +| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | +| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:235:11:235:12 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | +| atl.cpp:235:11:235:12 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | +| atl.cpp:235:14:235:20 | call to GetData | atl.cpp:235:10:235:22 | * ... | TAINT | +| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:238:10:238:11 | a4 | | +| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:239:5:239:6 | a4 | | +| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:240:10:240:11 | a4 | | +| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a4 | | +| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:239:5:239:6 | a4 | | +| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:240:10:240:11 | a4 | | +| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | +| atl.cpp:239:5:239:6 | ref arg a4 | atl.cpp:240:10:240:11 | a4 | | +| atl.cpp:239:5:239:6 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | +| atl.cpp:239:26:239:27 | a3 | atl.cpp:239:25:239:27 | & ... | | +| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | +| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:244:5:244:6 | a5 | | +| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:245:10:245:11 | a5 | | +| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:250:3:250:3 | a5 | | +| atl.cpp:244:5:244:6 | ref arg a5 | atl.cpp:245:10:245:11 | a5 | | +| atl.cpp:244:5:244:6 | ref arg a5 | atl.cpp:250:3:250:3 | a5 | | +| atl.cpp:245:10:245:11 | ref arg a5 | atl.cpp:250:3:250:3 | a5 | | +| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:248:5:248:6 | a6 | | +| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:249:10:249:11 | a6 | | +| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:250:3:250:3 | a6 | | +| atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:249:10:249:11 | a6 | | +| atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | +| atl.cpp:249:10:249:11 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 0f8df1cd9f3843704d43be4efadd71440c98c4f4 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 11:34:42 +0000 Subject: [PATCH 11/65] C++: Add MaD model for 'CAtlArray'. --- cpp/ql/lib/ext/CAtlArray.model.yml | 15 +++++++++++++++ .../library-tests/dataflow/taint-tests/atl.cpp | 18 +++++++++--------- 2 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 cpp/ql/lib/ext/CAtlArray.model.yml diff --git a/cpp/ql/lib/ext/CAtlArray.model.yml b/cpp/ql/lib/ext/CAtlArray.model.yml new file mode 100644 index 000000000000..29afc0c99598 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlArray.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index c26966c908e4..4b3f1438d8d4 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -217,35 +217,35 @@ void test_CAtlArray() { { CAtlArray a; a.Add(x); - sink(a[0]); // $ MISSING: ir + sink(a[0]); // $ ir a.Add(0); - sink(a[0]); // $ MISSING: ir + sink(a[0]); // $ ir CAtlArray a2; sink(a2[0]); a2.Append(a); - sink(a2[0]); // $ MISSING: ir + sink(a2[0]); // $ ir CAtlArray a3; sink(a3[0]); a3.Copy(a2); - sink(a3[0]); // $ MISSING: ir + sink(a3[0]); // $ ir - sink(a3.GetAt(0)); // $ MISSING: ir - sink(*a3.GetData()); // $ MISSING: ir + sink(a3.GetAt(0)); // $ ir + sink(*a3.GetData()); // $ ir CAtlArray a4; sink(a4.GetAt(0)); a4.InsertArrayAt(0, &a3); - sink(a4.GetAt(0)); // $ MISSING: ir + sink(a4.GetAt(0)); // $ ir } { CAtlArray a5; a5.InsertAt(0, source(), 1); - sink(a5[0]); // $ MISSING: ir + sink(a5[0]); // $ ir CAtlArray a6; a6.SetAtGrow(0, source()); - sink(a6[0]); // $ MISSING: ir + sink(a6[0]); // $ ir } } From c604a93d1611b2ef7be1e5196262ea2ac27559eb Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 11:37:08 +0000 Subject: [PATCH 12/65] C++: Add failing tests with 'CAtlList'. --- .../dataflow/taint-tests/atl.cpp | 147 ++++++++++++ .../dataflow/taint-tests/localTaint.expected | 214 ++++++++++++++++++ 2 files changed, 361 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 4b3f1438d8d4..b1231c13c485 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -249,3 +249,150 @@ void test_CAtlArray() { sink(a6[0]); // $ ir } } + +template> +struct CAtlList { + using INARGTYPE = typename ETraits::INARGTYPE; + CAtlList(UINT nBlockSize) throw(); + ~CAtlList() throw(); + POSITION AddHead(); + POSITION AddHead(INARGTYPE element); + void AddHeadList(const CAtlList* plNew); + POSITION AddTail(); + POSITION AddTail(INARGTYPE element); + void AddTailList(const CAtlList* plNew); + POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw(); + POSITION FindIndex(size_t iElement) const throw(); + E& GetAt(POSITION pos) throw(); + const E& GetAt(POSITION pos) const throw(); + size_t GetCount() const throw(); + E& GetHead() throw(); + const E& GetHead() const throw(); + POSITION GetHeadPosition() const throw(); + E& GetNext(POSITION& pos) throw(); + const E& GetNext(POSITION& pos) const throw(); + E& GetPrev(POSITION& pos) throw(); + const E& GetPrev(POSITION& pos) const throw(); + E& GetTail() throw(); + const E& GetTail() const throw(); + POSITION GetTailPosition() const throw(); + POSITION InsertAfter(POSITION pos, INARGTYPE element); + POSITION InsertBefore(POSITION pos, INARGTYPE element); + bool IsEmpty() const throw(); + void MoveToHead(POSITION pos) throw(); + void MoveToTail(POSITION pos) throw(); + void RemoveAll() throw(); + void RemoveAt(POSITION pos) throw(); + E RemoveHead(); + void RemoveHeadNoReturn() throw(); + E RemoveTail(); + void RemoveTailNoReturn() throw(); + void SetAt(POSITION pos, INARGTYPE element); + void SwapElements(POSITION pos1, POSITION pos2) throw(); +}; + +void test_CAtlList() { + int x = source(); + { + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(x); + sink(list.GetHead()); // $ MISSING: ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ MISSING: ir + + CAtlList list3(10); + list3.AddTail(x); + sink(list3.GetHead()); // $ MISSING: ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ MISSING: ir + + { + CAtlList list5(10); + auto pos = list5.Find(x, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(x); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, x); + sink(list7.GetHead()); // $ MISSING: ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, x); + sink(list8.GetHead()); // $ MISSING: ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), x); + sink(list9.GetHead()); // $ MISSING: ir + } + } + + int* p = indirect_source(); + { + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(x); + sink(list.GetHead()); // $ MISSING: ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ MISSING: ir + + CAtlList list3(10); + list3.AddTail(x); + sink(list3.GetHead()); // $ MISSING: ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ MISSING: ir + + { + CAtlList list5(10); + auto pos = list5.Find(x, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(x); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, x); + sink(list7.GetHead()); // $ MISSING: ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, x); + sink(list8.GetHead()); // $ MISSING: ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), x); + sink(list9.GetHead()); // $ MISSING: ir + } + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index cd0b25deb453..5c7da7123ad4 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -292,6 +292,220 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:249:10:249:11 | a6 | | | atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | | atl.cpp:249:10:249:11 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:299:18:299:18 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:307:19:307:19 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:316:29:316:29 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:322:21:322:21 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:330:30:330:30 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:337:31:337:31 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:342:44:342:44 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:351:18:351:18 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:359:19:359:19 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:368:29:368:29 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:374:21:374:21 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:382:30:382:30 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:389:31:389:31 | x | | +| atl.cpp:295:11:295:21 | call to source | atl.cpp:394:44:394:44 | x | | +| atl.cpp:297:24:297:25 | 10 | atl.cpp:297:24:297:26 | call to CAtlList | TAINT | +| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:298:10:298:13 | list | | +| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:299:5:299:8 | list | | +| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:300:10:300:13 | list | | +| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:303:24:303:27 | list | | +| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:345:3:345:3 | list | | +| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:299:5:299:8 | list | | +| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:300:10:300:13 | list | | +| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:303:24:303:27 | list | | +| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:345:3:345:3 | list | | +| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:300:10:300:13 | list | | +| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:303:24:303:27 | list | | +| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:345:3:345:3 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:303:24:303:27 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:345:3:345:3 | list | | +| atl.cpp:302:25:302:26 | 10 | atl.cpp:302:25:302:27 | call to CAtlList | TAINT | +| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:303:5:303:9 | list2 | | +| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:304:10:304:14 | list2 | | +| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:345:3:345:3 | list2 | | +| atl.cpp:303:5:303:9 | ref arg list2 | atl.cpp:304:10:304:14 | list2 | | +| atl.cpp:303:5:303:9 | ref arg list2 | atl.cpp:345:3:345:3 | list2 | | +| atl.cpp:303:24:303:27 | list | atl.cpp:303:23:303:27 | & ... | | +| atl.cpp:304:10:304:14 | ref arg list2 | atl.cpp:345:3:345:3 | list2 | | +| atl.cpp:306:25:306:26 | 10 | atl.cpp:306:25:306:27 | call to CAtlList | TAINT | +| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:307:5:307:9 | list3 | | +| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:308:10:308:14 | list3 | | +| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:311:24:311:28 | list3 | | +| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:345:3:345:3 | list3 | | +| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:308:10:308:14 | list3 | | +| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:311:24:311:28 | list3 | | +| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:345:3:345:3 | list3 | | +| atl.cpp:308:10:308:14 | ref arg list3 | atl.cpp:311:24:311:28 | list3 | | +| atl.cpp:308:10:308:14 | ref arg list3 | atl.cpp:345:3:345:3 | list3 | | +| atl.cpp:310:25:310:26 | 10 | atl.cpp:310:25:310:27 | call to CAtlList | TAINT | +| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:311:5:311:9 | list4 | | +| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:312:10:312:14 | list4 | | +| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:345:3:345:3 | list4 | | +| atl.cpp:311:5:311:9 | ref arg list4 | atl.cpp:312:10:312:14 | list4 | | +| atl.cpp:311:5:311:9 | ref arg list4 | atl.cpp:345:3:345:3 | list4 | | +| atl.cpp:311:24:311:28 | list3 | atl.cpp:311:23:311:28 | & ... | | +| atl.cpp:312:10:312:14 | ref arg list4 | atl.cpp:345:3:345:3 | list4 | | +| atl.cpp:315:27:315:28 | 10 | atl.cpp:315:27:315:29 | call to CAtlList | TAINT | +| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:316:18:316:22 | list5 | | +| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:316:32:316:36 | list5 | | +| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:317:12:317:16 | list5 | | +| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:318:5:318:5 | list5 | | +| atl.cpp:316:18:316:22 | ref arg list5 | atl.cpp:317:12:317:16 | list5 | | +| atl.cpp:316:18:316:22 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | +| atl.cpp:316:24:316:27 | call to Find | atl.cpp:317:24:317:26 | pos | | +| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:316:18:316:22 | list5 | | +| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:317:12:317:16 | list5 | | +| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | +| atl.cpp:317:12:317:16 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | +| atl.cpp:321:27:321:28 | 10 | atl.cpp:321:27:321:29 | call to CAtlList | TAINT | +| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:322:7:322:11 | list6 | | +| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:323:18:323:22 | list6 | | +| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:324:12:324:16 | list6 | | +| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:325:5:325:5 | list6 | | +| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:323:18:323:22 | list6 | | +| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:324:12:324:16 | list6 | | +| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | +| atl.cpp:323:18:323:22 | ref arg list6 | atl.cpp:324:12:324:16 | list6 | | +| atl.cpp:323:18:323:22 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | +| atl.cpp:323:24:323:32 | call to FindIndex | atl.cpp:324:24:324:26 | pos | | +| atl.cpp:324:12:324:16 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | +| atl.cpp:328:27:328:28 | 10 | atl.cpp:328:27:328:29 | call to CAtlList | TAINT | +| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:329:18:329:22 | list7 | | +| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:330:7:330:11 | list7 | | +| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:331:12:331:16 | list7 | | +| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:332:5:332:5 | list7 | | +| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:330:7:330:11 | list7 | | +| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:331:12:331:16 | list7 | | +| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | +| atl.cpp:329:24:329:38 | call to GetTailPosition | atl.cpp:330:25:330:27 | pos | | +| atl.cpp:330:7:330:11 | ref arg list7 | atl.cpp:331:12:331:16 | list7 | | +| atl.cpp:330:7:330:11 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | +| atl.cpp:331:12:331:16 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | +| atl.cpp:335:27:335:28 | 10 | atl.cpp:335:27:335:29 | call to CAtlList | TAINT | +| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:336:18:336:22 | list8 | | +| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:337:7:337:11 | list8 | | +| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:338:12:338:16 | list8 | | +| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:339:5:339:5 | list8 | | +| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:337:7:337:11 | list8 | | +| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:338:12:338:16 | list8 | | +| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | +| atl.cpp:336:24:336:38 | call to GetTailPosition | atl.cpp:337:26:337:28 | pos | | +| atl.cpp:337:7:337:11 | ref arg list8 | atl.cpp:338:12:338:16 | list8 | | +| atl.cpp:337:7:337:11 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | +| atl.cpp:338:12:338:16 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | +| atl.cpp:341:27:341:28 | 10 | atl.cpp:341:27:341:29 | call to CAtlList | TAINT | +| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:342:7:342:11 | list9 | | +| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:342:19:342:23 | list9 | | +| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:343:12:343:16 | list9 | | +| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:344:5:344:5 | list9 | | +| atl.cpp:342:7:342:11 | ref arg list9 | atl.cpp:343:12:343:16 | list9 | | +| atl.cpp:342:7:342:11 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | +| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:342:7:342:11 | list9 | | +| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:343:12:343:16 | list9 | | +| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | +| atl.cpp:343:12:343:16 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | +| atl.cpp:349:24:349:25 | 10 | atl.cpp:349:24:349:26 | call to CAtlList | TAINT | +| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:350:10:350:13 | list | | +| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:351:5:351:8 | list | | +| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:352:10:352:13 | list | | +| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:355:24:355:27 | list | | +| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:397:3:397:3 | list | | +| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:351:5:351:8 | list | | +| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:352:10:352:13 | list | | +| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:355:24:355:27 | list | | +| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:397:3:397:3 | list | | +| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:352:10:352:13 | list | | +| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:355:24:355:27 | list | | +| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:397:3:397:3 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:355:24:355:27 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:397:3:397:3 | list | | +| atl.cpp:354:25:354:26 | 10 | atl.cpp:354:25:354:27 | call to CAtlList | TAINT | +| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:355:5:355:9 | list2 | | +| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:356:10:356:14 | list2 | | +| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:397:3:397:3 | list2 | | +| atl.cpp:355:5:355:9 | ref arg list2 | atl.cpp:356:10:356:14 | list2 | | +| atl.cpp:355:5:355:9 | ref arg list2 | atl.cpp:397:3:397:3 | list2 | | +| atl.cpp:355:24:355:27 | list | atl.cpp:355:23:355:27 | & ... | | +| atl.cpp:356:10:356:14 | ref arg list2 | atl.cpp:397:3:397:3 | list2 | | +| atl.cpp:358:25:358:26 | 10 | atl.cpp:358:25:358:27 | call to CAtlList | TAINT | +| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:359:5:359:9 | list3 | | +| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:360:10:360:14 | list3 | | +| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:363:24:363:28 | list3 | | +| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:397:3:397:3 | list3 | | +| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:360:10:360:14 | list3 | | +| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:363:24:363:28 | list3 | | +| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:397:3:397:3 | list3 | | +| atl.cpp:360:10:360:14 | ref arg list3 | atl.cpp:363:24:363:28 | list3 | | +| atl.cpp:360:10:360:14 | ref arg list3 | atl.cpp:397:3:397:3 | list3 | | +| atl.cpp:362:25:362:26 | 10 | atl.cpp:362:25:362:27 | call to CAtlList | TAINT | +| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:363:5:363:9 | list4 | | +| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:364:10:364:14 | list4 | | +| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:397:3:397:3 | list4 | | +| atl.cpp:363:5:363:9 | ref arg list4 | atl.cpp:364:10:364:14 | list4 | | +| atl.cpp:363:5:363:9 | ref arg list4 | atl.cpp:397:3:397:3 | list4 | | +| atl.cpp:363:24:363:28 | list3 | atl.cpp:363:23:363:28 | & ... | | +| atl.cpp:364:10:364:14 | ref arg list4 | atl.cpp:397:3:397:3 | list4 | | +| atl.cpp:367:27:367:28 | 10 | atl.cpp:367:27:367:29 | call to CAtlList | TAINT | +| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:368:18:368:22 | list5 | | +| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:368:32:368:36 | list5 | | +| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:369:12:369:16 | list5 | | +| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:370:5:370:5 | list5 | | +| atl.cpp:368:18:368:22 | ref arg list5 | atl.cpp:369:12:369:16 | list5 | | +| atl.cpp:368:18:368:22 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | +| atl.cpp:368:24:368:27 | call to Find | atl.cpp:369:24:369:26 | pos | | +| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:368:18:368:22 | list5 | | +| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:369:12:369:16 | list5 | | +| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | +| atl.cpp:369:12:369:16 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | +| atl.cpp:373:27:373:28 | 10 | atl.cpp:373:27:373:29 | call to CAtlList | TAINT | +| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:374:7:374:11 | list6 | | +| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:375:18:375:22 | list6 | | +| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:376:12:376:16 | list6 | | +| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:377:5:377:5 | list6 | | +| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:375:18:375:22 | list6 | | +| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:376:12:376:16 | list6 | | +| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | +| atl.cpp:375:18:375:22 | ref arg list6 | atl.cpp:376:12:376:16 | list6 | | +| atl.cpp:375:18:375:22 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | +| atl.cpp:375:24:375:32 | call to FindIndex | atl.cpp:376:24:376:26 | pos | | +| atl.cpp:376:12:376:16 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | +| atl.cpp:380:27:380:28 | 10 | atl.cpp:380:27:380:29 | call to CAtlList | TAINT | +| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:381:18:381:22 | list7 | | +| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:382:7:382:11 | list7 | | +| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:383:12:383:16 | list7 | | +| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:384:5:384:5 | list7 | | +| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:382:7:382:11 | list7 | | +| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:383:12:383:16 | list7 | | +| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | +| atl.cpp:381:24:381:38 | call to GetTailPosition | atl.cpp:382:25:382:27 | pos | | +| atl.cpp:382:7:382:11 | ref arg list7 | atl.cpp:383:12:383:16 | list7 | | +| atl.cpp:382:7:382:11 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | +| atl.cpp:383:12:383:16 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | +| atl.cpp:387:27:387:28 | 10 | atl.cpp:387:27:387:29 | call to CAtlList | TAINT | +| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:388:18:388:22 | list8 | | +| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:389:7:389:11 | list8 | | +| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:390:12:390:16 | list8 | | +| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:391:5:391:5 | list8 | | +| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:389:7:389:11 | list8 | | +| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:390:12:390:16 | list8 | | +| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | +| atl.cpp:388:24:388:38 | call to GetTailPosition | atl.cpp:389:26:389:28 | pos | | +| atl.cpp:389:7:389:11 | ref arg list8 | atl.cpp:390:12:390:16 | list8 | | +| atl.cpp:389:7:389:11 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | +| atl.cpp:390:12:390:16 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | +| atl.cpp:393:27:393:28 | 10 | atl.cpp:393:27:393:29 | call to CAtlList | TAINT | +| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:394:7:394:11 | list9 | | +| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:394:19:394:23 | list9 | | +| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:395:12:395:16 | list9 | | +| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:396:5:396:5 | list9 | | +| atl.cpp:394:7:394:11 | ref arg list9 | atl.cpp:395:12:395:16 | list9 | | +| atl.cpp:394:7:394:11 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | +| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:394:7:394:11 | list9 | | +| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:395:12:395:16 | list9 | | +| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | +| atl.cpp:395:12:395:16 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 2b8ef5a8c8c0c464ef97b1cc4c76107a416e85cc Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 11:39:26 +0000 Subject: [PATCH 13/65] C++: Add MaD model for 'CAtlList'. --- cpp/ql/lib/ext/CAtlList.model.yml | 25 +++++++++++++++ .../dataflow/taint-tests/atl.cpp | 32 +++++++++---------- 2 files changed, 41 insertions(+), 16 deletions(-) create mode 100644 cpp/ql/lib/ext/CAtlList.model.yml diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml new file mode 100644 index 000000000000..eb59fb8417ed --- /dev/null +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -0,0 +1,25 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "FindIndex", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "GetAt", "", "", "Argument[0]", "ReturnValue[*@]", "taint", "manual"] + - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "GetHeadPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "GetNext", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "GetPrev", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "GetTailPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "taint", "manual"] + - ["", "CAtlList", True, "SwapElements", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] + - ["", "CAtlList", True, "SwapElements", "", "", "Argument[1]", "Argument[0]", "taint", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index b1231c13c485..fe7a5513ce7c 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -297,19 +297,19 @@ void test_CAtlList() { CAtlList list(10); sink(list.GetHead()); list.AddHead(x); - sink(list.GetHead()); // $ MISSING: ir + sink(list.GetHead()); // $ ir CAtlList list2(10); list2.AddHeadList(&list); - sink(list2.GetHead()); // $ MISSING: ir + sink(list2.GetHead()); // $ ir CAtlList list3(10); list3.AddTail(x); - sink(list3.GetHead()); // $ MISSING: ir + sink(list3.GetHead()); // $ ir CAtlList list4(10); list4.AddTailList(&list3); - sink(list4.GetHead()); // $ MISSING: ir + sink(list4.GetHead()); // $ ir { CAtlList list5(10); @@ -321,26 +321,26 @@ void test_CAtlList() { CAtlList list6(10); list6.AddHead(x); auto pos = list6.FindIndex(0); - sink(list6.GetAt(pos)); // $ MISSING: ir + sink(list6.GetAt(pos)); // $ ir } { CAtlList list7(10); auto pos = list7.GetTailPosition(); list7.InsertAfter(pos, x); - sink(list7.GetHead()); // $ MISSING: ir + sink(list7.GetHead()); // $ ir } { CAtlList list8(10); auto pos = list8.GetTailPosition(); list8.InsertBefore(pos, x); - sink(list8.GetHead()); // $ MISSING: ir + sink(list8.GetHead()); // $ ir } { CAtlList list9(10); list9.SetAt(list9.GetHeadPosition(), x); - sink(list9.GetHead()); // $ MISSING: ir + sink(list9.GetHead()); // $ ir } } @@ -349,19 +349,19 @@ void test_CAtlList() { CAtlList list(10); sink(list.GetHead()); list.AddHead(x); - sink(list.GetHead()); // $ MISSING: ir + sink(list.GetHead()); // $ ir CAtlList list2(10); list2.AddHeadList(&list); - sink(list2.GetHead()); // $ MISSING: ir + sink(list2.GetHead()); // $ ir CAtlList list3(10); list3.AddTail(x); - sink(list3.GetHead()); // $ MISSING: ir + sink(list3.GetHead()); // $ ir CAtlList list4(10); list4.AddTailList(&list3); - sink(list4.GetHead()); // $ MISSING: ir + sink(list4.GetHead()); // $ ir { CAtlList list5(10); @@ -373,26 +373,26 @@ void test_CAtlList() { CAtlList list6(10); list6.AddHead(x); auto pos = list6.FindIndex(0); - sink(list6.GetAt(pos)); // $ MISSING: ir + sink(list6.GetAt(pos)); // $ ir } { CAtlList list7(10); auto pos = list7.GetTailPosition(); list7.InsertAfter(pos, x); - sink(list7.GetHead()); // $ MISSING: ir + sink(list7.GetHead()); // $ ir } { CAtlList list8(10); auto pos = list8.GetTailPosition(); list8.InsertBefore(pos, x); - sink(list8.GetHead()); // $ MISSING: ir + sink(list8.GetHead()); // $ ir } { CAtlList list9(10); list9.SetAt(list9.GetHeadPosition(), x); - sink(list9.GetHead()); // $ MISSING: ir + sink(list9.GetHead()); // $ ir } } } From 68ee8da574f56f160d61371f6eac44801c2ae2ad Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 12:04:29 +0000 Subject: [PATCH 14/65] C++: Add failing tests with 'CComBSTR'. --- .../dataflow/taint-tests/atl.cpp | 129 +++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 130 ++++++++++++++++++ 2 files changed, 259 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index fe7a5513ce7c..0eb636082e22 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -396,3 +396,132 @@ void test_CAtlList() { } } } + +struct IUnknown { }; + +struct ISequentialStream : public IUnknown { }; + +struct IStream : public ISequentialStream { }; + +struct CComBSTR { + CComBSTR() throw(); + CComBSTR(const CComBSTR& src); + CComBSTR(int nSize); + CComBSTR(int nSize, LPCOLESTR sz); + CComBSTR(int nSize, LPCSTR sz); + CComBSTR(LPCOLESTR pSrc); + CComBSTR(LPCSTR pSrc); + CComBSTR(CComBSTR&& src) throw(); + ~CComBSTR(); + + HRESULT Append(const CComBSTR& bstrSrc) throw(); + HRESULT Append(wchar_t ch) throw(); + HRESULT Append(char ch) throw(); + HRESULT Append(LPCOLESTR lpsz) throw(); + HRESULT Append(LPCSTR lpsz) throw(); + HRESULT Append(LPCOLESTR lpsz, int nLen) throw(); + HRESULT AppendBSTR(BSTR p) throw(); + HRESULT AppendBytes(const char* lpsz, int nLen) throw(); + HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw(); + HRESULT AssignBSTR(const BSTR bstrSrc) throw(); + void Attach(BSTR src) throw(); + HRESULT BSTRToArray(LPSAFEARRAY ppArray) throw(); + unsigned int ByteLength() const throw(); + BSTR Copy() const throw(); + HRESULT CopyTo(BSTR* pbstr) throw(); + + HRESULT CopyTo(VARIANT* pvarDest) throw(); + BSTR Detach() throw(); + void Empty() throw(); + unsigned int Length() const throw(); + bool LoadString(HINSTANCE hInst, UINT nID) throw(); + bool LoadString(UINT nID) throw(); + HRESULT ReadFromStream(IStream* pStream) throw(); + HRESULT ToUpper() throw(); + HRESULT WriteToStream(IStream* pStream) throw(); + + operator BSTR() const throw(); + BSTR* operator&() throw(); + + CComBSTR& operator+= (const CComBSTR& bstrSrc); + CComBSTR& operator+= (const LPCOLESTR pszSrc); + + BSTR m_str; +}; + +LPSAFEARRAY getSafeArray() { + SAFEARRAY* safe = new SAFEARRAY; + safe->pvData = indirect_source(); + return safe; +} + +void test_CComBSTR() { + char* x = indirect_source(); + { + CComBSTR b(x); + sink(b.m_str); // $ MISSING: ir + + CComBSTR b2(b); + sink(b2.m_str); // $ MISSING: ir + } + { + CComBSTR b(10, x); + sink(b.m_str); // $ MISSING: ir + } + { + CComBSTR b(x); + + CComBSTR b2; + sink(b2.m_str); + b2 += b; + sink(b2.m_str); // $ MISSING: ir + + CComBSTR b3; + b3 += x; + sink(b3.m_str); // $ MISSING: ir + sink(static_cast(b3)); // $ MISSING: ir + sink(**&b3); // $ MISSING: ir + + CComBSTR b4; + b4.Append(source()); + sink(b4.m_str); // $ MISSING: ir + + CComBSTR b5; + b5.AppendBSTR(b4.m_str); + sink(b5.m_str); // $ MISSING: ir + + CComBSTR b6; + b6.AppendBytes(x, 10); + sink(b6.m_str); // $ MISSING: ir + + CComBSTR b7; + b7.ArrayToBSTR(getSafeArray()); + sink(b7.m_str); // $ MISSING: ir + + CComBSTR b8; + b8.AssignBSTR(b7.m_str); + sink(b8.m_str); // $ MISSING: ir + + CComBSTR b9; + SAFEARRAY safe; + b9.Append(source()); + b9.BSTRToArray(&safe); + sink(safe.pvData); // $ MISSING: ir + + sink(b9.Copy()); // $ MISSING: ir + } + + wchar_t* w = indirect_source(); + { + CComBSTR b(w); + sink(b.m_str); // $ MISSING: ir + + CComBSTR b2; + b2.Attach(w); + sink(b2.m_str); // $ MISSING: ir + } + { + CComBSTR b(10, w); + sink(b.m_str); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 5c7da7123ad4..becba8e527b8 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -506,6 +506,136 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:395:12:395:16 | list9 | | | atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | | atl.cpp:395:12:395:16 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | +| atl.cpp:453:21:453:33 | new | atl.cpp:454:3:454:6 | safe | | +| atl.cpp:453:21:453:33 | new | atl.cpp:455:10:455:13 | safe | | +| atl.cpp:454:3:454:6 | safe [post update] | atl.cpp:455:10:455:13 | safe | | +| atl.cpp:454:3:454:40 | ... = ... | atl.cpp:454:9:454:14 | pvData [post update] | | +| atl.cpp:454:18:454:38 | call to indirect_source | atl.cpp:454:3:454:40 | ... = ... | | +| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:461:16:461:16 | x | | +| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:468:20:468:20 | x | | +| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:472:16:472:16 | x | | +| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:480:11:480:11 | x | | +| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:494:20:494:20 | x | | +| atl.cpp:461:16:461:16 | x | atl.cpp:461:16:461:17 | call to CComBSTR | TAINT | +| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:462:10:462:10 | b | | +| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:464:17:464:17 | b | | +| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:466:3:466:3 | b | | +| atl.cpp:462:10:462:10 | b [post update] | atl.cpp:464:17:464:17 | b | | +| atl.cpp:462:10:462:10 | b [post update] | atl.cpp:466:3:466:3 | b | | +| atl.cpp:462:12:462:16 | ref arg m_str | atl.cpp:465:13:465:17 | m_str | | +| atl.cpp:464:17:464:17 | b | atl.cpp:464:17:464:18 | call to CComBSTR | | +| atl.cpp:464:17:464:18 | call to CComBSTR | atl.cpp:465:10:465:11 | b2 | | +| atl.cpp:464:17:464:18 | call to CComBSTR | atl.cpp:466:3:466:3 | b2 | | +| atl.cpp:465:10:465:11 | b2 [post update] | atl.cpp:466:3:466:3 | b2 | | +| atl.cpp:468:16:468:21 | call to CComBSTR | atl.cpp:469:10:469:10 | b | | +| atl.cpp:468:16:468:21 | call to CComBSTR | atl.cpp:470:3:470:3 | b | | +| atl.cpp:469:10:469:10 | b [post update] | atl.cpp:470:3:470:3 | b | | +| atl.cpp:472:16:472:16 | x | atl.cpp:472:16:472:17 | call to CComBSTR | TAINT | +| atl.cpp:472:16:472:17 | call to CComBSTR | atl.cpp:476:11:476:11 | b | | +| atl.cpp:472:16:472:17 | call to CComBSTR | atl.cpp:512:3:512:3 | b | | +| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:475:10:475:11 | b2 | | +| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:476:5:476:6 | b2 | | +| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:477:10:477:11 | b2 | | +| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b2 | | +| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:476:5:476:6 | b2 | | +| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:477:10:477:11 | b2 | | +| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:512:3:512:3 | b2 | | +| atl.cpp:475:13:475:17 | ref arg m_str | atl.cpp:477:13:477:17 | m_str | | +| atl.cpp:476:5:476:6 | ref arg b2 | atl.cpp:477:10:477:11 | b2 | | +| atl.cpp:476:5:476:6 | ref arg b2 | atl.cpp:512:3:512:3 | b2 | | +| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:512:3:512:3 | b2 | | +| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:480:5:480:6 | b3 | | +| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:481:10:481:11 | b3 | | +| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:482:28:482:29 | b3 | | +| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:483:13:483:14 | b3 | | +| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b3 | | +| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:481:10:481:11 | b3 | | +| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:482:28:482:29 | b3 | | +| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:483:13:483:14 | b3 | | +| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | +| atl.cpp:480:11:480:11 | x | atl.cpp:480:11:480:11 | call to CComBSTR | TAINT | +| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:482:28:482:29 | b3 | | +| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:483:13:483:14 | b3 | | +| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:512:3:512:3 | b3 | | +| atl.cpp:482:28:482:29 | ref arg b3 | atl.cpp:483:13:483:14 | b3 | | +| atl.cpp:482:28:482:29 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | +| atl.cpp:483:11:483:14 | * ... | atl.cpp:483:10:483:14 | * ... | TAINT | +| atl.cpp:483:12:483:12 | call to operator& | atl.cpp:483:11:483:14 | * ... | TAINT | +| atl.cpp:483:13:483:14 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | +| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:486:5:486:6 | b4 | | +| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:487:10:487:11 | b4 | | +| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:490:19:490:20 | b4 | | +| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b4 | | +| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:487:10:487:11 | b4 | | +| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:490:19:490:20 | b4 | | +| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:512:3:512:3 | b4 | | +| atl.cpp:487:10:487:11 | b4 [post update] | atl.cpp:490:19:490:20 | b4 | | +| atl.cpp:487:10:487:11 | b4 [post update] | atl.cpp:512:3:512:3 | b4 | | +| atl.cpp:487:13:487:17 | ref arg m_str | atl.cpp:490:22:490:26 | m_str | | +| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:490:5:490:6 | b5 | | +| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:491:10:491:11 | b5 | | +| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b5 | | +| atl.cpp:490:5:490:6 | ref arg b5 | atl.cpp:491:10:491:11 | b5 | | +| atl.cpp:490:5:490:6 | ref arg b5 | atl.cpp:512:3:512:3 | b5 | | +| atl.cpp:490:19:490:20 | b4 [post update] | atl.cpp:512:3:512:3 | b4 | | +| atl.cpp:491:10:491:11 | b5 [post update] | atl.cpp:512:3:512:3 | b5 | | +| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:494:5:494:6 | b6 | | +| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:495:10:495:11 | b6 | | +| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b6 | | +| atl.cpp:494:5:494:6 | ref arg b6 | atl.cpp:495:10:495:11 | b6 | | +| atl.cpp:494:5:494:6 | ref arg b6 | atl.cpp:512:3:512:3 | b6 | | +| atl.cpp:495:10:495:11 | b6 [post update] | atl.cpp:512:3:512:3 | b6 | | +| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:498:5:498:6 | b7 | | +| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:499:10:499:11 | b7 | | +| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:502:19:502:20 | b7 | | +| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b7 | | +| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:499:10:499:11 | b7 | | +| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:502:19:502:20 | b7 | | +| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:512:3:512:3 | b7 | | +| atl.cpp:499:10:499:11 | b7 [post update] | atl.cpp:502:19:502:20 | b7 | | +| atl.cpp:499:10:499:11 | b7 [post update] | atl.cpp:512:3:512:3 | b7 | | +| atl.cpp:499:13:499:17 | ref arg m_str | atl.cpp:502:22:502:26 | m_str | | +| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:502:5:502:6 | b8 | | +| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:503:10:503:11 | b8 | | +| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b8 | | +| atl.cpp:502:5:502:6 | ref arg b8 | atl.cpp:503:10:503:11 | b8 | | +| atl.cpp:502:5:502:6 | ref arg b8 | atl.cpp:512:3:512:3 | b8 | | +| atl.cpp:502:19:502:20 | b7 [post update] | atl.cpp:512:3:512:3 | b7 | | +| atl.cpp:503:10:503:11 | b8 [post update] | atl.cpp:512:3:512:3 | b8 | | +| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:507:5:507:6 | b9 | | +| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | | +| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:511:10:511:11 | b9 | | +| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b9 | | +| atl.cpp:506:15:506:18 | safe | atl.cpp:508:21:508:24 | safe | | +| atl.cpp:506:15:506:18 | safe | atl.cpp:509:10:509:13 | safe | | +| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:508:5:508:6 | b9 | | +| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:511:10:511:11 | b9 | | +| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:511:10:511:11 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | +| atl.cpp:508:20:508:24 | ref arg & ... | atl.cpp:508:21:508:24 | safe [inner post update] | | +| atl.cpp:508:20:508:24 | ref arg & ... | atl.cpp:509:10:509:13 | safe | | +| atl.cpp:508:21:508:24 | safe | atl.cpp:508:20:508:24 | & ... | | +| atl.cpp:511:10:511:11 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | +| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:516:16:516:16 | w | | +| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:520:15:520:15 | w | | +| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:524:20:524:20 | w | | +| atl.cpp:516:16:516:16 | ref arg w | atl.cpp:520:15:520:15 | w | | +| atl.cpp:516:16:516:16 | ref arg w | atl.cpp:524:20:524:20 | w | | +| atl.cpp:516:16:516:16 | w | atl.cpp:516:16:516:17 | call to CComBSTR | TAINT | +| atl.cpp:516:16:516:17 | call to CComBSTR | atl.cpp:517:10:517:10 | b | | +| atl.cpp:516:16:516:17 | call to CComBSTR | atl.cpp:522:3:522:3 | b | | +| atl.cpp:517:10:517:10 | b [post update] | atl.cpp:522:3:522:3 | b | | +| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:520:5:520:6 | b2 | | +| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:521:10:521:11 | b2 | | +| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:522:3:522:3 | b2 | | +| atl.cpp:520:5:520:6 | ref arg b2 | atl.cpp:521:10:521:11 | b2 | | +| atl.cpp:520:5:520:6 | ref arg b2 | atl.cpp:522:3:522:3 | b2 | | +| atl.cpp:520:15:520:15 | ref arg w | atl.cpp:524:20:524:20 | w | | +| atl.cpp:521:10:521:11 | b2 [post update] | atl.cpp:522:3:522:3 | b2 | | +| atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:525:10:525:10 | b | | +| atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:526:3:526:3 | b | | +| atl.cpp:525:10:525:10 | b [post update] | atl.cpp:526:3:526:3 | b | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 9b004848a32533216fd40602e9acc792437b6e01 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 12:07:01 +0000 Subject: [PATCH 15/65] C++: Add MaD model for 'CComBSTR'. --- cpp/ql/lib/ext/CComBSTR.model.yml | 33 +++++++++++++++++++ .../dataflow/taint-tests/atl.cpp | 8 ++--- 2 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 cpp/ql/lib/ext/CComBSTR.model.yml diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml new file mode 100644 index 000000000000..b578956edec2 --- /dev/null +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -0,0 +1,33 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "Append", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[*0].Field[*pvData]", "value", "manual"] + - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] + - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 0eb636082e22..bade135966b4 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -479,8 +479,8 @@ void test_CComBSTR() { CComBSTR b3; b3 += x; sink(b3.m_str); // $ MISSING: ir - sink(static_cast(b3)); // $ MISSING: ir - sink(**&b3); // $ MISSING: ir + sink(static_cast(b3)); // $ ir + sink(**&b3); // $ ir CComBSTR b4; b4.Append(source()); @@ -506,9 +506,9 @@ void test_CComBSTR() { SAFEARRAY safe; b9.Append(source()); b9.BSTRToArray(&safe); - sink(safe.pvData); // $ MISSING: ir + sink(safe.pvData); // $ ir - sink(b9.Copy()); // $ MISSING: ir + sink(b9.Copy()); // $ ir } wchar_t* w = indirect_source(); From 948be092575f46d24d37c44e0672181809f11f48 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 13:38:38 +0000 Subject: [PATCH 16/65] C++: Add an taint step from object to field for 'CComBSTR's. --- cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../cpp/models/implementations/CComBSTR.qll | 16 ++++++++++++ .../dataflow/taint-tests/atl.cpp | 26 +++++++++---------- 3 files changed, 30 insertions(+), 13 deletions(-) create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index bb63416eaefa..9e67eaae5cf3 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -51,3 +51,4 @@ private import implementations.StructuredExceptionHandling private import implementations.ZMQ private import implementations.Win32CommandExecution private import implementations.CA2AEX +private import implementations.CComBSTR diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll new file mode 100644 index 000000000000..55d18a52ae45 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll @@ -0,0 +1,16 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CComBSTR` class from the Microsoft "Active Template Library". */ +class CcomBstr extends Class { + CcomBstr() { this.hasGlobalName("CComBSTR") } +} + +private class Mstr extends Field { + Mstr() { this.getDeclaringType() instanceof CcomBstr and this.hasName("m_str") } +} + +private class MstrTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + MstrTaintInheritingContent() { this.getField() instanceof Mstr } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index bade135966b4..c89b649ec9ae 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -459,14 +459,14 @@ void test_CComBSTR() { char* x = indirect_source(); { CComBSTR b(x); - sink(b.m_str); // $ MISSING: ir + sink(b.m_str); // $ ir CComBSTR b2(b); - sink(b2.m_str); // $ MISSING: ir + sink(b2.m_str); // $ ir } { CComBSTR b(10, x); - sink(b.m_str); // $ MISSING: ir + sink(b.m_str); // $ ir } { CComBSTR b(x); @@ -474,33 +474,33 @@ void test_CComBSTR() { CComBSTR b2; sink(b2.m_str); b2 += b; - sink(b2.m_str); // $ MISSING: ir + sink(b2.m_str); // $ ir CComBSTR b3; b3 += x; - sink(b3.m_str); // $ MISSING: ir + sink(b3.m_str); // $ ir sink(static_cast(b3)); // $ ir sink(**&b3); // $ ir CComBSTR b4; b4.Append(source()); - sink(b4.m_str); // $ MISSING: ir + sink(b4.m_str); // $ ir CComBSTR b5; b5.AppendBSTR(b4.m_str); - sink(b5.m_str); // $ MISSING: ir + sink(b5.m_str); // $ ir CComBSTR b6; b6.AppendBytes(x, 10); - sink(b6.m_str); // $ MISSING: ir + sink(b6.m_str); // $ ir CComBSTR b7; b7.ArrayToBSTR(getSafeArray()); - sink(b7.m_str); // $ MISSING: ir + sink(b7.m_str); // $ ir CComBSTR b8; b8.AssignBSTR(b7.m_str); - sink(b8.m_str); // $ MISSING: ir + sink(b8.m_str); // $ ir CComBSTR b9; SAFEARRAY safe; @@ -514,14 +514,14 @@ void test_CComBSTR() { wchar_t* w = indirect_source(); { CComBSTR b(w); - sink(b.m_str); // $ MISSING: ir + sink(b.m_str); // $ ir CComBSTR b2; b2.Attach(w); - sink(b2.m_str); // $ MISSING: ir + sink(b2.m_str); // $ ir } { CComBSTR b(10, w); - sink(b.m_str); // $ MISSING: ir + sink(b.m_str); // $ ir } } From e831cb5f2647ff59a98f5c9ea11e15e3dc61ce33 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 13:42:23 +0000 Subject: [PATCH 17/65] C++: Add failing tests with 'CComSafeArray'. --- .../dataflow/taint-tests/atl.cpp | 77 +++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 86 +++++++++++++++++++ 2 files changed, 163 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index c89b649ec9ae..a91cd9c88d6f 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -525,3 +525,80 @@ void test_CComBSTR() { sink(b.m_str); // $ ir } } + +template +struct CComSafeArray { + CComSafeArray(); + CComSafeArray(const SAFEARRAYBOUND& bound); + CComSafeArray(ULONG ulCount, LONG lLBound); + CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims); + CComSafeArray(const CComSafeArray& saSrc); + CComSafeArray(const SAFEARRAY& saSrc); + CComSafeArray(const SAFEARRAY* psaSrc); + + ~CComSafeArray() throw(); + + HRESULT Add(const SAFEARRAY* psaSrc); + HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy); + HRESULT Add(const T& t, BOOL bCopy); + HRESULT Attach(const SAFEARRAY* psaSrc); + HRESULT CopyFrom(LPSAFEARRAY* ppArray); + HRESULT CopyTo(LPSAFEARRAY* ppArray); + HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims); + HRESULT Create(ULONG ulCount, LONG lLBound); + HRESULT Destroy(); + LPSAFEARRAY Detach(); + T& GetAt(LONG lIndex) const; + ULONG GetCount(UINT uDim) const; + UINT GetDimensions() const; + LONG GetLowerBound(UINT uDim) const; + LPSAFEARRAY GetSafeArrayPtr() throw(); + LONG GetUpperBound(UINT uDim) const; + bool IsSizable() const; + HRESULT MultiDimGetAt(const LONG* alIndex, T& t); + HRESULT MultiDimSetAt(const LONG* alIndex, const T& t); + HRESULT Resize(const SAFEARRAYBOUND* pBound); + HRESULT Resize(ULONG ulCount, LONG lLBound); + HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy); + operator LPSAFEARRAY() const; + T& operator[](long lindex) const; + T& operator[](int nindex) const; + + LPSAFEARRAY m_psa; +}; + +void test_CComSafeArray() { + LPSAFEARRAY safe = getSafeArray(); + sink(safe->pvData); // $ ir + { + CComSafeArray c(safe); + sink(c[0]); // $ MISSING: ir + sink(c.GetAt(0)); // $ MISSING: ir + sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir + sink(c.m_psa->pvData); // $ MISSING: ir + } + { + CComSafeArray c; + sink(c[0]); + sink(c.GetAt(0)); + sink(c.GetSafeArrayPtr()->pvData); + c.Add(safe); + sink(c[0]); // $ MISSING: ir + sink(c.GetAt(0)); // $ MISSING: ir + sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir + sink(static_cast(c)->pvData); // $ MISSING: ir + } + { + CComSafeArray c; + c.Add(source(), true); + sink(c[0]); // $ MISSING: ir + sink(c.GetAt(0)); // $ MISSING: ir + sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir + } + { + CComSafeArray c; + c.SetAt(0, source(), true); + sink(c[0]); // $ MISSING: ir + sink(c[0L]); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index becba8e527b8..4924d7d817f3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -636,6 +636,92 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:525:10:525:10 | b | | | atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:526:3:526:3 | b | | | atl.cpp:525:10:525:10 | b [post update] | atl.cpp:526:3:526:3 | b | | +| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:570:8:570:11 | safe | | +| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:572:24:572:27 | safe | | +| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:582:11:582:14 | safe | | +| atl.cpp:570:8:570:11 | safe [post update] | atl.cpp:572:24:572:27 | safe | | +| atl.cpp:570:8:570:11 | safe [post update] | atl.cpp:582:11:582:14 | safe | | +| atl.cpp:572:24:572:27 | safe | atl.cpp:572:24:572:28 | call to CComSafeArray | TAINT | +| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:573:8:573:8 | c | | +| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:574:8:574:8 | c | | +| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:575:8:575:8 | c | | +| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:576:3:576:3 | c | | +| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:574:8:574:8 | c | | +| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:575:8:575:8 | c | | +| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:576:3:576:3 | c | | +| atl.cpp:574:8:574:8 | ref arg c | atl.cpp:575:8:575:8 | c | | +| atl.cpp:574:8:574:8 | ref arg c | atl.cpp:576:3:576:3 | c | | +| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:576:3:576:3 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:579:10:579:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:580:10:580:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:581:10:581:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:582:5:582:5 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:586:35:586:35 | c | | +| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:587:3:587:3 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:580:10:580:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:581:10:581:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:583:10:583:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:581:10:581:10 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:583:10:583:10 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:582:5:582:5 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:583:10:583:10 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:583:10:583:10 | c | | +| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:35:586:35 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:586:35:586:35 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:590:5:590:5 | c | | +| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:591:10:591:10 | c | | +| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:592:10:592:10 | c | | +| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:593:10:593:10 | c | | +| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:594:3:594:3 | c | | +| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:591:10:591:10 | c | | +| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:592:10:592:10 | c | | +| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:593:10:593:10 | c | | +| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:594:3:594:3 | c | | +| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:592:10:592:10 | c | | +| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:593:10:593:10 | c | | +| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:594:3:594:3 | c | | +| atl.cpp:592:10:592:10 | ref arg c | atl.cpp:593:10:593:10 | c | | +| atl.cpp:592:10:592:10 | ref arg c | atl.cpp:594:3:594:3 | c | | +| atl.cpp:593:10:593:10 | ref arg c | atl.cpp:594:3:594:3 | c | | +| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:597:5:597:5 | c | | +| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:598:10:598:10 | c | | +| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:599:10:599:10 | c | | +| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:600:3:600:3 | c | | +| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:598:10:598:10 | c | | +| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:599:10:599:10 | c | | +| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:600:3:600:3 | c | | +| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:599:10:599:10 | c | | +| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:600:3:600:3 | c | | +| atl.cpp:599:10:599:10 | ref arg c | atl.cpp:600:3:600:3 | c | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 5f05417890733959f4bb89c0b2d765370578fab9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:10:04 +0000 Subject: [PATCH 18/65] C++: Add MaD model for 'CComSafeArray'. --- cpp/ql/lib/ext/CComSafeArray.model.yml | 27 +++++++++++++++++++ .../dataflow/taint-tests/atl.cpp | 26 +++++++++--------- 2 files changed, 40 insertions(+), 13 deletions(-) create mode 100644 cpp/ql/lib/ext/CComSafeArray.model.yml diff --git a/cpp/ql/lib/ext/CComSafeArray.model.yml b/cpp/ql/lib/ext/CComSafeArray.model.yml new file mode 100644 index 000000000000..4128ae13e177 --- /dev/null +++ b/cpp/ql/lib/ext/CComSafeArray.model.yml @@ -0,0 +1,27 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"] + - ["", "CComSafeArray", True, "Create", "(const SAFEARRAYBOUND *,UINT)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"] + - ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray&)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray&)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index a91cd9c88d6f..69a79eb75802 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -572,10 +572,10 @@ void test_CComSafeArray() { sink(safe->pvData); // $ ir { CComSafeArray c(safe); - sink(c[0]); // $ MISSING: ir - sink(c.GetAt(0)); // $ MISSING: ir - sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir - sink(c.m_psa->pvData); // $ MISSING: ir + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(c.m_psa->pvData); // $ ir } { CComSafeArray c; @@ -583,22 +583,22 @@ void test_CComSafeArray() { sink(c.GetAt(0)); sink(c.GetSafeArrayPtr()->pvData); c.Add(safe); - sink(c[0]); // $ MISSING: ir - sink(c.GetAt(0)); // $ MISSING: ir - sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir - sink(static_cast(c)->pvData); // $ MISSING: ir + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(static_cast(c)->pvData); // $ ir } { CComSafeArray c; c.Add(source(), true); - sink(c[0]); // $ MISSING: ir - sink(c.GetAt(0)); // $ MISSING: ir - sink(c.GetSafeArrayPtr()->pvData); // $ MISSING: ir + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir } { CComSafeArray c; c.SetAt(0, source(), true); - sink(c[0]); // $ MISSING: ir - sink(c[0L]); // $ MISSING: ir + sink(c[0]); // $ ir + sink(c[0L]); // $ ir } } From 1a79290fd67fe3da4abe481e243c64c9a02f0589 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:12:37 +0000 Subject: [PATCH 19/65] C++: Add failing tests with 'CPathT'. --- .../dataflow/taint-tests/atl.cpp | 104 ++++++++ .../dataflow/taint-tests/localTaint.expected | 248 ++++++++++++------ 2 files changed, 267 insertions(+), 85 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 69a79eb75802..35a66099a626 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -602,3 +602,107 @@ void test_CComSafeArray() { sink(c[0L]); // $ ir } } + +template +struct CPathT { + typedef StringType PCXSTR; // simplified + CPathT(PCXSTR pszPath); + CPathT(const CPathT& path); + CPathT() throw(); + + void AddBackslash(); + BOOL AddExtension(PCXSTR pszExtension); + BOOL Append(PCXSTR pszMore); + void BuildRoot(int iDrive); + void Canonicalize(); + void Combine(PCXSTR pszDir, PCXSTR pszFile); + CPathT CommonPrefix(PCXSTR pszOther); + BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags); + BOOL FileExists() const; + int FindExtension() const; + int FindFileName() const; + int GetDriveNumber() const; + StringType GetExtension() const; + BOOL IsDirectory() const; + BOOL IsFileSpec() const; + BOOL IsPrefix(PCXSTR pszPrefix) const; + BOOL IsRelative() const; + BOOL IsRoot() const; + BOOL IsSameRoot(PCXSTR pszOther) const; + BOOL IsUNC() const; + BOOL IsUNCServer() const; + BOOL IsUNCServerShare() const; + BOOL MakePretty(); + BOOL MatchSpec(PCXSTR pszSpec) const; + void QuoteSpaces(); + BOOL RelativePathTo( + PCXSTR pszFrom, + DWORD dwAttrFrom, + PCXSTR pszTo, + DWORD dwAttrTo); + void RemoveArgs(); + void RemoveBackslash(); + void RemoveBlanks(); + void RemoveExtension(); + BOOL RemoveFileSpec(); + BOOL RenameExtension(PCXSTR pszExtension); + int SkipRoot() const; + void StripPath(); + BOOL StripToRoot(); + void UnquoteSpaces(); + operator const StringType&() const throw(); + operator PCXSTR() const throw(); + operator StringType&() throw(); + CPathT& operator+=(PCXSTR pszMore); + + StringType m_strPath; +}; + +using CPath = CPathT; + +void test_CPathT() { + char* x = indirect_source(); + CPath p(x); + sink(static_cast(p)); // $ MISSING: ir + sink(p.m_strPath); // $ MISSING: ir + + CPath p2(p); + sink(p2.m_strPath); // $ MISSING: ir + + { + CPath p; + p.AddExtension(x); + sink(p.m_strPath); // $ MISSING: ir + } + { + CPath p; + p.Append(x); + sink(p.m_strPath); // $ MISSING: ir + + CPath p2; + p2 += p; + sink(p.m_strPath); // $ MISSING: ir + + CPath p3; + p3 += x; + sink(p.m_strPath); // $ MISSING: ir + } + + { + CPath p; + p.Combine(x, nullptr); + sink(p.m_strPath); // $ MISSING: ir + } + { + CPath p; + p.Combine(nullptr, x); + sink(p.m_strPath); // $ MISSING: ir + } + + { + CPath p; + auto p2 = p.CommonPrefix(x); + sink(p2.m_strPath); // $ MISSING: ir + sink(p2.GetExtension()); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 4924d7d817f3..961011dbd234 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -636,92 +636,170 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:525:10:525:10 | b | | | atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:526:3:526:3 | b | | | atl.cpp:525:10:525:10 | b [post update] | atl.cpp:526:3:526:3 | b | | -| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:570:8:570:11 | safe | | -| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:572:24:572:27 | safe | | -| atl.cpp:569:22:569:33 | call to getSafeArray | atl.cpp:582:11:582:14 | safe | | -| atl.cpp:570:8:570:11 | safe [post update] | atl.cpp:572:24:572:27 | safe | | -| atl.cpp:570:8:570:11 | safe [post update] | atl.cpp:582:11:582:14 | safe | | -| atl.cpp:572:24:572:27 | safe | atl.cpp:572:24:572:28 | call to CComSafeArray | TAINT | -| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:573:8:573:8 | c | | -| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:574:8:574:8 | c | | -| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:575:8:575:8 | c | | -| atl.cpp:572:24:572:28 | call to CComSafeArray | atl.cpp:576:3:576:3 | c | | -| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:574:8:574:8 | c | | -| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:575:8:575:8 | c | | -| atl.cpp:573:8:573:8 | ref arg c | atl.cpp:576:3:576:3 | c | | -| atl.cpp:574:8:574:8 | ref arg c | atl.cpp:575:8:575:8 | c | | -| atl.cpp:574:8:574:8 | ref arg c | atl.cpp:576:3:576:3 | c | | -| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:576:3:576:3 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:579:10:579:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:580:10:580:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:581:10:581:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:582:5:582:5 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:586:35:586:35 | c | | -| atl.cpp:578:24:578:24 | call to CComSafeArray | atl.cpp:587:3:587:3 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:580:10:580:10 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:581:10:581:10 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:582:5:582:5 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:583:10:583:10 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:579:10:579:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:581:10:581:10 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:582:5:582:5 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:583:10:583:10 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:580:10:580:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:582:5:582:5 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:583:10:583:10 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:581:10:581:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:583:10:583:10 | c | | -| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:582:5:582:5 | ref arg c | atl.cpp:587:3:587:3 | c | | +| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:572:8:572:11 | safe | | +| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:574:24:574:27 | safe | | +| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:585:11:585:14 | safe | | +| atl.cpp:572:8:572:11 | safe [post update] | atl.cpp:574:24:574:27 | safe | | +| atl.cpp:572:8:572:11 | safe [post update] | atl.cpp:585:11:585:14 | safe | | +| atl.cpp:574:24:574:27 | safe | atl.cpp:574:24:574:28 | call to CComSafeArray | TAINT | +| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:575:8:575:8 | c | | +| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | | +| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | +| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | +| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:579:3:579:3 | c | | +| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:576:8:576:8 | c | | +| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:577:8:577:8 | c | | +| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:578:8:578:8 | c | | +| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:579:3:579:3 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:3:579:3 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:3:579:3 | c | | +| atl.cpp:578:8:578:8 | c [post update] | atl.cpp:579:3:579:3 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:582:10:582:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:585:5:585:5 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:586:10:586:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:589:35:589:35 | c | | +| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:590:3:590:3 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:583:10:583:10 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:585:5:585:5 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:590:3:590:3 | c | | | atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:35:586:35 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:586:35:586:35 | ref arg c | atl.cpp:587:3:587:3 | c | | -| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:590:5:590:5 | c | | -| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:591:10:591:10 | c | | -| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:592:10:592:10 | c | | -| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:593:10:593:10 | c | | -| atl.cpp:589:24:589:24 | call to CComSafeArray | atl.cpp:594:3:594:3 | c | | -| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:591:10:591:10 | c | | -| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:592:10:592:10 | c | | -| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:593:10:593:10 | c | | -| atl.cpp:590:5:590:5 | ref arg c | atl.cpp:594:3:594:3 | c | | -| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:592:10:592:10 | c | | -| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:593:10:593:10 | c | | -| atl.cpp:591:10:591:10 | ref arg c | atl.cpp:594:3:594:3 | c | | -| atl.cpp:592:10:592:10 | ref arg c | atl.cpp:593:10:593:10 | c | | -| atl.cpp:592:10:592:10 | ref arg c | atl.cpp:594:3:594:3 | c | | -| atl.cpp:593:10:593:10 | ref arg c | atl.cpp:594:3:594:3 | c | | -| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:597:5:597:5 | c | | -| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:598:10:598:10 | c | | -| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:599:10:599:10 | c | | -| atl.cpp:596:24:596:24 | call to CComSafeArray | atl.cpp:600:3:600:3 | c | | -| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:598:10:598:10 | c | | -| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:599:10:599:10 | c | | -| atl.cpp:597:5:597:5 | ref arg c | atl.cpp:600:3:600:3 | c | | -| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:599:10:599:10 | c | | -| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:600:3:600:3 | c | | -| atl.cpp:599:10:599:10 | ref arg c | atl.cpp:600:3:600:3 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:5:585:5 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:5:585:5 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:35:589:35 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:589:35:589:35 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:593:5:593:5 | c | | +| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:594:10:594:10 | c | | +| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | | +| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | +| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:597:3:597:3 | c | | +| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:594:10:594:10 | c | | +| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:595:10:595:10 | c | | +| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:597:3:597:3 | c | | +| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:595:10:595:10 | c | | +| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:597:3:597:3 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:3:597:3 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:3:597:3 | c | | +| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:600:5:600:5 | c | | +| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:601:10:601:10 | c | | +| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | | +| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:603:3:603:3 | c | | +| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:601:10:601:10 | c | | +| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:602:10:602:10 | c | | +| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:603:3:603:3 | c | | +| atl.cpp:601:10:601:10 | ref arg c | atl.cpp:602:10:602:10 | c | | +| atl.cpp:601:10:601:10 | ref arg c | atl.cpp:603:3:603:3 | c | | +| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:3:603:3 | c | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:665:11:665:11 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:674:20:674:20 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:679:14:679:14 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:687:11:687:11 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:693:15:693:15 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:698:24:698:24 | x | | +| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:704:30:704:30 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:674:20:674:20 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:679:14:679:14 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:687:11:687:11 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:693:15:693:15 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:698:24:698:24 | x | | +| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:665:11:665:11 | x | atl.cpp:665:11:665:12 | call to CPathT | TAINT | +| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:666:27:666:27 | p | | +| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:667:8:667:8 | p | | +| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:669:12:669:12 | p | | +| atl.cpp:666:27:666:27 | ref arg p | atl.cpp:667:8:667:8 | p | | +| atl.cpp:666:27:666:27 | ref arg p | atl.cpp:669:12:669:12 | p | | +| atl.cpp:667:8:667:8 | p [post update] | atl.cpp:669:12:669:12 | p | | +| atl.cpp:667:10:667:18 | ref arg m_strPath | atl.cpp:670:11:670:19 | m_strPath | | +| atl.cpp:669:12:669:12 | p | atl.cpp:669:12:669:13 | call to CPathT | | +| atl.cpp:669:12:669:13 | call to CPathT | atl.cpp:670:8:670:9 | p2 | | +| atl.cpp:673:11:673:11 | call to CPathT | atl.cpp:674:5:674:5 | p | | +| atl.cpp:673:11:673:11 | call to CPathT | atl.cpp:675:10:675:10 | p | | +| atl.cpp:674:5:674:5 | ref arg p | atl.cpp:675:10:675:10 | p | | +| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:679:14:679:14 | x | | +| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:687:11:687:11 | x | | +| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:693:15:693:15 | x | | +| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:698:24:698:24 | x | | +| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:679:5:679:5 | p | | +| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:680:10:680:10 | p | | +| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:683:11:683:11 | p | | +| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:684:10:684:10 | p | | +| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:688:10:688:10 | p | | +| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:680:10:680:10 | p | | +| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:683:11:683:11 | p | | +| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:684:10:684:10 | p | | +| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:688:10:688:10 | p | | +| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:687:11:687:11 | x | | +| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:693:15:693:15 | x | | +| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:698:24:698:24 | x | | +| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:683:11:683:11 | p | | +| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:684:10:684:10 | p | | +| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:688:10:688:10 | p | | +| atl.cpp:680:12:680:20 | ref arg m_strPath | atl.cpp:684:12:684:20 | m_strPath | | +| atl.cpp:680:12:680:20 | ref arg m_strPath | atl.cpp:688:12:688:20 | m_strPath | | +| atl.cpp:682:11:682:12 | call to CPathT | atl.cpp:683:5:683:6 | p2 | | +| atl.cpp:683:11:683:11 | call to operator char *& | atl.cpp:683:8:683:8 | call to operator+= | TAINT | +| atl.cpp:683:11:683:11 | ref arg p | atl.cpp:684:10:684:10 | p | | +| atl.cpp:683:11:683:11 | ref arg p | atl.cpp:688:10:688:10 | p | | +| atl.cpp:684:10:684:10 | p [post update] | atl.cpp:688:10:688:10 | p | | +| atl.cpp:684:12:684:20 | ref arg m_strPath | atl.cpp:688:12:688:20 | m_strPath | | +| atl.cpp:686:11:686:12 | call to CPathT | atl.cpp:687:5:687:6 | p3 | | +| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:693:15:693:15 | x | | +| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:698:24:698:24 | x | | +| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:687:11:687:11 | x | atl.cpp:687:8:687:8 | call to operator+= | TAINT | +| atl.cpp:692:11:692:11 | call to CPathT | atl.cpp:693:5:693:5 | p | | +| atl.cpp:692:11:692:11 | call to CPathT | atl.cpp:694:10:694:10 | p | | +| atl.cpp:693:5:693:5 | ref arg p | atl.cpp:694:10:694:10 | p | | +| atl.cpp:693:15:693:15 | ref arg x | atl.cpp:698:24:698:24 | x | | +| atl.cpp:693:15:693:15 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:697:11:697:11 | call to CPathT | atl.cpp:698:5:698:5 | p | | +| atl.cpp:697:11:697:11 | call to CPathT | atl.cpp:699:10:699:10 | p | | +| atl.cpp:698:5:698:5 | ref arg p | atl.cpp:699:10:699:10 | p | | +| atl.cpp:698:24:698:24 | ref arg x | atl.cpp:704:30:704:30 | x | | +| atl.cpp:703:11:703:11 | call to CPathT | atl.cpp:704:15:704:15 | p | | +| atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:705:10:705:11 | p2 | | +| atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | +| atl.cpp:705:10:705:11 | p2 [post update] | atl.cpp:706:10:706:11 | p2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 354361952ac6d4e8571a7b06e0f487c93fb7070b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:15:17 +0000 Subject: [PATCH 20/65] C++: Add MaD model for 'CPathT'. --- cpp/ql/lib/ext/CPathT.model.yml | 22 +++++++++++++++++++ .../dataflow/taint-tests/atl.cpp | 2 +- 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/lib/ext/CPathT.model.yml diff --git a/cpp/ql/lib/ext/CPathT.model.yml b/cpp/ql/lib/ext/CPathT.model.yml new file mode 100644 index 000000000000..2138dd6c9425 --- /dev/null +++ b/cpp/ql/lib/ext/CPathT.model.yml @@ -0,0 +1,22 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CPathT", True, "CPathT", "", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"] + - ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + # Note: These don't work currently since we cannot use the template parameter in the name of the function + # - ["", "CPathT", True, "operator const T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + # - ["", "CPathT", True, "operator T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator +=", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator +=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 35a66099a626..d6b7b6d2d6fb 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -703,6 +703,6 @@ void test_CPathT() { CPath p; auto p2 = p.CommonPrefix(x); sink(p2.m_strPath); // $ MISSING: ir - sink(p2.GetExtension()); // $ MISSING: ir + sink(p2.GetExtension()); // $ ir } } From c61395b9733b1236d05026030378260100a04586 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:18:16 +0000 Subject: [PATCH 21/65] C++: Add implicit read of the 'm_strPath' member. --- cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../code/cpp/models/implementations/CPathT.qll | 16 ++++++++++++++++ .../library-tests/dataflow/taint-tests/atl.cpp | 18 +++++++++--------- 3 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index 9e67eaae5cf3..b371e6dc116c 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -52,3 +52,4 @@ private import implementations.ZMQ private import implementations.Win32CommandExecution private import implementations.CA2AEX private import implementations.CComBSTR +private import implementations.CPathT diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll new file mode 100644 index 000000000000..b2fe3a363c7c --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll @@ -0,0 +1,16 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CPathT` class from the Microsoft "Active Template Library". */ +class CPathT extends Class { + CPathT() { this.hasGlobalName("CPathT") } +} + +private class MStrPath extends Field { + MStrPath() { this.getDeclaringType() instanceof CPathT and this.hasName("m_strPath") } +} + +private class MStrPathTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + MStrPathTaintInheritingContent() { this.getField() instanceof MStrPath } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index d6b7b6d2d6fb..46a147e555aa 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -664,45 +664,45 @@ void test_CPathT() { char* x = indirect_source(); CPath p(x); sink(static_cast(p)); // $ MISSING: ir - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir CPath p2(p); - sink(p2.m_strPath); // $ MISSING: ir + sink(p2.m_strPath); // $ ir { CPath p; p.AddExtension(x); - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir } { CPath p; p.Append(x); - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir CPath p2; p2 += p; - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir CPath p3; p3 += x; - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir } { CPath p; p.Combine(x, nullptr); - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir } { CPath p; p.Combine(nullptr, x); - sink(p.m_strPath); // $ MISSING: ir + sink(p.m_strPath); // $ ir } { CPath p; auto p2 = p.CommonPrefix(x); - sink(p2.m_strPath); // $ MISSING: ir + sink(p2.m_strPath); // $ ir sink(p2.GetExtension()); // $ ir } } From 029c0134eba01f629b1a0e7ffba4d98fb093ccef Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:20:24 +0000 Subject: [PATCH 22/65] C++: Add failing tests with 'CSimpleArray'. --- .../dataflow/taint-tests/atl.cpp | 47 +++++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 46 ++++++++++++++++++ 2 files changed, 93 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 46a147e555aa..e21500166417 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -706,3 +706,50 @@ void test_CPathT() { sink(p2.GetExtension()); // $ ir } } + +template +struct CSimpleArray { + CSimpleArray(const CSimpleArray& src); + CSimpleArray(); + ~CSimpleArray(); + + BOOL Add(const T& t); + int Find(const T& t) const; + T* GetData() const; + int GetSize() const; + BOOL Remove(const T& t); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + + BOOL SetAtIndex( + int nIndex, + const T& t); + + T& operator[](int nindex); + CSimpleArray & operator=(const CSimpleArray& src); +}; + +void test_CSimpleArray() { + int x = source(); + { + CSimpleArray a; + a.Add(x); + sink(a[0]); // $ MISSING: ir + a.Add(0); + sink(a[0]); // $ MISSING: ir + + CSimpleArray a2; + sink(a2[0]); + a2 = a; + sink(a2[0]); // $ MISSING: ir + } + { + CSimpleArray a; + a.Add(x); + sink(a.GetData()); // $ MISSING: ir + + CSimpleArray a2; + int pos = a2.Find(x); + sink(a2[pos]); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 961011dbd234..952f67e2a547 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -800,6 +800,52 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:705:10:705:11 | p2 | | | atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | | atl.cpp:705:10:705:11 | p2 [post update] | atl.cpp:706:10:706:11 | p2 | | +| atl.cpp:733:11:733:21 | call to source | atl.cpp:736:11:736:11 | x | | +| atl.cpp:733:11:733:21 | call to source | atl.cpp:748:11:748:11 | x | | +| atl.cpp:733:11:733:21 | call to source | atl.cpp:752:23:752:23 | x | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:736:5:736:5 | a | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:737:10:737:10 | a | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:738:5:738:5 | a | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:739:10:739:10 | a | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:743:10:743:10 | a | | +| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:745:3:745:3 | a | | +| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:737:10:737:10 | a | | +| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:738:5:738:5 | a | | +| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:739:10:739:10 | a | | +| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:743:10:743:10 | a | | +| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:745:3:745:3 | a | | +| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:738:5:738:5 | a | | +| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:739:10:739:10 | a | | +| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:743:10:743:10 | a | | +| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:745:3:745:3 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:739:10:739:10 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:743:10:743:10 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:745:3:745:3 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:743:10:743:10 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:745:3:745:3 | a | | +| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:742:10:742:11 | a2 | | +| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:743:5:743:6 | a2 | | +| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:744:10:744:11 | a2 | | +| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:745:3:745:3 | a2 | | +| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:743:5:743:6 | a2 | | +| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:744:10:744:11 | a2 | | +| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | +| atl.cpp:743:5:743:6 | ref arg a2 | atl.cpp:744:10:744:11 | a2 | | +| atl.cpp:743:5:743:6 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | +| atl.cpp:743:10:743:10 | a | atl.cpp:743:5:743:6 | ref arg a2 | TAINT | +| atl.cpp:743:10:743:10 | a | atl.cpp:743:8:743:8 | call to operator= | TAINT | +| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | +| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:748:5:748:5 | a | | +| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:749:10:749:10 | a | | +| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:754:3:754:3 | a | | +| atl.cpp:748:5:748:5 | ref arg a | atl.cpp:749:10:749:10 | a | | +| atl.cpp:748:5:748:5 | ref arg a | atl.cpp:754:3:754:3 | a | | +| atl.cpp:749:10:749:10 | ref arg a | atl.cpp:754:3:754:3 | a | | +| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:752:15:752:16 | a2 | | +| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:753:10:753:11 | a2 | | +| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:754:3:754:3 | a2 | | +| atl.cpp:752:18:752:21 | call to Find | atl.cpp:753:13:753:15 | pos | | +| atl.cpp:753:10:753:11 | ref arg a2 | atl.cpp:754:3:754:3 | a2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 02b88d5dbdafd21fb67ad6e94c42a7be6494f5f6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:29:32 +0000 Subject: [PATCH 23/65] C++: Add MaD model for 'CSimpleArray'. --- cpp/ql/lib/ext/CSimpleArray.model.yml | 11 +++++++++++ .../test/library-tests/dataflow/taint-tests/atl.cpp | 8 ++++---- 2 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 cpp/ql/lib/ext/CSimpleArray.model.yml diff --git a/cpp/ql/lib/ext/CSimpleArray.model.yml b/cpp/ql/lib/ext/CSimpleArray.model.yml new file mode 100644 index 000000000000..1c6337bf74c3 --- /dev/null +++ b/cpp/ql/lib/ext/CSimpleArray.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index e21500166417..531ca573c94d 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -734,19 +734,19 @@ void test_CSimpleArray() { { CSimpleArray a; a.Add(x); - sink(a[0]); // $ MISSING: ir + sink(a[0]); // $ ir a.Add(0); - sink(a[0]); // $ MISSING: ir + sink(a[0]); // $ ir CSimpleArray a2; sink(a2[0]); a2 = a; - sink(a2[0]); // $ MISSING: ir + sink(a2[0]); // $ ir } { CSimpleArray a; a.Add(x); - sink(a.GetData()); // $ MISSING: ir + sink(a.GetData()); // $ ir CSimpleArray a2; int pos = a2.Find(x); From 12674ea2e619613a482b3b3ac5875653d513ba51 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:31:45 +0000 Subject: [PATCH 24/65] C++: Add failing tests with 'CSimpleMap'. --- .../dataflow/taint-tests/atl.cpp | 55 +++++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 42 ++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 531ca573c94d..44c5df7018f5 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -753,3 +753,58 @@ void test_CSimpleArray() { sink(a2[pos]); // $ MISSING: ir } } + +template +struct CSimpleMap { + CSimpleMap(); + ~CSimpleMap(); + + BOOL Add(const TKey& key, const TVal& val); + int FindKey(const TKey& key) const; + int FindVal(const TVal& val) const; + TKey& GetKeyAt(int nIndex) const; + int GetSize() const; + TVal& GetValueAt(int nIndex) const; + TVal Lookup(const TKey& key) const; + BOOL Remove(const TKey& key); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + TKey ReverseLookup(const TVal& val) const; + BOOL SetAt(const TKey& key, const TVal& val); + BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val); +}; + +void test_CSimpleMap() { + wchar_t* x = source(); + { + CSimpleMap a; + a.Add("hello", x); + sink(a.Lookup("hello")); // $ MISSING: ir + } + { + CSimpleMap a; + auto pos = a.FindKey("hello"); + sink(a.GetValueAt(pos)); // $ MISSING: ir + } + { + CSimpleMap a; + auto pos = a.FindVal(x); + sink(a.GetValueAt(pos)); // $ MISSING: ir + } + { + CSimpleMap a; + auto key = a.ReverseLookup(x); + sink(key); + sink(a.Lookup(key)); // $ MISSING: ir + } + { + CSimpleMap a; + a.SetAt("hello", x); + sink(a.Lookup("hello")); // $ MISSING: ir + } + { + CSimpleMap a; + a.SetAtIndex(0, "hello", x); + sink(a.Lookup("hello")); // $ MISSING: ir + } +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 952f67e2a547..395ba48f967e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -846,6 +846,48 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:754:3:754:3 | a2 | | | atl.cpp:752:18:752:21 | call to Find | atl.cpp:753:13:753:15 | pos | | | atl.cpp:753:10:753:11 | ref arg a2 | atl.cpp:754:3:754:3 | a2 | | +| atl.cpp:778:16:778:31 | call to source | atl.cpp:781:20:781:20 | x | | +| atl.cpp:778:16:778:31 | call to source | atl.cpp:791:26:791:26 | x | | +| atl.cpp:778:16:778:31 | call to source | atl.cpp:796:32:796:32 | x | | +| atl.cpp:778:16:778:31 | call to source | atl.cpp:802:22:802:22 | x | | +| atl.cpp:778:16:778:31 | call to source | atl.cpp:807:30:807:30 | x | | +| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:781:5:781:5 | a | | +| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:782:10:782:10 | a | | +| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:783:3:783:3 | a | | +| atl.cpp:781:5:781:5 | ref arg a | atl.cpp:782:10:782:10 | a | | +| atl.cpp:781:5:781:5 | ref arg a | atl.cpp:783:3:783:3 | a | | +| atl.cpp:782:10:782:10 | ref arg a | atl.cpp:783:3:783:3 | a | | +| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:786:16:786:16 | a | | +| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:787:10:787:10 | a | | +| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:788:3:788:3 | a | | +| atl.cpp:786:18:786:24 | call to FindKey | atl.cpp:787:23:787:25 | pos | | +| atl.cpp:787:10:787:10 | ref arg a | atl.cpp:788:3:788:3 | a | | +| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:791:16:791:16 | a | | +| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:792:10:792:10 | a | | +| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:793:3:793:3 | a | | +| atl.cpp:791:18:791:24 | call to FindVal | atl.cpp:792:23:792:25 | pos | | +| atl.cpp:792:10:792:10 | ref arg a | atl.cpp:793:3:793:3 | a | | +| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:796:16:796:16 | a | | +| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:798:10:798:10 | a | | +| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:799:3:799:3 | a | | +| atl.cpp:796:16:796:16 | ref arg a | atl.cpp:798:10:798:10 | a | | +| atl.cpp:796:16:796:16 | ref arg a | atl.cpp:799:3:799:3 | a | | +| atl.cpp:796:18:796:30 | call to ReverseLookup | atl.cpp:797:10:797:12 | key | | +| atl.cpp:796:18:796:30 | call to ReverseLookup | atl.cpp:798:19:798:21 | key | | +| atl.cpp:797:10:797:12 | ref arg key | atl.cpp:798:19:798:21 | key | | +| atl.cpp:798:10:798:10 | ref arg a | atl.cpp:799:3:799:3 | a | | +| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:802:5:802:5 | a | | +| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:803:10:803:10 | a | | +| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:804:3:804:3 | a | | +| atl.cpp:802:5:802:5 | ref arg a | atl.cpp:803:10:803:10 | a | | +| atl.cpp:802:5:802:5 | ref arg a | atl.cpp:804:3:804:3 | a | | +| atl.cpp:803:10:803:10 | ref arg a | atl.cpp:804:3:804:3 | a | | +| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:807:5:807:5 | a | | +| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:808:10:808:10 | a | | +| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:809:3:809:3 | a | | +| atl.cpp:807:5:807:5 | ref arg a | atl.cpp:808:10:808:10 | a | | +| atl.cpp:807:5:807:5 | ref arg a | atl.cpp:809:3:809:3 | a | | +| atl.cpp:808:10:808:10 | ref arg a | atl.cpp:809:3:809:3 | a | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 74b6c9dcc75731e0922b47b085d8c058d7d6ef69 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:36:48 +0000 Subject: [PATCH 25/65] C++: Add MaD model for 'CSimpleMap'. --- cpp/ql/lib/ext/CSimpleMap.model.yml | 12 ++++++++++++ .../test/library-tests/dataflow/taint-tests/atl.cpp | 6 +++--- 2 files changed, 15 insertions(+), 3 deletions(-) create mode 100644 cpp/ql/lib/ext/CSimpleMap.model.yml diff --git a/cpp/ql/lib/ext/CSimpleMap.model.yml b/cpp/ql/lib/ext/CSimpleMap.model.yml new file mode 100644 index 000000000000..323b5be01742 --- /dev/null +++ b/cpp/ql/lib/ext/CSimpleMap.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "taint", "manual"] + - ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 44c5df7018f5..fe76e3f2f93b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -779,7 +779,7 @@ void test_CSimpleMap() { { CSimpleMap a; a.Add("hello", x); - sink(a.Lookup("hello")); // $ MISSING: ir + sink(a.Lookup("hello")); // $ ir } { CSimpleMap a; @@ -800,11 +800,11 @@ void test_CSimpleMap() { { CSimpleMap a; a.SetAt("hello", x); - sink(a.Lookup("hello")); // $ MISSING: ir + sink(a.Lookup("hello")); // $ ir } { CSimpleMap a; a.SetAtIndex(0, "hello", x); - sink(a.Lookup("hello")); // $ MISSING: ir + sink(a.Lookup("hello")); // $ ir } } From 1ea879a880c0e409b56f45248f55a35493b4d0fa Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 14:38:10 +0000 Subject: [PATCH 26/65] C++: Add failing tests for 'CUrl'. --- .../dataflow/taint-tests/atl.cpp | 89 +++++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 66 ++++++++++++++ 2 files changed, 155 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index fe76e3f2f93b..1727684b51a3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -808,3 +808,92 @@ void test_CSimpleMap() { sink(a.Lookup("hello")); // $ ir } } + +struct CUrl { + CUrl& operator= (const CUrl& urlThat) throw(); + CUrl() throw(); + CUrl(const CUrl& urlThat) throw(); + ~CUrl() throw(); + + inline BOOL Canonicalize(DWORD dwFlags) throw(); + inline void Clear() throw(); + + BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw(); + inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw(); + + inline LPCTSTR GetExtraInfo() const throw(); + inline DWORD GetExtraInfoLength() const throw(); + inline LPCTSTR GetHostName() const throw(); + inline DWORD GetHostNameLength() const throw(); + inline LPCTSTR GetPassword() const throw(); + inline DWORD GetPasswordLength() const throw(); + inline ATL_URL_PORT GetPortNumber() const throw(); + inline ATL_URL_SCHEME GetScheme() const throw(); + inline LPCTSTR GetSchemeName() const throw(); + inline DWORD GetSchemeNameLength() const throw(); + inline DWORD GetUrlLength() const throw(); + inline LPCTSTR GetUrlPath() const throw(); + inline DWORD GetUrlPathLength() const throw(); + inline LPCTSTR GetUserName() const throw(); + inline DWORD GetUserNameLength() const throw(); + inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw(); + inline BOOL SetHostName(LPCTSTR lpszHost) throw(); + inline BOOL SetPassword(LPCTSTR lpszPass) throw(); + inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw(); + inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw(); + inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw(); + inline BOOL SetUrlPath(LPCTSTR lpszPath) throw(); + inline BOOL SetUserName(LPCTSTR lpszUser) throw(); +}; + +void test_CUrl() { + char* x = indirect_source(); + CUrl url; + url.CrackUrl(x, 0); + sink(url); // $ MISSING: ir + sink(url.GetExtraInfo()); // $ MISSING: ir + sink(url.GetHostName()); // $ MISSING: ir + sink(url.GetPassword()); // $ MISSING: ir + sink(url.GetSchemeName()); // $ MISSING: ir + sink(url.GetUrlPath()); // $ MISSING: ir + sink(url.GetUserName()); // $ MISSING: ir + + { + CUrl url2; + DWORD len; + char buffer[1024]; + url2.CrackUrl(x, 0); + url2.CreateUrl(buffer, &len, 0); + sink(buffer); // $ ast MISSING: ir + } + { + CUrl url2; + url2.SetExtraInfo(x); + sink(url2); // $ MISSING: ir + } + { + CUrl url2; + url2.SetHostName(x); + sink(url2); // $ MISSING: ir + } + { + CUrl url2; + url2.SetPassword(x); + sink(url2); // $ MISSING: ir + } + { + CUrl url2; + url2.SetSchemeName(x); + sink(url2); // $ MISSING: ir + } + { + CUrl url2; + url2.SetUrlPath(x); + sink(url2); // $ MISSING: ir + } + { + CUrl url2; + url2.SetUserName(x); + sink(url2); // $ MISSING: ir + } +} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 395ba48f967e..3f77cb77b9cf 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -888,6 +888,72 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:807:5:807:5 | ref arg a | atl.cpp:808:10:808:10 | a | | | atl.cpp:807:5:807:5 | ref arg a | atl.cpp:809:3:809:3 | a | | | atl.cpp:808:10:808:10 | ref arg a | atl.cpp:809:3:809:3 | a | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:852:16:852:16 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:865:19:865:19 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:871:23:871:23 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:876:22:876:22 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:881:22:881:22 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:886:24:886:24 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:891:21:891:21 | x | | +| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:896:22:896:22 | x | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:852:3:852:5 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:853:8:853:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:854:8:854:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | +| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:899:1:899:1 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:853:8:853:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:854:8:854:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:855:8:855:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:856:8:856:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:857:8:857:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:858:8:858:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:859:8:859:10 | url | | +| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:899:1:899:1 | url | | +| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:865:5:865:8 | url2 | | +| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | | +| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:868:3:868:3 | url2 | | +| atl.cpp:863:11:863:13 | len | atl.cpp:866:29:866:31 | len | | +| atl.cpp:864:10:864:15 | buffer | atl.cpp:866:20:866:25 | buffer | | +| atl.cpp:864:10:864:15 | buffer | atl.cpp:867:10:867:15 | buffer | | +| atl.cpp:865:5:865:8 | ref arg url2 | atl.cpp:866:5:866:8 | url2 | | +| atl.cpp:865:5:865:8 | ref arg url2 | atl.cpp:868:3:868:3 | url2 | | +| atl.cpp:866:20:866:25 | ref arg buffer | atl.cpp:867:10:867:15 | buffer | | +| atl.cpp:866:28:866:31 | ref arg & ... | atl.cpp:866:29:866:31 | len [inner post update] | | +| atl.cpp:866:29:866:31 | len | atl.cpp:866:28:866:31 | & ... | | +| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:871:5:871:8 | url2 | | +| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:872:10:872:13 | url2 | | +| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:873:3:873:3 | url2 | | +| atl.cpp:871:5:871:8 | ref arg url2 | atl.cpp:872:10:872:13 | url2 | | +| atl.cpp:871:5:871:8 | ref arg url2 | atl.cpp:873:3:873:3 | url2 | | +| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:876:5:876:8 | url2 | | +| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:877:10:877:13 | url2 | | +| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:878:3:878:3 | url2 | | +| atl.cpp:876:5:876:8 | ref arg url2 | atl.cpp:877:10:877:13 | url2 | | +| atl.cpp:876:5:876:8 | ref arg url2 | atl.cpp:878:3:878:3 | url2 | | +| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:881:5:881:8 | url2 | | +| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:882:10:882:13 | url2 | | +| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:883:3:883:3 | url2 | | +| atl.cpp:881:5:881:8 | ref arg url2 | atl.cpp:882:10:882:13 | url2 | | +| atl.cpp:881:5:881:8 | ref arg url2 | atl.cpp:883:3:883:3 | url2 | | +| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:886:5:886:8 | url2 | | +| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:887:10:887:13 | url2 | | +| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:888:3:888:3 | url2 | | +| atl.cpp:886:5:886:8 | ref arg url2 | atl.cpp:887:10:887:13 | url2 | | +| atl.cpp:886:5:886:8 | ref arg url2 | atl.cpp:888:3:888:3 | url2 | | +| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:891:5:891:8 | url2 | | +| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:892:10:892:13 | url2 | | +| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:893:3:893:3 | url2 | | +| atl.cpp:891:5:891:8 | ref arg url2 | atl.cpp:892:10:892:13 | url2 | | +| atl.cpp:891:5:891:8 | ref arg url2 | atl.cpp:893:3:893:3 | url2 | | +| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:896:5:896:8 | url2 | | +| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:897:10:897:13 | url2 | | +| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:898:3:898:3 | url2 | | +| atl.cpp:896:5:896:8 | ref arg url2 | atl.cpp:897:10:897:13 | url2 | | +| atl.cpp:896:5:896:8 | ref arg url2 | atl.cpp:898:3:898:3 | url2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | From 300e3eaba681fc50ba0d9914e16267b7b22f1e33 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:09:22 +0000 Subject: [PATCH 27/65] C++: Add MaD model for 'CUrl'. --- cpp/ql/lib/ext/CUrl.model.yml | 21 ++++++++++++++ .../dataflow/taint-tests/atl.cpp | 28 +++++++++---------- 2 files changed, 35 insertions(+), 14 deletions(-) create mode 100644 cpp/ql/lib/ext/CUrl.model.yml diff --git a/cpp/ql/lib/ext/CUrl.model.yml b/cpp/ql/lib/ext/CUrl.model.yml new file mode 100644 index 000000000000..3a4f8fe2ff5a --- /dev/null +++ b/cpp/ql/lib/ext/CUrl.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 1727684b51a3..de3df30b2836 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -850,13 +850,13 @@ void test_CUrl() { char* x = indirect_source(); CUrl url; url.CrackUrl(x, 0); - sink(url); // $ MISSING: ir - sink(url.GetExtraInfo()); // $ MISSING: ir - sink(url.GetHostName()); // $ MISSING: ir - sink(url.GetPassword()); // $ MISSING: ir - sink(url.GetSchemeName()); // $ MISSING: ir - sink(url.GetUrlPath()); // $ MISSING: ir - sink(url.GetUserName()); // $ MISSING: ir + sink(url); // $ ir + sink(url.GetExtraInfo()); // $ ir + sink(url.GetHostName()); // $ ir + sink(url.GetPassword()); // $ ir + sink(url.GetSchemeName()); // $ ir + sink(url.GetUrlPath()); // $ ir + sink(url.GetUserName()); // $ ir { CUrl url2; @@ -864,36 +864,36 @@ void test_CUrl() { char buffer[1024]; url2.CrackUrl(x, 0); url2.CreateUrl(buffer, &len, 0); - sink(buffer); // $ ast MISSING: ir + sink(buffer); // $ ast ir } { CUrl url2; url2.SetExtraInfo(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } { CUrl url2; url2.SetHostName(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } { CUrl url2; url2.SetPassword(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } { CUrl url2; url2.SetSchemeName(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } { CUrl url2; url2.SetUrlPath(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } { CUrl url2; url2.SetUserName(x); - sink(url2); // $ MISSING: ir + sink(url2); // $ ir } } \ No newline at end of file From e73fccdb4a0251641c871c32d926b954522b8cc5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:10:16 +0000 Subject: [PATCH 28/65] C++: Add more types that we'll need for later. --- .../dataflow/source-sink-tests/atl.cpp | 56 +++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp new file mode 100644 index 000000000000..8b3174b8046b --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -0,0 +1,56 @@ +typedef void* HANDLE; +typedef long LONG; +typedef LONG HRESULT; +typedef const char* LPCTSTR; +typedef unsigned long DWORD; +typedef unsigned long ULONG; +typedef void* PVOID; +typedef void* LPVOID; +typedef bool BOOL; +typedef const void* LPCVOID; +typedef unsigned long long ULONGLONG; +typedef long long LONGLONG; +typedef unsigned long* ULONG_PTR; +typedef char *LPTSTR; +typedef DWORD* LPDWORD; +typedef ULONG REGSAM; +typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; +typedef PVOID PSECURITY_DESCRIPTOR; +typedef struct _GUID { + unsigned long Data1; + unsigned short Data2; + unsigned short Data3; + unsigned char Data4[8]; +} GUID; +typedef GUID* REFGUID; + +typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; +} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; + +typedef struct _FILETIME { + DWORD dwLowDateTime; + DWORD dwHighDateTime; +} FILETIME, *PFILETIME, *LPFILETIME; + +using size_t = decltype(sizeof(int)); +using SIZE_T = size_t; + +typedef struct _OVERLAPPED { + ULONG_PTR Internal; + ULONG_PTR InternalHigh; + union { + struct { + DWORD Offset; + DWORD OffsetHigh; + } DUMMYSTRUCTNAME; + PVOID Pointer; + } DUMMYUNIONNAME; + HANDLE hEvent; +} OVERLAPPED, *LPOVERLAPPED; + +using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED); + +using HKEY = void*; From dee47f2111a3ae001ad69df7ba37a858bf287107 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:18:07 +0000 Subject: [PATCH 29/65] C++: Add a failing test with 'CAtlFile'. --- .../dataflow/source-sink-tests/atl.cpp | 81 +++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 8b3174b8046b..bcc75fe0bd13 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -54,3 +54,84 @@ typedef struct _OVERLAPPED { using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED); using HKEY = void*; + +class CAtlTransactionManager; + +class CHandle { + CHandle() throw(); + CHandle(CHandle& h) throw(); + explicit CHandle(HANDLE h) throw(); +}; + +struct CAtlFile : public CHandle { + CAtlFile() throw(); + CAtlFile(CAtlTransactionManager* pTM) throw(); + CAtlFile(CAtlFile& file) throw(); + explicit CAtlFile(HANDLE hFile) throw(); + + HRESULT Create( + LPCTSTR szFilename, + DWORD dwDesiredAccess, + DWORD dwShareMode, + DWORD dwCreationDisposition, + DWORD dwFlagsAndAttributes, + LPSECURITY_ATTRIBUTES lpsa, + HANDLE hTemplateFile) throw(); + + HRESULT Flush() throw(); + HRESULT GetOverlappedResult( + LPOVERLAPPED pOverlapped, + DWORD& dwBytesTransferred, + BOOL bWait + ) throw(); + + HRESULT GetPosition(ULONGLONG& nPos) const throw(); + HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Seek( + LONGLONG nOffset, + DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); +}; + +void test_CAtlFile() { + CAtlFile catFile; + char buffer[1024]; + catFile.Read(buffer, 1024); // $ MISSING: local_source +} From 74eae4a18dd1fa02e6256ea41e156b4c918ff9b6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:21:45 +0000 Subject: [PATCH 30/65] C++: Add a MaD model for 'CAtlFile' and mark reads as local flow sources. --- cpp/ql/lib/ext/CAtlFile.model.yml | 9 +++++++++ cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../cpp/models/implementations/CAtlFile.qll | 17 +++++++++++++++++ .../dataflow/source-sink-tests/atl.cpp | 2 +- 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/lib/ext/CAtlFile.model.yml create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll diff --git a/cpp/ql/lib/ext/CAtlFile.model.yml b/cpp/ql/lib/ext/CAtlFile.model.yml new file mode 100644 index 000000000000..03584d62f037 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlFile.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index b371e6dc116c..37c97dcca8df 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -53,3 +53,4 @@ private import implementations.Win32CommandExecution private import implementations.CA2AEX private import implementations.CComBSTR private import implementations.CPathT +private import implementations.CAtlFile diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll new file mode 100644 index 000000000000..6c01a29c539d --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll @@ -0,0 +1,17 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFile` class from Microsoft's Active Template Library. + */ +class CAtlFile extends Class { + CAtlFile() { this.hasGlobalName("CAtlFile") } +} + +private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction { + CAtlFileRead() { this.getClassAndName("Read") instanceof CAtlFile } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isParameterDeref(0) and + description = "string read by " + this.getName() + } +} diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index bcc75fe0bd13..2724e42aa345 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -133,5 +133,5 @@ struct CAtlFile : public CHandle { void test_CAtlFile() { CAtlFile catFile; char buffer[1024]; - catFile.Read(buffer, 1024); // $ MISSING: local_source + catFile.Read(buffer, 1024); // $ local_source } From ac0599cf75a4b1f50ca7fbe9317ded9bb2d136ba Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:24:35 +0000 Subject: [PATCH 31/65] C++: Add a failing test with 'CAtlFileMapping'. --- .../dataflow/source-sink-tests/atl.cpp | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 2724e42aa345..63d1bb171052 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -135,3 +135,47 @@ void test_CAtlFile() { char buffer[1024]; catFile.Read(buffer, 1024); // $ local_source } + +struct CAtlFileMappingBase { + CAtlFileMappingBase(CAtlFileMappingBase& orig); + CAtlFileMappingBase() throw(); + ~CAtlFileMappingBase() throw(); + + HRESULT CopyFrom(CAtlFileMappingBase& orig) throw(); + void* GetData() const throw(); + HANDLE GetHandle() throw (); + SIZE_T GetMappingSize() throw(); + + HRESULT MapFile( + HANDLE hFile, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT MapSharedMem( + SIZE_T nMappingSize, + LPCTSTR szName, + BOOL* pbAlreadyExisted, + LPSECURITY_ATTRIBUTES lpsa, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT OpenMapping( + LPCTSTR szName, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwViewDesiredAccess) throw(); + + HRESULT Unmap() throw(); +}; + +template +struct CAtlFileMapping : public CAtlFileMappingBase { + operator T*() const throw(); +}; + +void test_CAtlFileMapping(CAtlFileMapping mapping) { + char* data = static_cast(mapping); // $ MISSING: local_source + void* data2 = mapping.GetData(); // $ MISSING: local_source +} From 3709151353ecf426f73341a35d0642d5f91de93b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:31:12 +0000 Subject: [PATCH 32/65] C++: Add a MaD model for 'CAtlFileMappingBase' and mark reads as local flow sources. --- cpp/ql/lib/ext/CAtlFileMappingBase.model.yml | 13 +++++++ cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../implementations/CAtlFileMapping.qll | 37 +++++++++++++++++++ .../dataflow/source-sink-tests/atl.cpp | 4 +- 4 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 cpp/ql/lib/ext/CAtlFileMappingBase.model.yml create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll diff --git a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml new file mode 100644 index 000000000000..dcf9fd6ca70d --- /dev/null +++ b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index 37c97dcca8df..f6ff93061af0 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -54,3 +54,4 @@ private import implementations.CA2AEX private import implementations.CComBSTR private import implementations.CPathT private import implementations.CAtlFile +private import implementations.CAtlFileMapping diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll new file mode 100644 index 000000000000..85dae06806fb --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll @@ -0,0 +1,37 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFileMapping` class from Microsoft's Active Template Library. + */ +class CAtlFileMapping extends Class { + CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") } +} + +/** + * The `CAtlFileMappingBase` class from Microsoft's Active Template Library. + */ +class CAtlFileMappingBase extends Class { + CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") } +} + +private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction { + CAtlFileMappingBaseGetData() { + this.getClassAndName("GetData") = any(CAtlFileMappingBase fileMaping).getADerivedClass*() + } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isReturnValueDeref(1) and + description = "data read by " + this.getName() + } +} + +private class CAtlFileMappingGetData extends MemberFunction, LocalFlowSourceFunction { + CAtlFileMappingGetData() { + this.(ConversionOperator).getDeclaringType() instanceof CAtlFileMapping + } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isReturnValueDeref(1) and + description = "data read by " + this.getName() + } +} diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 63d1bb171052..8a9f9f0ea0a8 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -176,6 +176,6 @@ struct CAtlFileMapping : public CAtlFileMappingBase { }; void test_CAtlFileMapping(CAtlFileMapping mapping) { - char* data = static_cast(mapping); // $ MISSING: local_source - void* data2 = mapping.GetData(); // $ MISSING: local_source + char* data = static_cast(mapping); // $ local_source + void* data2 = mapping.GetData(); // $ local_source } From 67ba85a0a3bf4c20f51fcf04c383fc876d48970c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:32:59 +0000 Subject: [PATCH 33/65] C++: Add failing tests for 'CAtlTemporaryFile'. --- .../dataflow/source-sink-tests/atl.cpp | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 8a9f9f0ea0a8..3440940a4f0d 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -179,3 +179,39 @@ void test_CAtlFileMapping(CAtlFileMapping mapping) { char* data = static_cast(mapping); // $ local_source void* data2 = mapping.GetData(); // $ local_source } + +struct CAtlTemporaryFile { + CAtlTemporaryFile() throw(); + ~CAtlTemporaryFile() throw(); + HRESULT Close(LPCTSTR szNewName) throw(); + HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw(); + HRESULT Flush() throw(); + HRESULT GetPosition(ULONGLONG& nPos) const throw(); + HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT HandsOff() throw(); + HRESULT HandsOn() throw(); + HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + LPCTSTR TempFileName() throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + operator HANDLE() throw(); +}; + +void test_CAtlTemporaryFile() { + CAtlTemporaryFile file; + char buffer[1024]; + DWORD bytesRead; + file.Read(buffer, 1024, bytesRead); // $ MISSING: local_source +} From 33212da87621c003703992660b5ab524e38096eb Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:38:34 +0000 Subject: [PATCH 34/65] C++: Add a MaD model for 'CAtlTemporaryFile' and mark reads as local flow sources. --- cpp/ql/lib/ext/CAtlTemporaryFile.model.yml | 8 ++++++++ cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../implementations/CAtlTemporaryFile.qll | 17 +++++++++++++++++ .../dataflow/source-sink-tests/atl.cpp | 2 +- 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/lib/ext/CAtlTemporaryFile.model.yml create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll diff --git a/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml new file mode 100644 index 000000000000..71a05266a2d3 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index f6ff93061af0..cd86b53f90e0 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -55,3 +55,4 @@ private import implementations.CComBSTR private import implementations.CPathT private import implementations.CAtlFile private import implementations.CAtlFileMapping +private import implementations.CAtlTemporaryFile diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll new file mode 100644 index 000000000000..cc3a36d0fbd7 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll @@ -0,0 +1,17 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFile` class from Microsoft's Active Template Library. + */ +class CAtlTemporaryFile extends Class { + CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") } +} + +private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction { + CAtlTemporaryFileRead() { this.getClassAndName("Read") instanceof CAtlTemporaryFile } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isParameterDeref(0) and + description = "string read by " + this.getName() + } +} diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 3440940a4f0d..35698f13e847 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -213,5 +213,5 @@ void test_CAtlTemporaryFile() { CAtlTemporaryFile file; char buffer[1024]; DWORD bytesRead; - file.Read(buffer, 1024, bytesRead); // $ MISSING: local_source + file.Read(buffer, 1024, bytesRead); // $ local_source } From 5aada39a4e0a146f880bd2d94b719f975fde5412 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:40:37 +0000 Subject: [PATCH 35/65] C++: Add failing tests for 'CRegKey'. --- .../dataflow/source-sink-tests/atl.cpp | 172 ++++++++++++++++++ 1 file changed, 172 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index 35698f13e847..e8fbcbf96609 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -215,3 +215,175 @@ void test_CAtlTemporaryFile() { DWORD bytesRead; file.Read(buffer, 1024, bytesRead); // $ local_source } + +struct CRegKey { + CRegKey() throw(); + CRegKey(CRegKey& key) throw(); + explicit CRegKey(HKEY hKey) throw(); + CRegKey(CAtlTransactionManager* pTM) throw(); + + ~CRegKey() throw(); + void Attach(HKEY hKey) throw(); + LONG Close() throw(); + + LONG Create( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPTSTR lpszClass, + DWORD dwOptions, + REGSAM samDesired, + LPSECURITY_ATTRIBUTES lpSecAttr, + LPDWORD lpdwDisposition) throw(); + + LONG DeleteSubKey(LPCTSTR lpszSubKey) throw(); + LONG DeleteValue(LPCTSTR lpszValue) throw(); + HKEY Detach() throw(); + + LONG EnumKey( + DWORD iIndex, + LPTSTR pszName, + LPDWORD pnNameLength, + FILETIME* pftLastWriteTime) throw(); + + LONG Flush() throw(); + + LONG GetKeySecurity( + SECURITY_INFORMATION si, + PSECURITY_DESCRIPTOR psd, + LPDWORD pnBytes) throw(); + + LONG NotifyChangeKeyValue( + BOOL bWatchSubtree, + DWORD dwNotifyFilter, + HANDLE hEvent, + BOOL bAsync) throw(); + + LONG Open( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + REGSAM samDesired) throw(); + + LONG QueryBinaryValue( + LPCTSTR pszValueName, + void* pValue, + ULONG* pnBytes) throw(); + + LONG QueryDWORDValue( + LPCTSTR pszValueName, + DWORD& dwValue) throw(); + + LONG QueryGUIDValue( + LPCTSTR pszValueName, + GUID& guidValue) throw(); + + LONG QueryMultiStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryQWORDValue( + LPCTSTR pszValueName, + ULONGLONG& qwValue) throw(); + + LONG QueryStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryValue( + LPCTSTR pszValueName, + DWORD* pdwType, + void* pData, + ULONG* pnBytes) throw(); + + LONG QueryValue( + DWORD& dwValue, + LPCTSTR lpszValueName); + + LONG QueryValue( + LPTSTR szValue, + LPCTSTR lpszValueName, + DWORD* pdwCount); + + LONG RecurseDeleteKey(LPCTSTR lpszKey) throw(); + + LONG SetBinaryValue( + LPCTSTR pszValueName, + const void* pValue, + ULONG nBytes) throw(); + + LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw(); + + LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw(); + + LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw(); + + LONG SetKeyValue( + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName) throw(); + + LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw(); + + LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw(); + + LONG SetStringValue( + LPCTSTR pszValueName, + LPCTSTR pszValue, + DWORD dwType) throw(); + + LONG SetValue( + LPCTSTR pszValueName, + DWORD dwType, + const void* pValue, + ULONG nBytes) throw(); + + static LONG SetValue( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName); + + LONG SetValue( + DWORD dwValue, + LPCTSTR lpszValueName); + + LONG SetValue( + LPCTSTR lpszValue, + LPCTSTR lpszValueName, + bool bMulti, + int nValueLen); + + operator HKEY() const throw(); + CRegKey& operator= (CRegKey& key) throw(); + + HKEY m_hKey; +}; + +void test_CRegKey() { + CRegKey key; + char data[1024]; + ULONG bytesRead; + key.QueryBinaryValue("foo", data, &bytesRead); // $ MISSING: local_source + + DWORD value; + key.QueryDWORDValue("foo", value); // $ MISSING: local_source + + GUID guid; + key.QueryGUIDValue("foo", guid); // $ MISSING: local_source + + key.QueryMultiStringValue("foo", data, &bytesRead); // $ MISSING: local_source + + ULONGLONG qword; + key.QueryQWORDValue("foo", qword); // $ MISSING: local_source + + key.QueryStringValue("foo", data, &bytesRead); // $ MISSING: local_source + + key.QueryValue(data, "foo", &bytesRead); // $ MISSING: local_source + + DWORD type; + key.QueryValue("foo", &type, data, &bytesRead); // $ MISSING: local_source + + DWORD value2; + key.QueryValue(value2, "foo"); // $ MISSING: local_source +} \ No newline at end of file From d69de0cc761fe1739962fb8277eb4a8c4afe5748 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:43:39 +0000 Subject: [PATCH 36/65] C++: Add a MaD model for 'CRegKey' and mark query calls as local flow sources. --- cpp/ql/lib/ext/CRegKey.model.yml | 19 ++++ cpp/ql/lib/semmle/code/cpp/models/Models.qll | 1 + .../cpp/models/implementations/CRegKey.qll | 87 +++++++++++++++++++ .../dataflow/source-sink-tests/atl.cpp | 18 ++-- 4 files changed, 116 insertions(+), 9 deletions(-) create mode 100644 cpp/ql/lib/ext/CRegKey.model.yml create mode 100644 cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml new file mode 100644 index 000000000000..52b742029ac5 --- /dev/null +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -0,0 +1,19 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CRegKey", True, "CRegKey", "(CRegKey&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(DWORD&,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[**0]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "operator HKEY", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index cd86b53f90e0..83bda3e2a44e 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -56,3 +56,4 @@ private import implementations.CPathT private import implementations.CAtlFile private import implementations.CAtlFileMapping private import implementations.CAtlTemporaryFile +private import implementations.CRegKey diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll new file mode 100644 index 000000000000..e6d1a5ba09ec --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll @@ -0,0 +1,87 @@ +private import cpp +private import semmle.code.cpp.models.interfaces.FlowSource +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CRegKey` class from the Microsoft "Active Template Library". */ +class CRegKey extends Class { + CRegKey() { this.hasGlobalName("CRegKey") } +} + +module CRegKey { + /** The `m_hKey` member on a object of type `CRegKey`. */ + class MhKey extends Field { + MhKey() { + this.getDeclaringType() instanceof CRegKey and + this.getName() = "m_hKey" + } + } + + private class MhKeyPathTaintInheritingContent extends TaintInheritingContent, + DataFlow::FieldContent + { + MhKeyPathTaintInheritingContent() { this.getField() instanceof MhKey } + } + + private class CRegKeyMemberFunction extends MemberFunction { + string name; + + CRegKeyMemberFunction() { this.getClassAndName(name) instanceof CRegKey } + } + + abstract private class CRegKeyFlowSource extends CRegKeyMemberFunction, LocalFlowSourceFunction { + FunctionOutput output; + + final override predicate hasLocalFlowSource(FunctionOutput output_, string description) { + output_ = output and + description = "registry string read by " + name + } + } + + /** The `CRegKey::QueryBinaryValue` function from Win32. */ + class QueryBinaryValue extends CRegKeyFlowSource { + QueryBinaryValue() { name = "QueryBinaryValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryDWORDValue` function from Win32. */ + class QueryDwordValue extends CRegKeyFlowSource { + QueryDwordValue() { name = "QueryDWORDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryGUIDValue` function from Win32. */ + class QueryGuidValue extends CRegKeyFlowSource { + QueryGuidValue() { name = "QueryGUIDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryMultiStringValue` function from Win32. */ + class QueryMultiStringValue extends CRegKeyFlowSource { + QueryMultiStringValue() { name = "QueryMultiStringValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryQWORDValue` function from Win32. */ + class QueryQwordValue extends CRegKeyFlowSource { + QueryQwordValue() { name = "QueryQWORDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryStringValue` function from Win32. */ + class QueryStringValue extends CRegKeyFlowSource { + QueryStringValue() { name = "QueryStringValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryValue` function from Win32. */ + class QueryValue extends CRegKeyFlowSource { + QueryValue() { + name = "QueryValue" and + ( + this.getNumberOfParameters() = 4 and + output.isParameterDeref(2) + or + this.getNumberOfParameters() = 2 and + output.isParameterDeref(0) + or + this.getNumberOfParameters() = 3 and + output.isParameterDeref(0) + ) + } + } +} diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp index e8fbcbf96609..7df5e3dc1a08 100644 --- a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -364,26 +364,26 @@ void test_CRegKey() { CRegKey key; char data[1024]; ULONG bytesRead; - key.QueryBinaryValue("foo", data, &bytesRead); // $ MISSING: local_source + key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source DWORD value; - key.QueryDWORDValue("foo", value); // $ MISSING: local_source + key.QueryDWORDValue("foo", value); // $ local_source GUID guid; - key.QueryGUIDValue("foo", guid); // $ MISSING: local_source + key.QueryGUIDValue("foo", guid); // $ local_source - key.QueryMultiStringValue("foo", data, &bytesRead); // $ MISSING: local_source + key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source ULONGLONG qword; - key.QueryQWORDValue("foo", qword); // $ MISSING: local_source + key.QueryQWORDValue("foo", qword); // $ local_source - key.QueryStringValue("foo", data, &bytesRead); // $ MISSING: local_source + key.QueryStringValue("foo", data, &bytesRead); // $ local_source - key.QueryValue(data, "foo", &bytesRead); // $ MISSING: local_source + key.QueryValue(data, "foo", &bytesRead); // $ local_source DWORD type; - key.QueryValue("foo", &type, data, &bytesRead); // $ MISSING: local_source + key.QueryValue("foo", &type, data, &bytesRead); // $ local_source DWORD value2; - key.QueryValue(value2, "foo"); // $ MISSING: local_source + key.QueryValue(value2, "foo"); // $ local_source } \ No newline at end of file From 19e7c3776049a71101397e5fde8156969e932d66 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 15:47:29 +0000 Subject: [PATCH 37/65] C++: Update the final test changes. Nothing exciting here. --- .../dataflow/external-models/flow.expected | 10 +- .../external-models/validatemodels.expected | 14 +- .../taint-tests/test_mad-signatures.expected | 848 ++++++++++++++++++ 3 files changed, 861 insertions(+), 11 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index d1e895f2eafb..3c5b69b09f4b 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:819 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:817 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:818 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:809 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:807 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:808 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:818 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:808 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:819 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:809 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index b02760131065..166d834ea768 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -5,23 +5,25 @@ | Dubious member name "operator LPSTR" in summary model. | | Dubious member name "operator LPWSTR" in summary model. | | Dubious member name "operator PCXSTR" in summary model. | -| Dubious member name "operator StringType&" in summary model. | -| Dubious member name "operator T*" in summary model. | -| Dubious member name "operator const StringType&" in summary model. | | Dubious member name "operator&" in summary model. | | Dubious member name "operator*" in summary model. | | Dubious member name "operator+=" in summary model. | | Dubious member name "operator->" in summary model. | | Dubious member name "operator=" in summary model. | | Dubious member name "operator[]" in summary model. | +| Dubious signature "(CAtlFile &)" in summary model. | | Dubious signature "(CRegKey&)" in summary model. | | Dubious signature "(DWORD&,LPCTSTR)" in summary model. | | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | +| Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. | +| Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. | | Dubious signature "(const CComBSTR&)" in summary model. | +| Dubious signature "(const CComSafeArray &)" in summary model. | | Dubious signature "(const CComSafeArray&)" in summary model. | -| Dubious signature "(const SAFEARRAY&)" in summary model. | -| Dubious signature "(const SAFEARRAY*)" in summary model. | -| Dubious signature "(const SAFEARRAYBOUND*, UINT)" in summary model. | +| Dubious signature "(const SAFEARRAY &)" in summary model. | +| Dubious signature "(const SAFEARRAY *)" in summary model. | +| Dubious signature "(const SAFEARRAYBOUND *,UINT)" in summary model. | +| Dubious signature "(const T &,BOOL)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | | Dubious signature "(const forward_list &)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 26031f42c0ac..1f84cd3379af 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1,4 +1,90 @@ signatureMatches +| atl.cpp:68:3:68:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:68:3:68:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:69:3:69:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:256:3:256:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:256:3:256:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:410:3:410:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:410:3:410:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:412:3:412:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:412:3:412:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:418:11:418:16 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:419:11:419:16 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:420:11:420:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:420:11:420:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:424:11:424:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:437:8:437:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:437:8:437:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | +| atl.cpp:437:8:437:17 | LoadString | (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | +| atl.cpp:438:8:438:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:438:8:438:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:447:13:447:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:447:13:447:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:543:11:543:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | +| atl.cpp:543:11:543:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:762:8:762:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:762:8:762:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:762:8:762:10 | Add | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:762:8:762:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:762:8:762:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:762:8:762:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:762:8:762:10 | Add | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:762:8:762:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:773:8:773:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:773:8:773:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:773:8:773:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:773:8:773:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:773:8:773:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:773:8:773:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:773:8:773:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:773:8:773:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | +| atl.cpp:839:15:839:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:840:15:840:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:841:15:841:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:844:15:844:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:845:15:845:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:846:15:846:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| stl.h:165:8:165:16 | push_back | (char) | CComBSTR | Append | 0 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | deque | assign | 0 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | deque | assign | 1 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | forward_list | assign | 0 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | forward_list | assign | 1 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | list | assign | 0 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | list | assign | 1 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | vector | assign | 0 | +| stl.h:181:47:181:52 | append | (InputIt,InputIt) | vector | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign | 0 | @@ -7,6 +93,14 @@ signatureMatches | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | list | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | vector | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | vector | assign | 1 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | deque | assign | 0 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | deque | assign | 1 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | forward_list | assign | 0 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | forward_list | assign | 1 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | list | assign | 0 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | list | assign | 1 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | vector | assign | 0 | +| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | vector | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | deque | assign | 0 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | deque | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | forward_list | assign | 0 | @@ -15,6 +109,18 @@ signatureMatches | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | list | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | vector | assign | 0 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | vector | assign | 1 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 0 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 1 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 2 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 0 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 1 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 2 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 0 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 1 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 2 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 0 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 1 | +| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 2 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 0 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 1 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 2 | @@ -267,7 +373,24 @@ signatureMatches | stl.h:678:33:678:38 | format | (format_string,Args &&) | | format | 1 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 0 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 1 | +| string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 | +| taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 | getSignatureParameterName +| (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & | +| (CRegKey&) | CRegKey | CRegKey | 0 | CRegKey& | +| (DWORD&,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD& | +| (DWORD&,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR | +| (HANDLE) | CAtlFile | CAtlFile | 0 | HANDLE | +| (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | HINSTANCE | +| (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | UINT | +| (HKEY) | CRegKey | CRegKey | 0 | HKEY | | (InputIt,InputIt) | deque | assign | 0 | func:0 | | (InputIt,InputIt) | deque | assign | 1 | func:0 | | (InputIt,InputIt) | forward_list | assign | 0 | func:0 | @@ -288,6 +411,35 @@ getSignatureParameterName | (InputIterator,InputIterator,const Allocator &) | vector | vector | 0 | func:0 | | (InputIterator,InputIterator,const Allocator &) | vector | vector | 1 | func:0 | | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | const class:1 & | +| (LPCOLESTR) | CComBSTR | Append | 0 | LPCOLESTR | +| (LPCOLESTR) | CComBSTR | CComBSTR | 0 | LPCOLESTR | +| (LPCOLESTR,int) | CComBSTR | Append | 0 | LPCOLESTR | +| (LPCOLESTR,int) | CComBSTR | Append | 1 | int | +| (LPCSTR) | CComBSTR | Append | 0 | LPCSTR | +| (LPCSTR) | CComBSTR | CComBSTR | 0 | LPCSTR | +| (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | LPCTSTR | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 0 | LPCTSTR | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 1 | DWORD * | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 2 | void * | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 3 | ULONG * | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * | +| (UINT) | CComBSTR | LoadString | 0 | UINT | +| (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT | +| (char) | CComBSTR | Append | 0 | char | +| (const CComBSTR&) | CComBSTR | Append | 0 | const CComBSTR& | +| (const CComBSTR&) | CComBSTR | CComBSTR | 0 | const CComBSTR& | +| (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & | +| (const CComSafeArray&) | CComSafeArray | operator= | 0 | const CComSafeArray& | +| (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & | +| (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | +| (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | +| (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * | +| (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 0 | const SAFEARRAYBOUND * | +| (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | UINT | +| (const T &,BOOL) | CComSafeArray | Add | 0 | const class:0 & | +| (const T &,BOOL) | CComSafeArray | Add | 1 | BOOL | | (const deque &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 1 | const class:1 & | @@ -348,6 +500,10 @@ getSignatureParameterName | (forward_list &&) | forward_list | forward_list | 0 | forward_list && | | (forward_list &&,const Allocator &) | forward_list | forward_list | 0 | forward_list && | | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | const class:1 & | +| (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | int | +| (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | LPCOLESTR | +| (int,LPCSTR) | CComBSTR | CComBSTR | 0 | int | +| (int,LPCSTR) | CComBSTR | CComBSTR | 1 | LPCSTR | | (list &&) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 1 | const class:1 & | @@ -374,15 +530,303 @@ getSignatureParameterName | (vector &&) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 1 | const class:1 & | +| (wchar_t) | CComBSTR | Append | 0 | wchar_t | getParameterTypeName +| arrayassignment.cpp:3:6:3:9 | sink | 0 | int | +| arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt | +| arrayassignment.cpp:5:6:5:9 | sink | 0 | MyArray | +| arrayassignment.cpp:37:7:37:7 | MyInt | 0 | const MyInt & | +| arrayassignment.cpp:44:9:44:17 | operator= | 0 | const int & | +| arrayassignment.cpp:45:9:45:17 | operator= | 0 | const MyInt & | +| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | MyArray && | +| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | const MyArray & | +| arrayassignment.cpp:83:7:83:7 | operator= | 0 | MyArray && | +| arrayassignment.cpp:83:7:83:7 | operator= | 0 | const MyArray & | +| arrayassignment.cpp:88:7:88:9 | get | 0 | int | +| arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int | +| arrayassignment.cpp:124:6:124:9 | sink | 0 | int * | +| atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && | +| atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & | +| atl.cpp:49:16:49:16 | operator= | 0 | const tagSAFEARRAYBOUND & | +| atl.cpp:49:16:49:16 | operator= | 0 | tagSAFEARRAYBOUND && | +| atl.cpp:54:16:54:16 | operator= | 0 | const tagVARIANT & | +| atl.cpp:54:16:54:16 | operator= | 0 | tagVARIANT && | +| atl.cpp:58:16:58:16 | operator= | 0 | const tagSAFEARRAY & | +| atl.cpp:58:16:58:16 | operator= | 0 | tagSAFEARRAY && | +| atl.cpp:67:8:67:8 | _U_STRINGorID | 0 | _U_STRINGorID && | +| atl.cpp:67:8:67:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | +| atl.cpp:67:8:67:8 | operator= | 0 | _U_STRINGorID && | +| atl.cpp:67:8:67:8 | operator= | 0 | const _U_STRINGorID & | +| atl.cpp:68:3:68:15 | _U_STRINGorID | 0 | UINT | +| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | LPCTSTR | +| atl.cpp:193:10:193:12 | Add | 0 | INARGTYPclass:0 | +| atl.cpp:195:10:195:15 | Append | 0 | const CAtlArray & | +| atl.cpp:195:10:195:15 | Append | 0 | const CAtlArray> & | +| atl.cpp:196:8:196:11 | Copy | 0 | const CAtlArray & | +| atl.cpp:196:8:196:11 | Copy | 0 | const CAtlArray> & | +| atl.cpp:198:6:198:10 | GetAt | 0 | size_t | +| atl.cpp:202:8:202:20 | InsertArrayAt | 0 | size_t | +| atl.cpp:202:8:202:20 | InsertArrayAt | 1 | const CAtlArray * | +| atl.cpp:202:8:202:20 | InsertArrayAt | 1 | const CAtlArray> * | +| atl.cpp:203:8:203:15 | InsertAt | 0 | size_t | +| atl.cpp:203:8:203:15 | InsertAt | 1 | INARGTYPclass:0 | +| atl.cpp:203:8:203:15 | InsertAt | 2 | size_t | +| atl.cpp:208:8:208:16 | SetAtGrow | 0 | size_t | +| atl.cpp:208:8:208:16 | SetAtGrow | 1 | INARGTYPclass:0 | +| atl.cpp:210:6:210:15 | operator[] | 0 | size_t | +| atl.cpp:256:3:256:10 | CAtlList | 0 | UINT | +| atl.cpp:259:12:259:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:260:8:260:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:260:8:260:18 | AddHeadList | 0 | const CAtlList> * | +| atl.cpp:262:12:262:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:263:8:263:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:263:8:263:18 | AddTailList | 0 | const CAtlList> * | +| atl.cpp:264:12:264:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:264:12:264:15 | Find | 1 | POSITION | +| atl.cpp:265:12:265:20 | FindIndex | 0 | size_t | +| atl.cpp:266:6:266:10 | GetAt | 0 | POSITION | +| atl.cpp:279:12:279:22 | InsertAfter | 0 | POSITION | +| atl.cpp:279:12:279:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:280:12:280:23 | InsertBefore | 0 | POSITION | +| atl.cpp:280:12:280:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:290:8:290:12 | SetAt | 0 | POSITION | +| atl.cpp:290:8:290:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:400:8:400:8 | operator= | 0 | IUnknown && | +| atl.cpp:400:8:400:8 | operator= | 0 | const IUnknown & | +| atl.cpp:402:8:402:8 | operator= | 0 | ISequentialStream && | +| atl.cpp:402:8:402:8 | operator= | 0 | const ISequentialStream & | +| atl.cpp:404:8:404:8 | operator= | 0 | IStream && | +| atl.cpp:404:8:404:8 | operator= | 0 | const IStream & | +| atl.cpp:406:8:406:8 | operator= | 0 | const CComBSTR & | +| atl.cpp:408:3:408:10 | CComBSTR | 0 | const CComBSTR & | +| atl.cpp:409:3:409:10 | CComBSTR | 0 | int | +| atl.cpp:410:3:410:10 | CComBSTR | 0 | int | +| atl.cpp:410:3:410:10 | CComBSTR | 1 | LPCOLESTR | +| atl.cpp:411:3:411:10 | CComBSTR | 0 | int | +| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCSTR | +| atl.cpp:412:3:412:10 | CComBSTR | 0 | LPCOLESTR | +| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCSTR | +| atl.cpp:414:3:414:10 | CComBSTR | 0 | CComBSTR && | +| atl.cpp:417:11:417:16 | Append | 0 | const CComBSTR & | +| atl.cpp:418:11:418:16 | Append | 0 | wchar_t | +| atl.cpp:419:11:419:16 | Append | 0 | char | +| atl.cpp:420:11:420:16 | Append | 0 | LPCOLESTR | +| atl.cpp:421:11:421:16 | Append | 0 | LPCSTR | +| atl.cpp:422:11:422:16 | Append | 0 | LPCOLESTR | +| atl.cpp:422:11:422:16 | Append | 1 | int | +| atl.cpp:423:11:423:20 | AppendBSTR | 0 | BSTR | +| atl.cpp:424:11:424:21 | AppendBytes | 0 | const char * | +| atl.cpp:424:11:424:21 | AppendBytes | 1 | int | +| atl.cpp:425:11:425:21 | ArrayToBSTR | 0 | const SAFEARRAY * | +| atl.cpp:426:11:426:20 | AssignBSTR | 0 | const BSTR | +| atl.cpp:427:8:427:13 | Attach | 0 | BSTR | +| atl.cpp:428:11:428:21 | BSTRToArray | 0 | LPSAFEARRAY | +| atl.cpp:431:11:431:16 | CopyTo | 0 | BSTR * | +| atl.cpp:433:11:433:16 | CopyTo | 0 | VARIANT * | +| atl.cpp:437:8:437:17 | LoadString | 0 | HINSTANCE | +| atl.cpp:437:8:437:17 | LoadString | 1 | UINT | +| atl.cpp:438:8:438:17 | LoadString | 0 | UINT | +| atl.cpp:439:11:439:24 | ReadFromStream | 0 | IStream * | +| atl.cpp:441:11:441:23 | WriteToStream | 0 | IStream * | +| atl.cpp:446:13:446:22 | operator+= | 0 | const CComBSTR & | +| atl.cpp:447:13:447:22 | operator+= | 0 | LPCOLESTR | +| atl.cpp:537:3:537:15 | CComSafeArray | 0 | const SAFEARRAY * | +| atl.cpp:541:11:541:13 | Add | 0 | const SAFEARRAY * | +| atl.cpp:543:11:543:13 | Add | 0 | const class:0 & | +| atl.cpp:543:11:543:13 | Add | 0 | const int & | +| atl.cpp:543:11:543:13 | Add | 1 | BOOL | +| atl.cpp:551:6:551:10 | GetAt | 0 | LONG | +| atl.cpp:562:11:562:15 | SetAt | 0 | LONG | +| atl.cpp:562:11:562:15 | SetAt | 1 | const class:0 & | +| atl.cpp:562:11:562:15 | SetAt | 1 | const int & | +| atl.cpp:562:11:562:15 | SetAt | 2 | BOOL | +| atl.cpp:564:6:564:15 | operator[] | 0 | long | +| atl.cpp:565:6:565:15 | operator[] | 0 | int | +| atl.cpp:609:3:609:8 | CPathT | 0 | PCXSTR | +| atl.cpp:610:3:610:8 | CPathT | 0 | const CPathT & | +| atl.cpp:614:8:614:19 | AddExtension | 0 | PCXSTR | +| atl.cpp:615:8:615:13 | Append | 0 | PCXSTR | +| atl.cpp:618:8:618:14 | Combine | 0 | PCXSTR | +| atl.cpp:618:8:618:14 | Combine | 1 | PCXSTR | +| atl.cpp:619:22:619:33 | CommonPrefix | 0 | PCXSTR | +| atl.cpp:656:23:656:32 | operator+= | 0 | PCXSTR | +| atl.cpp:716:8:716:10 | Add | 0 | const class:0 & | +| atl.cpp:716:8:716:10 | Add | 0 | const int & | +| atl.cpp:717:7:717:10 | Find | 0 | const class:0 & | +| atl.cpp:717:7:717:10 | Find | 0 | const int & | +| atl.cpp:728:6:728:15 | operator[] | 0 | int | +| atl.cpp:729:21:729:29 | operator= | 0 | const CSimpleArray & | +| atl.cpp:762:8:762:10 | Add | 0 | char *const & | +| atl.cpp:762:8:762:10 | Add | 0 | const class:0 & | +| atl.cpp:762:8:762:10 | Add | 1 | const class:1 & | +| atl.cpp:762:8:762:10 | Add | 1 | wchar_t *const & | +| atl.cpp:763:7:763:13 | FindKey | 0 | char *const & | +| atl.cpp:763:7:763:13 | FindKey | 0 | const class:0 & | +| atl.cpp:764:7:764:13 | FindVal | 0 | const class:1 & | +| atl.cpp:764:7:764:13 | FindVal | 0 | wchar_t *const & | +| atl.cpp:767:9:767:18 | GetValueAt | 0 | int | +| atl.cpp:768:8:768:13 | Lookup | 0 | char *const & | +| atl.cpp:768:8:768:13 | Lookup | 0 | const class:0 & | +| atl.cpp:772:8:772:20 | ReverseLookup | 0 | const class:1 & | +| atl.cpp:772:8:772:20 | ReverseLookup | 0 | wchar_t *const & | +| atl.cpp:773:8:773:12 | SetAt | 0 | char *const & | +| atl.cpp:773:8:773:12 | SetAt | 0 | const class:0 & | +| atl.cpp:773:8:773:12 | SetAt | 1 | const class:1 & | +| atl.cpp:773:8:773:12 | SetAt | 1 | wchar_t *const & | +| atl.cpp:774:8:774:17 | SetAtIndex | 0 | int | +| atl.cpp:774:8:774:17 | SetAtIndex | 1 | char *const & | +| atl.cpp:774:8:774:17 | SetAtIndex | 1 | const class:0 & | +| atl.cpp:774:8:774:17 | SetAtIndex | 2 | const class:1 & | +| atl.cpp:774:8:774:17 | SetAtIndex | 2 | wchar_t *const & | +| atl.cpp:813:9:813:17 | operator= | 0 | const CUrl & | +| atl.cpp:815:3:815:6 | CUrl | 0 | const CUrl & | +| atl.cpp:818:15:818:26 | Canonicalize | 0 | DWORD | +| atl.cpp:821:8:821:15 | CrackUrl | 0 | LPCTSTR | +| atl.cpp:821:8:821:15 | CrackUrl | 1 | DWORD | +| atl.cpp:822:15:822:23 | CreateUrl | 0 | LPTSTR | +| atl.cpp:822:15:822:23 | CreateUrl | 1 | DWORD * | +| atl.cpp:822:15:822:23 | CreateUrl | 2 | DWORD | +| atl.cpp:839:15:839:26 | SetExtraInfo | 0 | LPCTSTR | +| atl.cpp:840:15:840:25 | SetHostName | 0 | LPCTSTR | +| atl.cpp:841:15:841:25 | SetPassword | 0 | LPCTSTR | +| atl.cpp:842:15:842:27 | SetPortNumber | 0 | ATL_URL_PORT | +| atl.cpp:843:15:843:23 | SetScheme | 0 | ATL_URL_SCHEME | +| atl.cpp:844:15:844:27 | SetSchemeName | 0 | LPCTSTR | +| atl.cpp:845:15:845:24 | SetUrlPath | 0 | LPCTSTR | +| atl.cpp:846:15:846:25 | SetUserName | 0 | LPCTSTR | +| bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | +| bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | +| bsd.cpp:12:5:12:10 | accept | 0 | int | +| bsd.cpp:12:5:12:10 | accept | 1 | sockaddr * | +| bsd.cpp:12:5:12:10 | accept | 2 | int * | +| bsd.cpp:14:6:14:9 | sink | 0 | sockaddr | +| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | MyValue && | +| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | const MyValue & | +| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | MyValue && | +| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | const MyValue & | +| constructor_delegation.cpp:8:2:8:8 | MyValue | 0 | int | +| constructor_delegation.cpp:9:2:9:8 | MyValue | 0 | int | +| constructor_delegation.cpp:9:2:9:8 | MyValue | 1 | bool | +| constructor_delegation.cpp:10:2:10:8 | MyValue | 0 | int | +| constructor_delegation.cpp:10:2:10:8 | MyValue | 1 | int | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 0 | int | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 1 | bool | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 2 | bool | +| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | MyDerivedValue && | +| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | const MyDerivedValue & | +| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | MyDerivedValue && | +| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | const MyDerivedValue & | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 0 | bool | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 1 | int | +| copyableclass.cpp:8:2:8:16 | MyCopyableClass | 0 | int | +| copyableclass.cpp:9:2:9:16 | MyCopyableClass | 0 | const MyCopyableClass & | +| copyableclass.cpp:10:19:10:27 | operator= | 0 | const MyCopyableClass & | +| copyableclass_declonly.cpp:8:2:8:24 | MyCopyableClassDeclOnly | 0 | int | +| copyableclass_declonly.cpp:9:2:9:24 | MyCopyableClassDeclOnly | 0 | const MyCopyableClassDeclOnly & | +| copyableclass_declonly.cpp:10:27:10:35 | operator= | 0 | const MyCopyableClassDeclOnly & | +| file://:0:0:0:0 | operator delete | 0 | void * | +| file://:0:0:0:0 | operator new | 0 | unsigned long | +| file://:0:0:0:0 | operator= | 0 | __va_list_tag && | +| file://:0:0:0:0 | operator= | 0 | const __va_list_tag & | +| format.cpp:3:16:3:16 | operator= | 0 | FILE && | +| format.cpp:3:16:3:16 | operator= | 0 | const FILE & | +| format.cpp:5:5:5:12 | snprintf | 0 | char * | +| format.cpp:5:5:5:12 | snprintf | 1 | size_t | +| format.cpp:5:5:5:12 | snprintf | 2 | const char * | +| format.cpp:6:5:6:11 | sprintf | 0 | char * | +| format.cpp:6:5:6:11 | sprintf | 1 | const char * | +| format.cpp:7:5:7:12 | swprintf | 0 | wchar_t * | +| format.cpp:7:5:7:12 | swprintf | 1 | size_t | +| format.cpp:7:5:7:12 | swprintf | 2 | const wchar_t * | +| format.cpp:14:5:14:13 | vsnprintf | 0 | char * | +| format.cpp:14:5:14:13 | vsnprintf | 1 | size_t | +| format.cpp:14:5:14:13 | vsnprintf | 2 | const char * | +| format.cpp:14:5:14:13 | vsnprintf | 3 | va_list | +| format.cpp:16:5:16:13 | mysprintf | 0 | char * | +| format.cpp:16:5:16:13 | mysprintf | 1 | size_t | +| format.cpp:16:5:16:13 | mysprintf | 2 | const char * | +| format.cpp:28:5:28:10 | sscanf | 0 | const char * | +| format.cpp:28:5:28:10 | sscanf | 1 | const char * | +| format.cpp:142:8:142:13 | strlen | 0 | const char * | +| format.cpp:143:8:143:13 | wcslen | 0 | const wchar_t * | +| format.cpp:169:6:169:9 | test | 0 | format_string | +| map.cpp:8:6:8:9 | sink | 0 | char * | +| map.cpp:9:6:9:9 | sink | 0 | const char * | +| map.cpp:10:6:10:9 | sink | 0 | bool | +| map.cpp:11:6:11:9 | sink | 0 | pair | +| map.cpp:12:6:12:9 | sink | 0 | map, allocator>> | +| map.cpp:13:6:13:9 | sink | 0 | iterator | +| map.cpp:14:6:14:9 | sink | 0 | unordered_map, equal_to, allocator>> | +| map.cpp:15:6:15:9 | sink | 0 | iterator | +| map.cpp:16:6:16:9 | sink | 0 | unordered_map, hash, equal_to, allocator>>> | +| map.cpp:17:6:17:9 | sink | 0 | iterator | +| map.cpp:442:7:442:19 | indirect_sink | 0 | int * | +| movableclass.cpp:5:7:5:7 | MyMovableClass | 0 | const MyMovableClass & | +| movableclass.cpp:5:7:5:7 | operator= | 0 | const MyMovableClass & | +| movableclass.cpp:8:2:8:15 | MyMovableClass | 0 | int | +| movableclass.cpp:9:2:9:15 | MyMovableClass | 0 | MyMovableClass && | +| movableclass.cpp:13:18:13:26 | operator= | 0 | MyMovableClass && | +| set.cpp:8:6:8:9 | sink | 0 | char * | +| set.cpp:9:6:9:9 | sink | 0 | set, allocator> | +| set.cpp:10:6:10:9 | sink | 0 | iterator | +| set.cpp:11:6:11:9 | sink | 0 | unordered_set, equal_to, allocator> | +| set.cpp:12:6:12:9 | sink | 0 | iterator | +| smart_pointer.cpp:4:6:4:9 | sink | 0 | int | +| smart_pointer.cpp:5:6:5:9 | sink | 0 | int * | | smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & | | smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & | | smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & | | smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & | +| smart_pointer.cpp:60:8:60:8 | operator= | 0 | A && | +| smart_pointer.cpp:60:8:60:8 | operator= | 0 | const A & | +| smart_pointer.cpp:70:6:70:14 | getNumber | 0 | shared_ptr | +| smart_pointer.cpp:80:8:80:8 | operator= | 0 | B && | +| smart_pointer.cpp:80:8:80:8 | operator= | 0 | const B & | +| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 0 | unique_ptr | +| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 1 | unique_ptr | +| smart_pointer.cpp:97:6:97:12 | taint_x | 0 | A * | +| smart_pointer.cpp:107:8:107:8 | C | 0 | C && | +| smart_pointer.cpp:107:8:107:8 | C | 0 | const C & | +| smart_pointer.cpp:107:8:107:8 | operator= | 0 | C && | +| smart_pointer.cpp:107:8:107:8 | operator= | 0 | const C & | +| smart_pointer.cpp:112:6:112:19 | taint_x_shared | 0 | shared_ptr | +| smart_pointer.cpp:116:6:116:24 | taint_x_shared_cref | 0 | const shared_ptr & | +| smart_pointer.cpp:120:6:120:18 | getNumberCRef | 0 | const shared_ptr & | +| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 0 | shared_ptr | +| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 1 | unique_ptr> | +| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 0 | shared_ptr | +| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 1 | unique_ptr> | +| standalone_iterators.cpp:5:6:5:9 | sink | 0 | int | +| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | const int_iterator_by_typedefs & | +| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | int_iterator_by_typedefs && | +| standalone_iterators.cpp:16:30:16:39 | operator++ | 0 | int | +| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | const int_iterator_by_trait & | +| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | int_iterator_by_trait && | +| standalone_iterators.cpp:23:27:23:36 | operator++ | 0 | int | +| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | const non_iterator & | +| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | non_iterator && | +| standalone_iterators.cpp:39:18:39:27 | operator++ | 0 | int | +| standalone_iterators.cpp:43:6:43:18 | test_typedefs | 0 | int_iterator_by_typedefs | +| standalone_iterators.cpp:49:6:49:15 | test_trait | 0 | int_iterator_by_trait | +| standalone_iterators.cpp:55:6:55:22 | test_non_iterator | 0 | non_iterator | +| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | const insert_iterator_by_trait & | +| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | insert_iterator_by_trait && | +| standalone_iterators.cpp:66:30:66:39 | operator++ | 0 | int | +| standalone_iterators.cpp:68:30:68:39 | operator-- | 0 | int | +| standalone_iterators.cpp:70:31:70:39 | operator= | 0 | int | +| standalone_iterators.cpp:82:7:82:7 | container | 0 | const container & | +| standalone_iterators.cpp:82:7:82:7 | container | 0 | container && | +| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | const container & | +| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | container && | +| standalone_iterators.cpp:88:6:88:9 | sink | 0 | container | +| standalone_iterators.cpp:102:6:102:9 | sink | 0 | insert_iterator_by_trait | +| standalone_iterators.cpp:103:27:103:36 | operator+= | 0 | insert_iterator_by_trait & | +| standalone_iterators.cpp:103:27:103:36 | operator+= | 1 | int | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | +| stl.h:29:34:29:40 | forward | 0 | remove_reference_t> & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | @@ -391,6 +835,8 @@ getParameterTypeName | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | +| stl.h:49:3:49:10 | iterator | 0 | const iterator, ptrdiff_t, pair *, pair &> & | +| stl.h:49:3:49:10 | iterator | 0 | const iterator, ptrdiff_t, pair *, pair &> & | | stl.h:52:12:52:21 | operator++ | 0 | int | | stl.h:52:12:52:21 | operator++ | 0 | int | | stl.h:52:12:52:21 | operator++ | 0 | int | @@ -403,59 +849,111 @@ getParameterTypeName | stl.h:56:8:56:17 | operator!= | 0 | iterator | | stl.h:56:8:56:17 | operator!= | 0 | iterator | | stl.h:56:8:56:17 | operator!= | 0 | iterator | +| stl.h:56:8:56:17 | operator!= | 0 | iterator, ptrdiff_t, pair *, pair &> | | stl.h:59:12:59:20 | operator+ | 0 | int | | stl.h:60:12:60:20 | operator- | 0 | int | | stl.h:61:13:61:22 | operator+= | 0 | int | | stl.h:61:13:61:22 | operator+= | 0 | int | | stl.h:62:13:62:22 | operator-= | 0 | int | | stl.h:64:18:64:27 | operator[] | 0 | int | +| stl.h:67:9:67:9 | operator= | 0 | const input_iterator_tag & | +| stl.h:67:9:67:9 | operator= | 0 | input_iterator_tag && | +| stl.h:68:9:68:9 | operator= | 0 | const forward_iterator_tag & | +| stl.h:68:9:68:9 | operator= | 0 | forward_iterator_tag && | +| stl.h:69:9:69:9 | operator= | 0 | bidirectional_iterator_tag && | +| stl.h:69:9:69:9 | operator= | 0 | const bidirectional_iterator_tag & | +| stl.h:70:9:70:9 | operator= | 0 | const random_access_iterator_tag & | +| stl.h:70:9:70:9 | operator= | 0 | random_access_iterator_tag && | +| stl.h:72:9:72:9 | operator= | 0 | const output_iterator_tag & | +| stl.h:72:9:72:9 | operator= | 0 | output_iterator_tag && | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | +| stl.h:86:22:86:41 | back_insert_iterator | 0 | vector, allocator>, allocator, allocator>>> & | +| stl.h:86:22:86:41 | back_insert_iterator | 0 | vector> & | | stl.h:88:25:88:33 | operator= | 0 | value_type && | | stl.h:88:25:88:33 | operator= | 0 | value_type && | | stl.h:91:24:91:33 | operator++ | 0 | int | | stl.h:91:24:91:33 | operator++ | 0 | int | | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & | | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & | +| stl.h:95:44:95:44 | back_inserter | 0 | vector, allocator>, allocator, allocator>>> & | +| stl.h:95:44:95:44 | back_inserter | 0 | vector> & | +| stl.h:147:12:147:23 | basic_string | 0 | const allocator & | +| stl.h:148:3:148:14 | basic_string | 0 | const char * | | stl.h:148:3:148:14 | basic_string | 0 | const class:2 & | +| stl.h:148:3:148:14 | basic_string | 1 | const allocator & | | stl.h:149:33:149:44 | basic_string | 0 | const class:0 * | +| stl.h:149:33:149:44 | basic_string | 0 | func:0 | | stl.h:149:33:149:44 | basic_string | 1 | const class:2 & | +| stl.h:149:33:149:44 | basic_string | 1 | func:0 | +| stl.h:149:33:149:44 | basic_string | 2 | const allocator & | | stl.h:151:16:151:20 | c_str | 0 | func:0 | | stl.h:151:16:151:20 | c_str | 1 | func:0 | | stl.h:151:16:151:20 | c_str | 2 | const class:2 & | +| stl.h:165:8:165:16 | push_back | 0 | char | | stl.h:173:13:173:22 | operator[] | 0 | size_type | | stl.h:175:13:175:14 | at | 0 | size_type | +| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & | +| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & | | stl.h:176:35:176:44 | operator+= | 0 | size_type | | stl.h:176:35:176:44 | operator+= | 0 | size_type | +| stl.h:177:17:177:26 | operator+= | 0 | const char * | | stl.h:177:17:177:26 | operator+= | 0 | const func:0 & | +| stl.h:178:17:178:22 | append | 0 | const basic_string, allocator> & | | stl.h:178:17:178:22 | append | 0 | const class:0 * | | stl.h:179:17:179:22 | append | 0 | const basic_string & | +| stl.h:179:17:179:22 | append | 0 | const char * | | stl.h:180:17:180:22 | append | 0 | const class:0 * | +| stl.h:180:17:180:22 | append | 0 | size_type | +| stl.h:180:17:180:22 | append | 1 | char | +| stl.h:181:47:181:52 | append | 0 | func:0 | | stl.h:181:47:181:52 | append | 0 | size_type | | stl.h:181:47:181:52 | append | 1 | class:0 | +| stl.h:181:47:181:52 | append | 1 | func:0 | +| stl.h:182:17:182:22 | assign | 0 | const basic_string, allocator> & | | stl.h:182:17:182:22 | assign | 0 | func:0 | | stl.h:182:17:182:22 | assign | 1 | func:0 | | stl.h:183:17:183:22 | assign | 0 | const basic_string & | +| stl.h:183:17:183:22 | assign | 0 | size_type | +| stl.h:183:17:183:22 | assign | 1 | char | +| stl.h:184:47:184:52 | assign | 0 | func:0 | | stl.h:184:47:184:52 | assign | 0 | size_type | | stl.h:184:47:184:52 | assign | 1 | class:0 | +| stl.h:184:47:184:52 | assign | 1 | func:0 | | stl.h:185:17:185:22 | insert | 0 | func:0 | +| stl.h:185:17:185:22 | insert | 0 | size_type | +| stl.h:185:17:185:22 | insert | 1 | const basic_string, allocator> & | | stl.h:185:17:185:22 | insert | 1 | func:0 | | stl.h:186:17:186:22 | insert | 0 | size_type | | stl.h:186:17:186:22 | insert | 1 | const basic_string & | +| stl.h:186:17:186:22 | insert | 1 | size_type | +| stl.h:186:17:186:22 | insert | 2 | char | | stl.h:187:17:187:22 | insert | 0 | size_type | +| stl.h:187:17:187:22 | insert | 1 | const char * | | stl.h:187:17:187:22 | insert | 1 | size_type | | stl.h:187:17:187:22 | insert | 2 | class:0 | +| stl.h:188:12:188:17 | insert | 0 | const_iterator | | stl.h:188:12:188:17 | insert | 0 | size_type | | stl.h:188:12:188:17 | insert | 1 | const class:0 * | +| stl.h:188:12:188:17 | insert | 1 | size_type | +| stl.h:188:12:188:17 | insert | 2 | char | | stl.h:189:42:189:47 | insert | 0 | const_iterator | +| stl.h:189:42:189:47 | insert | 1 | func:0 | | stl.h:189:42:189:47 | insert | 1 | size_type | | stl.h:189:42:189:47 | insert | 2 | class:0 | +| stl.h:189:42:189:47 | insert | 2 | func:0 | | stl.h:190:17:190:23 | replace | 0 | const_iterator | +| stl.h:190:17:190:23 | replace | 0 | size_type | | stl.h:190:17:190:23 | replace | 1 | func:0 | +| stl.h:190:17:190:23 | replace | 1 | size_type | +| stl.h:190:17:190:23 | replace | 2 | const basic_string, allocator> & | | stl.h:190:17:190:23 | replace | 2 | func:0 | | stl.h:191:17:191:23 | replace | 0 | size_type | | stl.h:191:17:191:23 | replace | 1 | size_type | | stl.h:191:17:191:23 | replace | 2 | const basic_string & | +| stl.h:191:17:191:23 | replace | 2 | size_type | +| stl.h:191:17:191:23 | replace | 3 | char | +| stl.h:192:13:192:16 | copy | 0 | char * | | stl.h:192:13:192:16 | copy | 0 | size_type | | stl.h:192:13:192:16 | copy | 1 | size_type | | stl.h:192:13:192:16 | copy | 2 | size_type | @@ -463,11 +961,18 @@ getParameterTypeName | stl.h:193:8:193:12 | clear | 0 | class:0 * | | stl.h:193:8:193:12 | clear | 1 | size_type | | stl.h:193:8:193:12 | clear | 2 | size_type | +| stl.h:194:16:194:21 | substr | 0 | size_type | +| stl.h:194:16:194:21 | substr | 1 | size_type | +| stl.h:195:8:195:11 | swap | 0 | basic_string, allocator> & | | stl.h:195:8:195:11 | swap | 0 | size_type | | stl.h:195:8:195:11 | swap | 1 | size_type | | stl.h:198:94:198:102 | operator+ | 0 | const basic_string & | +| stl.h:198:94:198:102 | operator+ | 0 | const basic_string, allocator> & | | stl.h:198:94:198:102 | operator+ | 1 | const basic_string & | +| stl.h:198:94:198:102 | operator+ | 1 | const basic_string, allocator> & | | stl.h:199:94:199:102 | operator+ | 0 | const basic_string & | +| stl.h:199:94:199:102 | operator+ | 0 | const basic_string, allocator> & | +| stl.h:199:94:199:102 | operator+ | 1 | const char * | | stl.h:199:94:199:102 | operator+ | 1 | const func:0 * | | stl.h:214:33:214:42 | operator>> | 0 | int & | | stl.h:217:33:217:35 | get | 0 | char_type & | @@ -484,26 +989,49 @@ getParameterTypeName | stl.h:226:32:226:38 | getline | 1 | streamsize | | stl.h:226:32:226:38 | getline | 2 | char_type | | stl.h:229:68:229:77 | operator>> | 0 | basic_istream & | +| stl.h:229:68:229:77 | operator>> | 0 | basic_istream> & | +| stl.h:229:68:229:77 | operator>> | 1 | char * | | stl.h:229:68:229:77 | operator>> | 1 | func:0 * | | stl.h:230:85:230:94 | operator>> | 0 | basic_istream & | +| stl.h:230:85:230:94 | operator>> | 0 | basic_istream> & | | stl.h:230:85:230:94 | operator>> | 1 | basic_string & | +| stl.h:230:85:230:94 | operator>> | 1 | basic_string, allocator> & | | stl.h:232:84:232:90 | getline | 0 | basic_istream & | +| stl.h:232:84:232:90 | getline | 0 | basic_istream> & | | stl.h:232:84:232:90 | getline | 1 | basic_string & | +| stl.h:232:84:232:90 | getline | 1 | basic_string, allocator> & | +| stl.h:232:84:232:90 | getline | 2 | char | | stl.h:232:84:232:90 | getline | 2 | func:0 | | stl.h:233:84:233:90 | getline | 0 | basic_istream & | +| stl.h:233:84:233:90 | getline | 0 | basic_istream> & | | stl.h:233:84:233:90 | getline | 1 | basic_string & | +| stl.h:233:84:233:90 | getline | 1 | basic_string, allocator> & | | stl.h:240:33:240:42 | operator<< | 0 | int | | stl.h:242:33:242:35 | put | 0 | char_type | | stl.h:243:33:243:37 | write | 0 | const char_type * | | stl.h:243:33:243:37 | write | 1 | streamsize | | stl.h:247:67:247:76 | operator<< | 0 | basic_ostream & | +| stl.h:247:67:247:76 | operator<< | 0 | basic_ostream> & | +| stl.h:247:67:247:76 | operator<< | 1 | const char * | | stl.h:247:67:247:76 | operator<< | 1 | const func:0 * | | stl.h:248:85:248:94 | operator<< | 0 | basic_ostream & | +| stl.h:248:85:248:94 | operator<< | 0 | basic_ostream> & | | stl.h:248:85:248:94 | operator<< | 1 | const basic_string & | +| stl.h:248:85:248:94 | operator<< | 1 | const basic_string, allocator> & | | stl.h:259:12:259:29 | basic_stringstream | 0 | const basic_string & | +| stl.h:259:12:259:29 | basic_stringstream | 0 | const basic_string, allocator> & | | stl.h:263:23:263:31 | operator= | 0 | basic_stringstream && | +| stl.h:263:23:263:31 | operator= | 0 | basic_stringstream, allocator> && | | stl.h:265:8:265:11 | swap | 0 | basic_stringstream & | +| stl.h:265:8:265:11 | swap | 0 | basic_stringstream, allocator> & | | stl.h:268:8:268:10 | str | 0 | const basic_string & | +| stl.h:268:8:268:10 | str | 0 | const basic_string, allocator> & | +| stl.h:293:12:293:17 | vector | 0 | const allocator & | +| stl.h:293:12:293:17 | vector | 0 | const allocator & | +| stl.h:293:12:293:17 | vector | 0 | const allocator & | +| stl.h:293:12:293:17 | vector | 0 | const allocator & | +| stl.h:293:12:293:17 | vector | 0 | const allocator & | +| stl.h:293:12:293:17 | vector | 0 | const allocator, allocator>> & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | @@ -513,6 +1041,9 @@ getParameterTypeName | stl.h:294:12:294:17 | vector | 0 | size_type | | stl.h:294:12:294:17 | vector | 0 | size_type | | stl.h:294:12:294:17 | vector | 0 | size_type | +| stl.h:294:12:294:17 | vector | 1 | const allocator & | +| stl.h:294:12:294:17 | vector | 1 | const allocator & | +| stl.h:294:12:294:17 | vector | 1 | const allocator>> & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | @@ -520,13 +1051,20 @@ getParameterTypeName | stl.h:295:3:295:8 | vector | 0 | size_type | | stl.h:295:3:295:8 | vector | 1 | const class:0 & | | stl.h:295:3:295:8 | vector | 1 | const class:0 & | +| stl.h:295:3:295:8 | vector | 1 | const int & | +| stl.h:295:3:295:8 | vector | 1 | const short & | +| stl.h:295:3:295:8 | vector | 2 | const allocator & | +| stl.h:295:3:295:8 | vector | 2 | const allocator & | | stl.h:295:3:295:8 | vector | 2 | const class:1 & | | stl.h:295:3:295:8 | vector | 2 | const class:1 & | | stl.h:296:101:296:106 | vector | 0 | func:0 | | stl.h:296:101:296:106 | vector | 1 | func:0 | +| stl.h:296:101:296:106 | vector | 2 | const allocator & | | stl.h:296:101:296:106 | vector | 2 | const class:1 & | | stl.h:301:11:301:19 | operator= | 0 | const vector & | +| stl.h:301:11:301:19 | operator= | 0 | const vector> & | | stl.h:302:11:302:19 | operator= | 0 | vector && | +| stl.h:302:11:302:19 | operator= | 0 | vector> && | | stl.h:303:106:303:111 | assign | 0 | func:0 | | stl.h:303:106:303:111 | assign | 1 | func:0 | | stl.h:306:8:306:13 | assign | 0 | size_type | @@ -535,6 +1073,9 @@ getParameterTypeName | stl.h:306:8:306:13 | assign | 1 | const class:0 & | | stl.h:306:8:306:13 | assign | 1 | const class:0 & | | stl.h:306:8:306:13 | assign | 1 | const class:0 & | +| stl.h:306:8:306:13 | assign | 1 | const float & | +| stl.h:306:8:306:13 | assign | 1 | const int & | +| stl.h:306:8:306:13 | assign | 1 | const int *const & | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | @@ -542,11 +1083,15 @@ getParameterTypeName | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:318:13:318:14 | at | 0 | size_type | +| stl.h:327:8:327:16 | push_back | 0 | const MyPair & | +| stl.h:327:8:327:16 | push_back | 0 | const MyVectorContainer & | | stl.h:327:8:327:16 | push_back | 0 | const class:0 & | | stl.h:327:8:327:16 | push_back | 0 | const class:0 & | | stl.h:328:8:328:16 | push_back | 0 | class:0 && | +| stl.h:328:8:328:16 | push_back | 0 | int && | | stl.h:331:12:331:17 | insert | 0 | const_iterator | | stl.h:331:12:331:17 | insert | 1 | class:0 && | +| stl.h:331:12:331:17 | insert | 1 | int && | | stl.h:333:42:333:47 | insert | 0 | const_iterator | | stl.h:333:42:333:47 | insert | 0 | const_iterator | | stl.h:333:42:333:47 | insert | 1 | func:0 | @@ -557,21 +1102,38 @@ getParameterTypeName | stl.h:335:37:335:43 | emplace | 1 | func:0 && | | stl.h:336:33:336:44 | emplace_back | 0 | func:0 && | | stl.h:338:8:338:11 | swap | 0 | vector & | +| stl.h:338:8:338:11 | swap | 0 | vector> & | | stl.h:351:12:351:21 | shared_ptr | 0 | class:0 * | +| stl.h:351:12:351:21 | shared_ptr | 0 | int * | | stl.h:352:3:352:12 | shared_ptr | 0 | const shared_ptr & | | stl.h:352:3:352:12 | shared_ptr | 0 | const shared_ptr & | +| stl.h:369:12:369:21 | unique_ptr | 0 | A * | | stl.h:369:12:369:21 | unique_ptr | 0 | class:0 * | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | +| stl.h:380:52:380:62 | make_unique | 0 | int && | +| stl.h:380:52:380:62 | make_unique | 0 | int && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | +| stl.h:382:52:382:62 | make_shared | 0 | int && | +| stl.h:382:52:382:62 | make_shared | 0 | int && | +| stl.h:396:3:396:3 | pair | 0 | char *const & | +| stl.h:396:3:396:3 | pair | 0 | char *const & | +| stl.h:396:3:396:3 | pair | 0 | const char *const & | +| stl.h:396:3:396:3 | pair | 0 | const char *const & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | +| stl.h:396:3:396:3 | pair | 0 | const pair & | +| stl.h:396:3:396:3 | pair | 1 | char *const & | +| stl.h:396:3:396:3 | pair | 1 | char *const & | +| stl.h:396:3:396:3 | pair | 1 | const char *const & | +| stl.h:396:3:396:3 | pair | 1 | const char *const & | +| stl.h:396:3:396:3 | pair | 1 | const char *const & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | @@ -590,12 +1152,24 @@ getParameterTypeName | stl.h:397:30:397:33 | pair | 0 | const pair & | | stl.h:397:30:397:33 | pair | 0 | const pair & | | stl.h:399:8:399:11 | swap | 0 | pair & | +| stl.h:402:72:402:72 | make_pair | 0 | char *&& | +| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[2] | +| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[2] | +| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[4] | +| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[4] | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | +| stl.h:402:72:402:72 | make_pair | 0 | pair && | +| stl.h:402:72:402:72 | make_pair | 1 | char *&& | +| stl.h:402:72:402:72 | make_pair | 1 | char *&& | +| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[2] | +| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | +| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | +| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | @@ -603,7 +1177,9 @@ getParameterTypeName | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:422:3:422:5 | map | 0 | const map & | +| stl.h:422:3:422:5 | map | 0 | const map, allocator>> & | | stl.h:426:8:426:16 | operator= | 0 | const map & | +| stl.h:426:8:426:16 | operator= | 0 | const map, allocator>> & | | stl.h:435:6:435:15 | operator[] | 0 | key_type && | | stl.h:435:6:435:15 | operator[] | 0 | key_type && | | stl.h:436:6:436:7 | at | 0 | const key_type & | @@ -633,14 +1209,19 @@ getParameterTypeName | stl.h:454:30:454:45 | insert_or_assign | 2 | func:0 && | | stl.h:456:12:456:16 | erase | 0 | iterator | | stl.h:459:8:459:11 | swap | 0 | map & | +| stl.h:459:8:459:11 | swap | 0 | map, allocator>> & | | stl.h:462:27:462:31 | merge | 0 | map & | +| stl.h:462:27:462:31 | merge | 0 | map>> & | | stl.h:465:12:465:15 | find | 0 | const key_type & | | stl.h:468:12:468:22 | lower_bound | 0 | const key_type & | | stl.h:470:12:470:22 | upper_bound | 0 | const key_type & | | stl.h:473:28:473:38 | equal_range | 0 | const key_type & | | stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map & | | stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map & | +| stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map, equal_to, allocator>> & | +| stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map, hash, equal_to, allocator>>> & | | stl.h:494:18:494:26 | operator= | 0 | const unordered_map & | +| stl.h:494:18:494:26 | operator= | 0 | const unordered_map, equal_to, allocator>> & | | stl.h:503:16:503:25 | operator[] | 0 | key_type && | | stl.h:503:16:503:25 | operator[] | 0 | key_type && | | stl.h:504:16:504:17 | at | 0 | const key_type & | @@ -679,13 +1260,17 @@ getParameterTypeName | stl.h:522:30:522:45 | insert_or_assign | 2 | func:0 && | | stl.h:524:12:524:16 | erase | 0 | iterator | | stl.h:527:8:527:11 | swap | 0 | unordered_map & | +| stl.h:527:8:527:11 | swap | 0 | unordered_map, equal_to, allocator>> & | | stl.h:530:37:530:41 | merge | 0 | unordered_map & | +| stl.h:530:37:530:41 | merge | 0 | unordered_map>> & | | stl.h:533:12:533:15 | find | 0 | const key_type & | | stl.h:536:28:536:38 | equal_range | 0 | const key_type & | | stl.h:555:3:555:5 | set | 0 | const set & | +| stl.h:555:3:555:5 | set | 0 | const set, allocator> & | | stl.h:557:33:557:35 | set | 0 | func:0 | | stl.h:557:33:557:35 | set | 1 | func:0 | | stl.h:560:8:560:16 | operator= | 0 | const set & | +| stl.h:560:8:560:16 | operator= | 0 | const set, allocator> & | | stl.h:568:48:568:54 | emplace | 0 | func:0 && | | stl.h:568:48:568:54 | emplace | 0 | func:0 && | | stl.h:569:36:569:47 | emplace_hint | 0 | const_iterator | @@ -699,16 +1284,20 @@ getParameterTypeName | stl.h:574:38:574:43 | insert | 1 | func:0 | | stl.h:576:12:576:16 | erase | 0 | iterator | | stl.h:579:8:579:11 | swap | 0 | set & | +| stl.h:579:8:579:11 | swap | 0 | set, allocator> & | | stl.h:582:27:582:31 | merge | 0 | set & | +| stl.h:582:27:582:31 | merge | 0 | set> & | | stl.h:585:12:585:15 | find | 0 | const key_type & | | stl.h:588:12:588:22 | lower_bound | 0 | const key_type & | | stl.h:590:12:590:22 | upper_bound | 0 | const key_type & | | stl.h:592:28:592:38 | equal_range | 0 | const key_type & | | stl.h:609:3:609:15 | unordered_set | 0 | const unordered_set & | +| stl.h:609:3:609:15 | unordered_set | 0 | const unordered_set, equal_to, allocator> & | | stl.h:611:33:611:45 | unordered_set | 0 | func:0 | | stl.h:611:33:611:45 | unordered_set | 1 | func:0 | | stl.h:611:33:611:45 | unordered_set | 2 | size_type | | stl.h:614:18:614:26 | operator= | 0 | const unordered_set & | +| stl.h:614:18:614:26 | operator= | 0 | const unordered_set, equal_to, allocator> & | | stl.h:622:48:622:54 | emplace | 0 | func:0 && | | stl.h:622:48:622:54 | emplace | 0 | func:0 && | | stl.h:623:36:623:47 | emplace_hint | 0 | const_iterator | @@ -722,23 +1311,282 @@ getParameterTypeName | stl.h:628:38:628:43 | insert | 1 | func:0 | | stl.h:630:12:630:16 | erase | 0 | iterator | | stl.h:633:8:633:11 | swap | 0 | unordered_set & | +| stl.h:633:8:633:11 | swap | 0 | unordered_set, equal_to, allocator> & | | stl.h:636:37:636:41 | merge | 0 | unordered_set & | +| stl.h:636:37:636:41 | merge | 0 | unordered_set> & | | stl.h:639:12:639:15 | find | 0 | const key_type & | | stl.h:641:28:641:38 | equal_range | 0 | const key_type & | | stl.h:671:21:671:39 | basic_format_string | 0 | const func:0 & | | stl.h:671:21:671:39 | basic_format_string | 0 | const func:0 & | | stl.h:678:33:678:38 | format | 0 | format_string | | stl.h:678:33:678:38 | format | 0 | format_string | +| stl.h:678:33:678:38 | format | 1 | char *&& | | stl.h:678:33:678:38 | format | 1 | func:0 && | | stl.h:678:33:678:38 | format | 1 | func:0 && | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 0 | format_string | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | func:0 && | +| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | int & | +| string.cpp:17:6:17:9 | sink | 0 | const char * | +| string.cpp:18:6:18:9 | sink | 0 | const string & | +| string.cpp:19:6:19:9 | sink | 0 | const char * | +| string.cpp:19:6:19:9 | sink | 1 | const char * | +| string.cpp:20:6:20:9 | sink | 0 | char | +| string.cpp:21:6:21:9 | sink | 0 | iterator | +| stringstream.cpp:13:6:13:9 | sink | 0 | int | +| stringstream.cpp:15:6:15:9 | sink | 0 | const string & | | stringstream.cpp:18:6:18:9 | sink | 0 | const basic_ostream> & | | stringstream.cpp:21:6:21:9 | sink | 0 | const basic_istream> & | | stringstream.cpp:24:6:24:9 | sink | 0 | const basic_iostream> & | +| stringstream.cpp:26:6:26:29 | test_stringstream_string | 0 | int | +| stringstream.cpp:70:6:70:26 | test_stringstream_int | 0 | int | +| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | StructLikeClass && | +| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | const StructLikeClass & | +| structlikeclass.cpp:5:7:5:7 | operator= | 0 | StructLikeClass && | +| structlikeclass.cpp:5:7:5:7 | operator= | 0 | const StructLikeClass & | +| structlikeclass.cpp:8:2:8:16 | StructLikeClass | 0 | int | +| swap1.cpp:14:9:14:9 | move | 0 | Class & | | swap1.cpp:14:9:14:9 | move | 0 | func:0 & | +| swap1.cpp:24:9:24:13 | Class | 0 | Class && | +| swap1.cpp:25:9:25:13 | Class | 0 | const Class & | +| swap1.cpp:27:16:27:24 | operator= | 0 | const Class & | +| swap1.cpp:34:16:34:24 | operator= | 0 | Class && | +| swap1.cpp:40:16:40:26 | copy_assign | 0 | const Class & | +| swap1.cpp:47:16:47:26 | move_assign | 0 | Class && | +| swap1.cpp:53:14:53:17 | swap | 0 | Class & | +| swap1.cpp:61:10:61:13 | swap | 0 | Class & | +| swap1.cpp:61:10:61:13 | swap | 1 | Class & | +| swap2.cpp:14:9:14:9 | move | 0 | Class & | | swap2.cpp:14:9:14:9 | move | 0 | func:0 & | +| swap2.cpp:24:9:24:13 | Class | 0 | Class && | +| swap2.cpp:25:9:25:13 | Class | 0 | const Class & | +| swap2.cpp:27:16:27:24 | operator= | 0 | const Class & | +| swap2.cpp:34:16:34:24 | operator= | 0 | Class && | +| swap2.cpp:40:16:40:26 | copy_assign | 0 | const Class & | +| swap2.cpp:47:16:47:26 | move_assign | 0 | Class && | +| swap2.cpp:53:14:53:17 | swap | 0 | Class & | +| swap2.cpp:61:10:61:13 | swap | 0 | Class & | +| swap2.cpp:61:10:61:13 | swap | 1 | Class & | | swap.h:4:20:4:23 | swap | 0 | func:0 & | +| swap.h:4:20:4:23 | swap | 0 | int & | | swap.h:4:20:4:23 | swap | 1 | func:0 & | +| swap.h:4:20:4:23 | swap | 1 | int & | +| taint.cpp:4:6:4:21 | arithAssignments | 0 | int | +| taint.cpp:4:6:4:21 | arithAssignments | 1 | int | +| taint.cpp:22:5:22:13 | increment | 0 | int | +| taint.cpp:23:5:23:8 | zero | 0 | int | +| taint.cpp:69:7:69:7 | MyClass | 0 | MyClass && | +| taint.cpp:69:7:69:7 | MyClass | 0 | const MyClass & | +| taint.cpp:69:7:69:7 | operator= | 0 | MyClass && | +| taint.cpp:69:7:69:7 | operator= | 0 | const MyClass & | +| taint.cpp:100:6:100:15 | array_test | 0 | int | +| taint.cpp:142:5:142:10 | select | 0 | int | +| taint.cpp:142:5:142:10 | select | 1 | int | +| taint.cpp:142:5:142:10 | select | 2 | int | +| taint.cpp:150:6:150:12 | fn_test | 0 | int | +| taint.cpp:156:7:156:12 | strcpy | 0 | char * | +| taint.cpp:156:7:156:12 | strcpy | 1 | const char * | +| taint.cpp:157:7:157:12 | strcat | 0 | char * | +| taint.cpp:157:7:157:12 | strcat | 1 | const char * | +| taint.cpp:180:7:180:12 | callee | 0 | int * | +| taint.cpp:190:7:190:12 | memcpy | 0 | void * | +| taint.cpp:190:7:190:12 | memcpy | 1 | void * | +| taint.cpp:190:7:190:12 | memcpy | 2 | int | +| taint.cpp:192:6:192:16 | test_memcpy | 0 | int * | +| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | const lambda [] type at line 233, col. 11 & | +| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | lambda [] type at line 233, col. 11 && | +| taint.cpp:228:11:228:11 | operator= | 0 | const lambda [] type at line 233, col. 11 & | +| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | const lambda [] type at line 240, col. 11 & | +| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | lambda [] type at line 240, col. 11 && | +| taint.cpp:235:11:235:11 | operator= | 0 | const lambda [] type at line 240, col. 11 & | +| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | const lambda [] type at line 248, col. 11 & | +| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | lambda [] type at line 248, col. 11 && | +| taint.cpp:243:11:243:11 | operator= | 0 | const lambda [] type at line 248, col. 11 & | +| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | const lambda [] type at line 254, col. 11 & | +| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | lambda [] type at line 254, col. 11 && | +| taint.cpp:249:11:249:11 | operator= | 0 | const lambda [] type at line 254, col. 11 & | +| taint.cpp:249:13:249:13 | _FUN | 0 | int | +| taint.cpp:249:13:249:13 | _FUN | 1 | int | +| taint.cpp:249:13:249:13 | operator() | 0 | int | +| taint.cpp:249:13:249:13 | operator() | 1 | int | +| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | const lambda [] type at line 260, col. 11 & | +| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | lambda [] type at line 260, col. 11 && | +| taint.cpp:255:11:255:11 | operator= | 0 | const lambda [] type at line 260, col. 11 & | +| taint.cpp:255:13:255:13 | _FUN | 0 | int & | +| taint.cpp:255:13:255:13 | _FUN | 1 | int & | +| taint.cpp:255:13:255:13 | _FUN | 2 | int & | +| taint.cpp:255:13:255:13 | operator() | 0 | int & | +| taint.cpp:255:13:255:13 | operator() | 1 | int & | +| taint.cpp:255:13:255:13 | operator() | 2 | int & | +| taint.cpp:266:5:266:6 | id | 0 | int | +| taint.cpp:297:6:297:14 | myAssign1 | 0 | int & | +| taint.cpp:297:6:297:14 | myAssign1 | 1 | int & | +| taint.cpp:302:6:302:14 | myAssign2 | 0 | int & | +| taint.cpp:302:6:302:14 | myAssign2 | 1 | int | +| taint.cpp:307:6:307:14 | myAssign3 | 0 | int * | +| taint.cpp:307:6:307:14 | myAssign3 | 1 | int | +| taint.cpp:312:6:312:14 | myAssign4 | 0 | int * | +| taint.cpp:312:6:312:14 | myAssign4 | 1 | int | +| taint.cpp:320:6:320:16 | myNotAssign | 0 | int & | +| taint.cpp:320:6:320:16 | myNotAssign | 1 | int & | +| taint.cpp:361:7:361:12 | strdup | 0 | const char * | +| taint.cpp:362:7:362:13 | strndup | 0 | const char * | +| taint.cpp:362:7:362:13 | strndup | 1 | size_t | +| taint.cpp:363:10:363:15 | wcsdup | 0 | const wchar_t * | +| taint.cpp:364:7:364:13 | strdupa | 0 | const char * | +| taint.cpp:365:7:365:14 | strndupa | 0 | const char * | +| taint.cpp:365:7:365:14 | strndupa | 1 | size_t | +| taint.cpp:367:6:367:16 | test_strdup | 0 | char * | +| taint.cpp:379:6:379:17 | test_strndup | 0 | int | +| taint.cpp:387:6:387:16 | test_wcsdup | 0 | wchar_t * | +| taint.cpp:397:6:397:17 | test_strdupa | 0 | char * | +| taint.cpp:409:6:409:18 | test_strndupa | 0 | int | +| taint.cpp:419:7:419:7 | MyClass2 | 0 | MyClass2 && | +| taint.cpp:419:7:419:7 | MyClass2 | 0 | const MyClass2 & | +| taint.cpp:419:7:419:7 | operator= | 0 | MyClass2 && | +| taint.cpp:419:7:419:7 | operator= | 0 | const MyClass2 & | +| taint.cpp:421:2:421:9 | MyClass2 | 0 | int | +| taint.cpp:422:7:422:15 | setMember | 0 | int | +| taint.cpp:428:7:428:7 | MyClass3 | 0 | MyClass3 && | +| taint.cpp:428:7:428:7 | MyClass3 | 0 | const MyClass3 & | +| taint.cpp:428:7:428:7 | operator= | 0 | MyClass3 && | +| taint.cpp:428:7:428:7 | operator= | 0 | const MyClass3 & | +| taint.cpp:430:2:430:9 | MyClass3 | 0 | const char * | +| taint.cpp:431:7:431:15 | setString | 0 | const char * | +| taint.cpp:474:6:474:9 | swop | 0 | int & | +| taint.cpp:474:6:474:9 | swop | 1 | int & | +| taint.cpp:500:5:500:12 | getdelim | 0 | char ** | +| taint.cpp:500:5:500:12 | getdelim | 1 | size_t * | +| taint.cpp:500:5:500:12 | getdelim | 2 | int | +| taint.cpp:500:5:500:12 | getdelim | 3 | FILE * | +| taint.cpp:502:6:502:18 | test_getdelim | 0 | FILE * | +| taint.cpp:512:7:512:12 | strtok | 0 | char * | +| taint.cpp:512:7:512:12 | strtok | 1 | const char * | +| taint.cpp:514:6:514:16 | test_strtok | 0 | char * | +| taint.cpp:523:7:523:13 | _strset | 0 | char * | +| taint.cpp:523:7:523:13 | _strset | 1 | int | +| taint.cpp:525:6:525:18 | test_strset_1 | 0 | char * | +| taint.cpp:525:6:525:18 | test_strset_1 | 1 | char | +| taint.cpp:531:6:531:18 | test_strset_2 | 0 | char * | +| taint.cpp:538:7:538:13 | mempcpy | 0 | void * | +| taint.cpp:538:7:538:13 | mempcpy | 1 | const void * | +| taint.cpp:538:7:538:13 | mempcpy | 2 | size_t | +| taint.cpp:540:6:540:17 | test_mempcpy | 0 | int * | +| taint.cpp:548:7:548:13 | memccpy | 0 | void * | +| taint.cpp:548:7:548:13 | memccpy | 1 | const void * | +| taint.cpp:548:7:548:13 | memccpy | 2 | int | +| taint.cpp:548:7:548:13 | memccpy | 3 | size_t | +| taint.cpp:550:6:550:17 | test_memccpy | 0 | int * | +| taint.cpp:558:7:558:12 | strcat | 0 | char * | +| taint.cpp:558:7:558:12 | strcat | 1 | const char * | +| taint.cpp:560:6:560:16 | test_strcat | 0 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 1 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 2 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 3 | char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 0 | unsigned char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 1 | const unsigned char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 2 | int | +| taint.cpp:570:16:570:25 | _mbsncat_l | 3 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 0 | unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 1 | const unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 2 | unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 3 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 4 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 5 | int | +| taint.cpp:589:7:589:12 | strsep | 0 | char ** | +| taint.cpp:589:7:589:12 | strsep | 1 | const char * | +| taint.cpp:591:6:591:16 | test_strsep | 0 | char * | +| taint.cpp:602:7:602:13 | _strinc | 0 | const char * | +| taint.cpp:602:7:602:13 | _strinc | 1 | _locale_t | +| taint.cpp:603:16:603:22 | _mbsinc | 0 | const unsigned char * | +| taint.cpp:604:16:604:22 | _strdec | 0 | const unsigned char * | +| taint.cpp:604:16:604:22 | _strdec | 1 | const unsigned char * | +| taint.cpp:606:6:606:17 | test__strinc | 0 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 1 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 2 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 3 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 4 | _locale_t | +| taint.cpp:616:6:616:17 | test__mbsinc | 0 | unsigned char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 1 | char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 2 | unsigned char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 3 | char * | +| taint.cpp:626:6:626:17 | test__strdec | 0 | const unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 1 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 2 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 3 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 4 | unsigned char * | +| taint.cpp:645:14:645:22 | _strnextc | 0 | const char * | +| taint.cpp:647:6:647:19 | test__strnextc | 0 | const char * | +| taint.cpp:659:7:659:7 | operator= | 0 | C_no_const_member_function && | +| taint.cpp:659:7:659:7 | operator= | 0 | const C_no_const_member_function & | +| taint.cpp:665:6:665:25 | test_no_const_member | 0 | char * | +| taint.cpp:671:7:671:7 | operator= | 0 | C_const_member_function && | +| taint.cpp:671:7:671:7 | operator= | 0 | const C_const_member_function & | +| taint.cpp:677:6:677:27 | test_with_const_member | 0 | char * | +| taint.cpp:683:6:683:20 | argument_source | 0 | void * | +| taint.cpp:685:8:685:8 | operator= | 0 | const two_members & | +| taint.cpp:685:8:685:8 | operator= | 0 | two_members && | +| taint.cpp:707:8:707:14 | strncpy | 0 | char * | +| taint.cpp:707:8:707:14 | strncpy | 1 | const char * | +| taint.cpp:707:8:707:14 | strncpy | 2 | unsigned long | +| taint.cpp:709:6:709:17 | test_strncpy | 0 | char * | +| taint.cpp:709:6:709:17 | test_strncpy | 1 | char * | +| taint.cpp:725:10:725:15 | strtol | 0 | const char * | +| taint.cpp:725:10:725:15 | strtol | 1 | char ** | +| taint.cpp:725:10:725:15 | strtol | 2 | int | +| taint.cpp:727:6:727:16 | test_strtol | 0 | char * | +| taint.cpp:735:7:735:12 | malloc | 0 | size_t | +| taint.cpp:736:7:736:13 | realloc | 0 | void * | +| taint.cpp:736:7:736:13 | realloc | 1 | size_t | +| taint.cpp:744:6:744:32 | test_realloc_2_indirections | 0 | int ** | +| taint.cpp:751:9:751:9 | operator= | 0 | A && | +| taint.cpp:751:9:751:9 | operator= | 0 | const A & | +| taint.cpp:758:5:758:11 | sprintf | 0 | char * | +| taint.cpp:758:5:758:11 | sprintf | 1 | const char * | +| taint.cpp:760:6:760:23 | call_sprintf_twice | 0 | char * | +| taint.cpp:760:6:760:23 | call_sprintf_twice | 1 | char * | +| taint.cpp:771:8:771:8 | operator= | 0 | TaintInheritingContentObject && | +| taint.cpp:771:8:771:8 | operator= | 0 | const TaintInheritingContentObject & | +| taint.cpp:775:30:775:35 | source | 0 | bool | +| taint.cpp:782:7:782:11 | fopen | 0 | const char * | +| taint.cpp:782:7:782:11 | fopen | 1 | const char * | +| taint.cpp:783:5:783:11 | fopen_s | 0 | FILE ** | +| taint.cpp:783:5:783:11 | fopen_s | 1 | const char * | +| taint.cpp:783:5:783:11 | fopen_s | 2 | const char * | +| taint.cpp:785:6:785:15 | fopen_test | 0 | char * | +| vector.cpp:13:6:13:9 | sink | 0 | int | +| vector.cpp:14:27:14:30 | sink | 0 | vector, allocator>, allocator, allocator>>> & | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | +| vector.cpp:16:6:16:37 | test_range_based_for_loop_vector | 0 | int | +| vector.cpp:37:6:37:23 | test_element_taint | 0 | int | +| vector.cpp:145:8:145:8 | operator= | 0 | MyPair && | +| vector.cpp:145:8:145:8 | operator= | 0 | const MyPair & | +| vector.cpp:150:8:150:8 | MyVectorContainer | 0 | const MyVectorContainer & | +| vector.cpp:150:8:150:8 | operator= | 0 | MyVectorContainer && | +| vector.cpp:150:8:150:8 | operator= | 0 | const MyVectorContainer & | +| vector.cpp:216:6:216:9 | sink | 0 | iterator & | +| vector.cpp:231:6:231:9 | sink | 0 | vector> & | +| vector.cpp:232:6:232:9 | sink | 0 | vector> & | +| vector.cpp:279:6:279:9 | sink | 0 | int * | +| vector.cpp:295:6:295:9 | sink | 0 | iterator | +| vector.cpp:329:6:329:33 | taint_vector_output_iterator | 0 | iterator | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 0 | iterator | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 1 | int | +| vector.cpp:337:6:337:32 | test_vector_output_iterator | 0 | int | +| vector.cpp:417:6:417:25 | test_vector_inserter | 0 | char * | +| vector.cpp:454:7:454:12 | memcpy | 0 | void * | +| vector.cpp:454:7:454:12 | memcpy | 1 | const void * | +| vector.cpp:454:7:454:12 | memcpy | 2 | size_t | +| vector.cpp:461:6:461:9 | sink | 0 | vector> & | +| vector.cpp:462:6:462:9 | sink | 0 | string & | +| zmq.cpp:9:8:9:8 | operator= | 0 | const zmq_msg_t & | +| zmq.cpp:9:8:9:8 | operator= | 0 | zmq_msg_t && | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 0 | zmq_msg_t * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 1 | void * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 2 | size_t | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 3 | zmq_free_fn * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 4 | void * | +| zmq.cpp:15:7:15:18 | zmq_msg_data | 0 | zmq_msg_t * | +| zmq.cpp:17:6:17:13 | test_zmc | 0 | void * | +| zmq.cpp:17:6:17:13 | test_zmc | 1 | char * | +| zmq.cpp:17:6:17:13 | test_zmc | 2 | size_t | From 02428745bdf126588ddb42522042dfa78a46ee67 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 16:12:58 +0000 Subject: [PATCH 38/65] C++: Add change note. --- cpp/ql/src/change-notes/2024-11-27-active-template-library.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/src/change-notes/2024-11-27-active-template-library.md diff --git a/cpp/ql/src/change-notes/2024-11-27-active-template-library.md b/cpp/ql/src/change-notes/2024-11-27-active-template-library.md new file mode 100644 index 000000000000..a677ac661077 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-11-27-active-template-library.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL). \ No newline at end of file From 3c0af498db588c2fd3974fd64f58687b33360581 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 27 Nov 2024 19:04:25 +0000 Subject: [PATCH 39/65] C++: Fix bug introduced in an earlier commit and accept test changes. They all look good. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 4 +- .../taint-tests/test_mad-signatures.expected | 193 ------------------ 2 files changed, 2 insertions(+), 195 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index ac10651b5519..9496bfe98ba1 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -437,13 +437,13 @@ private predicate elementSpec( private predicate isClassConstructedFrom(Class c, Class templateClass) { c.isConstructedFrom(templateClass) or - not any(Class c_).isConstructedFrom(templateClass) and c = templateClass + not c.isConstructedFrom(_) and c = templateClass } private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { f.isConstructedFrom(templateFunc) or - not any(Function f_).isConstructedFrom(templateFunc) and f = templateFunc + not f.isConstructedFrom(_) and f = templateFunc } /** Gets the fully templated version of `f`. */ diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 1f84cd3379af..0d121219209a 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -76,15 +76,6 @@ signatureMatches | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| stl.h:165:8:165:16 | push_back | (char) | CComBSTR | Append | 0 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | deque | assign | 0 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | deque | assign | 1 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | forward_list | assign | 0 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | forward_list | assign | 1 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | list | assign | 0 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | list | assign | 1 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | vector | assign | 0 | -| stl.h:181:47:181:52 | append | (InputIt,InputIt) | vector | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign | 0 | @@ -93,14 +84,6 @@ signatureMatches | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | list | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | vector | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | vector | assign | 1 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | deque | assign | 0 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | deque | assign | 1 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | forward_list | assign | 0 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | forward_list | assign | 1 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | list | assign | 0 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | list | assign | 1 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | vector | assign | 0 | -| stl.h:184:47:184:52 | assign | (InputIt,InputIt) | vector | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | deque | assign | 0 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | deque | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | forward_list | assign | 0 | @@ -109,18 +92,6 @@ signatureMatches | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | list | assign | 1 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | vector | assign | 0 | | stl.h:185:17:185:22 | insert | (InputIt,InputIt) | vector | assign | 1 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 0 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 1 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | deque | insert | 2 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 0 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 1 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | forward_list | insert_after | 2 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 0 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 1 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | list | insert | 2 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 0 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 1 | -| stl.h:189:42:189:47 | insert | (const_iterator,InputIt,InputIt) | vector | insert | 2 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 0 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 1 | | stl.h:190:17:190:23 | replace | (const_iterator,InputIt,InputIt) | deque | insert | 2 | @@ -561,13 +532,10 @@ getParameterTypeName | atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | LPCTSTR | | atl.cpp:193:10:193:12 | Add | 0 | INARGTYPclass:0 | | atl.cpp:195:10:195:15 | Append | 0 | const CAtlArray & | -| atl.cpp:195:10:195:15 | Append | 0 | const CAtlArray> & | | atl.cpp:196:8:196:11 | Copy | 0 | const CAtlArray & | -| atl.cpp:196:8:196:11 | Copy | 0 | const CAtlArray> & | | atl.cpp:198:6:198:10 | GetAt | 0 | size_t | | atl.cpp:202:8:202:20 | InsertArrayAt | 0 | size_t | | atl.cpp:202:8:202:20 | InsertArrayAt | 1 | const CAtlArray * | -| atl.cpp:202:8:202:20 | InsertArrayAt | 1 | const CAtlArray> * | | atl.cpp:203:8:203:15 | InsertAt | 0 | size_t | | atl.cpp:203:8:203:15 | InsertAt | 1 | INARGTYPclass:0 | | atl.cpp:203:8:203:15 | InsertAt | 2 | size_t | @@ -577,10 +545,8 @@ getParameterTypeName | atl.cpp:256:3:256:10 | CAtlList | 0 | UINT | | atl.cpp:259:12:259:18 | AddHead | 0 | INARGTYPclass:0 | | atl.cpp:260:8:260:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:260:8:260:18 | AddHeadList | 0 | const CAtlList> * | | atl.cpp:262:12:262:18 | AddTail | 0 | INARGTYPclass:0 | | atl.cpp:263:8:263:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:263:8:263:18 | AddTailList | 0 | const CAtlList> * | | atl.cpp:264:12:264:15 | Find | 0 | INARGTYPclass:0 | | atl.cpp:264:12:264:15 | Find | 1 | POSITION | | atl.cpp:265:12:265:20 | FindIndex | 0 | size_t | @@ -633,12 +599,10 @@ getParameterTypeName | atl.cpp:537:3:537:15 | CComSafeArray | 0 | const SAFEARRAY * | | atl.cpp:541:11:541:13 | Add | 0 | const SAFEARRAY * | | atl.cpp:543:11:543:13 | Add | 0 | const class:0 & | -| atl.cpp:543:11:543:13 | Add | 0 | const int & | | atl.cpp:543:11:543:13 | Add | 1 | BOOL | | atl.cpp:551:6:551:10 | GetAt | 0 | LONG | | atl.cpp:562:11:562:15 | SetAt | 0 | LONG | | atl.cpp:562:11:562:15 | SetAt | 1 | const class:0 & | -| atl.cpp:562:11:562:15 | SetAt | 1 | const int & | | atl.cpp:562:11:562:15 | SetAt | 2 | BOOL | | atl.cpp:564:6:564:15 | operator[] | 0 | long | | atl.cpp:565:6:565:15 | operator[] | 0 | int | @@ -651,33 +615,21 @@ getParameterTypeName | atl.cpp:619:22:619:33 | CommonPrefix | 0 | PCXSTR | | atl.cpp:656:23:656:32 | operator+= | 0 | PCXSTR | | atl.cpp:716:8:716:10 | Add | 0 | const class:0 & | -| atl.cpp:716:8:716:10 | Add | 0 | const int & | | atl.cpp:717:7:717:10 | Find | 0 | const class:0 & | -| atl.cpp:717:7:717:10 | Find | 0 | const int & | | atl.cpp:728:6:728:15 | operator[] | 0 | int | | atl.cpp:729:21:729:29 | operator= | 0 | const CSimpleArray & | -| atl.cpp:762:8:762:10 | Add | 0 | char *const & | | atl.cpp:762:8:762:10 | Add | 0 | const class:0 & | | atl.cpp:762:8:762:10 | Add | 1 | const class:1 & | -| atl.cpp:762:8:762:10 | Add | 1 | wchar_t *const & | -| atl.cpp:763:7:763:13 | FindKey | 0 | char *const & | | atl.cpp:763:7:763:13 | FindKey | 0 | const class:0 & | | atl.cpp:764:7:764:13 | FindVal | 0 | const class:1 & | -| atl.cpp:764:7:764:13 | FindVal | 0 | wchar_t *const & | | atl.cpp:767:9:767:18 | GetValueAt | 0 | int | -| atl.cpp:768:8:768:13 | Lookup | 0 | char *const & | | atl.cpp:768:8:768:13 | Lookup | 0 | const class:0 & | | atl.cpp:772:8:772:20 | ReverseLookup | 0 | const class:1 & | -| atl.cpp:772:8:772:20 | ReverseLookup | 0 | wchar_t *const & | -| atl.cpp:773:8:773:12 | SetAt | 0 | char *const & | | atl.cpp:773:8:773:12 | SetAt | 0 | const class:0 & | | atl.cpp:773:8:773:12 | SetAt | 1 | const class:1 & | -| atl.cpp:773:8:773:12 | SetAt | 1 | wchar_t *const & | | atl.cpp:774:8:774:17 | SetAtIndex | 0 | int | -| atl.cpp:774:8:774:17 | SetAtIndex | 1 | char *const & | | atl.cpp:774:8:774:17 | SetAtIndex | 1 | const class:0 & | | atl.cpp:774:8:774:17 | SetAtIndex | 2 | const class:1 & | -| atl.cpp:774:8:774:17 | SetAtIndex | 2 | wchar_t *const & | | atl.cpp:813:9:813:17 | operator= | 0 | const CUrl & | | atl.cpp:815:3:815:6 | CUrl | 0 | const CUrl & | | atl.cpp:818:15:818:26 | Canonicalize | 0 | DWORD | @@ -826,7 +778,6 @@ getParameterTypeName | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | -| stl.h:29:34:29:40 | forward | 0 | remove_reference_t> & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | @@ -835,8 +786,6 @@ getParameterTypeName | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | | stl.h:49:3:49:10 | iterator | 0 | const iterator & | -| stl.h:49:3:49:10 | iterator | 0 | const iterator, ptrdiff_t, pair *, pair &> & | -| stl.h:49:3:49:10 | iterator | 0 | const iterator, ptrdiff_t, pair *, pair &> & | | stl.h:52:12:52:21 | operator++ | 0 | int | | stl.h:52:12:52:21 | operator++ | 0 | int | | stl.h:52:12:52:21 | operator++ | 0 | int | @@ -849,7 +798,6 @@ getParameterTypeName | stl.h:56:8:56:17 | operator!= | 0 | iterator | | stl.h:56:8:56:17 | operator!= | 0 | iterator | | stl.h:56:8:56:17 | operator!= | 0 | iterator | -| stl.h:56:8:56:17 | operator!= | 0 | iterator, ptrdiff_t, pair *, pair &> | | stl.h:59:12:59:20 | operator+ | 0 | int | | stl.h:60:12:60:20 | operator- | 0 | int | | stl.h:61:13:61:22 | operator+= | 0 | int | @@ -868,92 +816,51 @@ getParameterTypeName | stl.h:72:9:72:9 | operator= | 0 | output_iterator_tag && | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | -| stl.h:86:22:86:41 | back_insert_iterator | 0 | vector, allocator>, allocator, allocator>>> & | -| stl.h:86:22:86:41 | back_insert_iterator | 0 | vector> & | | stl.h:88:25:88:33 | operator= | 0 | value_type && | | stl.h:88:25:88:33 | operator= | 0 | value_type && | | stl.h:91:24:91:33 | operator++ | 0 | int | | stl.h:91:24:91:33 | operator++ | 0 | int | | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & | | stl.h:95:44:95:44 | back_inserter | 0 | func:0 & | -| stl.h:95:44:95:44 | back_inserter | 0 | vector, allocator>, allocator, allocator>>> & | -| stl.h:95:44:95:44 | back_inserter | 0 | vector> & | -| stl.h:147:12:147:23 | basic_string | 0 | const allocator & | -| stl.h:148:3:148:14 | basic_string | 0 | const char * | | stl.h:148:3:148:14 | basic_string | 0 | const class:2 & | -| stl.h:148:3:148:14 | basic_string | 1 | const allocator & | | stl.h:149:33:149:44 | basic_string | 0 | const class:0 * | -| stl.h:149:33:149:44 | basic_string | 0 | func:0 | | stl.h:149:33:149:44 | basic_string | 1 | const class:2 & | -| stl.h:149:33:149:44 | basic_string | 1 | func:0 | -| stl.h:149:33:149:44 | basic_string | 2 | const allocator & | | stl.h:151:16:151:20 | c_str | 0 | func:0 | | stl.h:151:16:151:20 | c_str | 1 | func:0 | | stl.h:151:16:151:20 | c_str | 2 | const class:2 & | -| stl.h:165:8:165:16 | push_back | 0 | char | | stl.h:173:13:173:22 | operator[] | 0 | size_type | | stl.h:175:13:175:14 | at | 0 | size_type | -| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & | -| stl.h:176:35:176:44 | operator+= | 0 | const func:0 & | | stl.h:176:35:176:44 | operator+= | 0 | size_type | | stl.h:176:35:176:44 | operator+= | 0 | size_type | -| stl.h:177:17:177:26 | operator+= | 0 | const char * | | stl.h:177:17:177:26 | operator+= | 0 | const func:0 & | -| stl.h:178:17:178:22 | append | 0 | const basic_string, allocator> & | | stl.h:178:17:178:22 | append | 0 | const class:0 * | | stl.h:179:17:179:22 | append | 0 | const basic_string & | -| stl.h:179:17:179:22 | append | 0 | const char * | | stl.h:180:17:180:22 | append | 0 | const class:0 * | -| stl.h:180:17:180:22 | append | 0 | size_type | -| stl.h:180:17:180:22 | append | 1 | char | -| stl.h:181:47:181:52 | append | 0 | func:0 | | stl.h:181:47:181:52 | append | 0 | size_type | | stl.h:181:47:181:52 | append | 1 | class:0 | -| stl.h:181:47:181:52 | append | 1 | func:0 | -| stl.h:182:17:182:22 | assign | 0 | const basic_string, allocator> & | | stl.h:182:17:182:22 | assign | 0 | func:0 | | stl.h:182:17:182:22 | assign | 1 | func:0 | | stl.h:183:17:183:22 | assign | 0 | const basic_string & | -| stl.h:183:17:183:22 | assign | 0 | size_type | -| stl.h:183:17:183:22 | assign | 1 | char | -| stl.h:184:47:184:52 | assign | 0 | func:0 | | stl.h:184:47:184:52 | assign | 0 | size_type | | stl.h:184:47:184:52 | assign | 1 | class:0 | -| stl.h:184:47:184:52 | assign | 1 | func:0 | | stl.h:185:17:185:22 | insert | 0 | func:0 | -| stl.h:185:17:185:22 | insert | 0 | size_type | -| stl.h:185:17:185:22 | insert | 1 | const basic_string, allocator> & | | stl.h:185:17:185:22 | insert | 1 | func:0 | | stl.h:186:17:186:22 | insert | 0 | size_type | | stl.h:186:17:186:22 | insert | 1 | const basic_string & | -| stl.h:186:17:186:22 | insert | 1 | size_type | -| stl.h:186:17:186:22 | insert | 2 | char | | stl.h:187:17:187:22 | insert | 0 | size_type | -| stl.h:187:17:187:22 | insert | 1 | const char * | | stl.h:187:17:187:22 | insert | 1 | size_type | | stl.h:187:17:187:22 | insert | 2 | class:0 | -| stl.h:188:12:188:17 | insert | 0 | const_iterator | | stl.h:188:12:188:17 | insert | 0 | size_type | | stl.h:188:12:188:17 | insert | 1 | const class:0 * | -| stl.h:188:12:188:17 | insert | 1 | size_type | -| stl.h:188:12:188:17 | insert | 2 | char | | stl.h:189:42:189:47 | insert | 0 | const_iterator | -| stl.h:189:42:189:47 | insert | 1 | func:0 | | stl.h:189:42:189:47 | insert | 1 | size_type | | stl.h:189:42:189:47 | insert | 2 | class:0 | -| stl.h:189:42:189:47 | insert | 2 | func:0 | | stl.h:190:17:190:23 | replace | 0 | const_iterator | -| stl.h:190:17:190:23 | replace | 0 | size_type | | stl.h:190:17:190:23 | replace | 1 | func:0 | -| stl.h:190:17:190:23 | replace | 1 | size_type | -| stl.h:190:17:190:23 | replace | 2 | const basic_string, allocator> & | | stl.h:190:17:190:23 | replace | 2 | func:0 | | stl.h:191:17:191:23 | replace | 0 | size_type | | stl.h:191:17:191:23 | replace | 1 | size_type | | stl.h:191:17:191:23 | replace | 2 | const basic_string & | -| stl.h:191:17:191:23 | replace | 2 | size_type | -| stl.h:191:17:191:23 | replace | 3 | char | -| stl.h:192:13:192:16 | copy | 0 | char * | | stl.h:192:13:192:16 | copy | 0 | size_type | | stl.h:192:13:192:16 | copy | 1 | size_type | | stl.h:192:13:192:16 | copy | 2 | size_type | @@ -961,18 +868,11 @@ getParameterTypeName | stl.h:193:8:193:12 | clear | 0 | class:0 * | | stl.h:193:8:193:12 | clear | 1 | size_type | | stl.h:193:8:193:12 | clear | 2 | size_type | -| stl.h:194:16:194:21 | substr | 0 | size_type | -| stl.h:194:16:194:21 | substr | 1 | size_type | -| stl.h:195:8:195:11 | swap | 0 | basic_string, allocator> & | | stl.h:195:8:195:11 | swap | 0 | size_type | | stl.h:195:8:195:11 | swap | 1 | size_type | | stl.h:198:94:198:102 | operator+ | 0 | const basic_string & | -| stl.h:198:94:198:102 | operator+ | 0 | const basic_string, allocator> & | | stl.h:198:94:198:102 | operator+ | 1 | const basic_string & | -| stl.h:198:94:198:102 | operator+ | 1 | const basic_string, allocator> & | | stl.h:199:94:199:102 | operator+ | 0 | const basic_string & | -| stl.h:199:94:199:102 | operator+ | 0 | const basic_string, allocator> & | -| stl.h:199:94:199:102 | operator+ | 1 | const char * | | stl.h:199:94:199:102 | operator+ | 1 | const func:0 * | | stl.h:214:33:214:42 | operator>> | 0 | int & | | stl.h:217:33:217:35 | get | 0 | char_type & | @@ -989,49 +889,26 @@ getParameterTypeName | stl.h:226:32:226:38 | getline | 1 | streamsize | | stl.h:226:32:226:38 | getline | 2 | char_type | | stl.h:229:68:229:77 | operator>> | 0 | basic_istream & | -| stl.h:229:68:229:77 | operator>> | 0 | basic_istream> & | -| stl.h:229:68:229:77 | operator>> | 1 | char * | | stl.h:229:68:229:77 | operator>> | 1 | func:0 * | | stl.h:230:85:230:94 | operator>> | 0 | basic_istream & | -| stl.h:230:85:230:94 | operator>> | 0 | basic_istream> & | | stl.h:230:85:230:94 | operator>> | 1 | basic_string & | -| stl.h:230:85:230:94 | operator>> | 1 | basic_string, allocator> & | | stl.h:232:84:232:90 | getline | 0 | basic_istream & | -| stl.h:232:84:232:90 | getline | 0 | basic_istream> & | | stl.h:232:84:232:90 | getline | 1 | basic_string & | -| stl.h:232:84:232:90 | getline | 1 | basic_string, allocator> & | -| stl.h:232:84:232:90 | getline | 2 | char | | stl.h:232:84:232:90 | getline | 2 | func:0 | | stl.h:233:84:233:90 | getline | 0 | basic_istream & | -| stl.h:233:84:233:90 | getline | 0 | basic_istream> & | | stl.h:233:84:233:90 | getline | 1 | basic_string & | -| stl.h:233:84:233:90 | getline | 1 | basic_string, allocator> & | | stl.h:240:33:240:42 | operator<< | 0 | int | | stl.h:242:33:242:35 | put | 0 | char_type | | stl.h:243:33:243:37 | write | 0 | const char_type * | | stl.h:243:33:243:37 | write | 1 | streamsize | | stl.h:247:67:247:76 | operator<< | 0 | basic_ostream & | -| stl.h:247:67:247:76 | operator<< | 0 | basic_ostream> & | -| stl.h:247:67:247:76 | operator<< | 1 | const char * | | stl.h:247:67:247:76 | operator<< | 1 | const func:0 * | | stl.h:248:85:248:94 | operator<< | 0 | basic_ostream & | -| stl.h:248:85:248:94 | operator<< | 0 | basic_ostream> & | | stl.h:248:85:248:94 | operator<< | 1 | const basic_string & | -| stl.h:248:85:248:94 | operator<< | 1 | const basic_string, allocator> & | | stl.h:259:12:259:29 | basic_stringstream | 0 | const basic_string & | -| stl.h:259:12:259:29 | basic_stringstream | 0 | const basic_string, allocator> & | | stl.h:263:23:263:31 | operator= | 0 | basic_stringstream && | -| stl.h:263:23:263:31 | operator= | 0 | basic_stringstream, allocator> && | | stl.h:265:8:265:11 | swap | 0 | basic_stringstream & | -| stl.h:265:8:265:11 | swap | 0 | basic_stringstream, allocator> & | | stl.h:268:8:268:10 | str | 0 | const basic_string & | -| stl.h:268:8:268:10 | str | 0 | const basic_string, allocator> & | -| stl.h:293:12:293:17 | vector | 0 | const allocator & | -| stl.h:293:12:293:17 | vector | 0 | const allocator & | -| stl.h:293:12:293:17 | vector | 0 | const allocator & | -| stl.h:293:12:293:17 | vector | 0 | const allocator & | -| stl.h:293:12:293:17 | vector | 0 | const allocator & | -| stl.h:293:12:293:17 | vector | 0 | const allocator, allocator>> & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | | stl.h:293:12:293:17 | vector | 0 | const class:1 & | @@ -1041,9 +918,6 @@ getParameterTypeName | stl.h:294:12:294:17 | vector | 0 | size_type | | stl.h:294:12:294:17 | vector | 0 | size_type | | stl.h:294:12:294:17 | vector | 0 | size_type | -| stl.h:294:12:294:17 | vector | 1 | const allocator & | -| stl.h:294:12:294:17 | vector | 1 | const allocator & | -| stl.h:294:12:294:17 | vector | 1 | const allocator>> & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | | stl.h:294:12:294:17 | vector | 1 | const class:1 & | @@ -1051,20 +925,13 @@ getParameterTypeName | stl.h:295:3:295:8 | vector | 0 | size_type | | stl.h:295:3:295:8 | vector | 1 | const class:0 & | | stl.h:295:3:295:8 | vector | 1 | const class:0 & | -| stl.h:295:3:295:8 | vector | 1 | const int & | -| stl.h:295:3:295:8 | vector | 1 | const short & | -| stl.h:295:3:295:8 | vector | 2 | const allocator & | -| stl.h:295:3:295:8 | vector | 2 | const allocator & | | stl.h:295:3:295:8 | vector | 2 | const class:1 & | | stl.h:295:3:295:8 | vector | 2 | const class:1 & | | stl.h:296:101:296:106 | vector | 0 | func:0 | | stl.h:296:101:296:106 | vector | 1 | func:0 | -| stl.h:296:101:296:106 | vector | 2 | const allocator & | | stl.h:296:101:296:106 | vector | 2 | const class:1 & | | stl.h:301:11:301:19 | operator= | 0 | const vector & | -| stl.h:301:11:301:19 | operator= | 0 | const vector> & | | stl.h:302:11:302:19 | operator= | 0 | vector && | -| stl.h:302:11:302:19 | operator= | 0 | vector> && | | stl.h:303:106:303:111 | assign | 0 | func:0 | | stl.h:303:106:303:111 | assign | 1 | func:0 | | stl.h:306:8:306:13 | assign | 0 | size_type | @@ -1073,9 +940,6 @@ getParameterTypeName | stl.h:306:8:306:13 | assign | 1 | const class:0 & | | stl.h:306:8:306:13 | assign | 1 | const class:0 & | | stl.h:306:8:306:13 | assign | 1 | const class:0 & | -| stl.h:306:8:306:13 | assign | 1 | const float & | -| stl.h:306:8:306:13 | assign | 1 | const int & | -| stl.h:306:8:306:13 | assign | 1 | const int *const & | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | @@ -1083,15 +947,11 @@ getParameterTypeName | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:315:13:315:22 | operator[] | 0 | size_type | | stl.h:318:13:318:14 | at | 0 | size_type | -| stl.h:327:8:327:16 | push_back | 0 | const MyPair & | -| stl.h:327:8:327:16 | push_back | 0 | const MyVectorContainer & | | stl.h:327:8:327:16 | push_back | 0 | const class:0 & | | stl.h:327:8:327:16 | push_back | 0 | const class:0 & | | stl.h:328:8:328:16 | push_back | 0 | class:0 && | -| stl.h:328:8:328:16 | push_back | 0 | int && | | stl.h:331:12:331:17 | insert | 0 | const_iterator | | stl.h:331:12:331:17 | insert | 1 | class:0 && | -| stl.h:331:12:331:17 | insert | 1 | int && | | stl.h:333:42:333:47 | insert | 0 | const_iterator | | stl.h:333:42:333:47 | insert | 0 | const_iterator | | stl.h:333:42:333:47 | insert | 1 | func:0 | @@ -1102,38 +962,21 @@ getParameterTypeName | stl.h:335:37:335:43 | emplace | 1 | func:0 && | | stl.h:336:33:336:44 | emplace_back | 0 | func:0 && | | stl.h:338:8:338:11 | swap | 0 | vector & | -| stl.h:338:8:338:11 | swap | 0 | vector> & | | stl.h:351:12:351:21 | shared_ptr | 0 | class:0 * | -| stl.h:351:12:351:21 | shared_ptr | 0 | int * | | stl.h:352:3:352:12 | shared_ptr | 0 | const shared_ptr & | | stl.h:352:3:352:12 | shared_ptr | 0 | const shared_ptr & | -| stl.h:369:12:369:21 | unique_ptr | 0 | A * | | stl.h:369:12:369:21 | unique_ptr | 0 | class:0 * | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | | stl.h:380:52:380:62 | make_unique | 0 | func:1 && | -| stl.h:380:52:380:62 | make_unique | 0 | int && | -| stl.h:380:52:380:62 | make_unique | 0 | int && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | | stl.h:382:52:382:62 | make_shared | 0 | func:1 && | -| stl.h:382:52:382:62 | make_shared | 0 | int && | -| stl.h:382:52:382:62 | make_shared | 0 | int && | -| stl.h:396:3:396:3 | pair | 0 | char *const & | -| stl.h:396:3:396:3 | pair | 0 | char *const & | -| stl.h:396:3:396:3 | pair | 0 | const char *const & | -| stl.h:396:3:396:3 | pair | 0 | const char *const & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | | stl.h:396:3:396:3 | pair | 0 | const class:0 & | -| stl.h:396:3:396:3 | pair | 0 | const pair & | -| stl.h:396:3:396:3 | pair | 1 | char *const & | -| stl.h:396:3:396:3 | pair | 1 | char *const & | -| stl.h:396:3:396:3 | pair | 1 | const char *const & | -| stl.h:396:3:396:3 | pair | 1 | const char *const & | -| stl.h:396:3:396:3 | pair | 1 | const char *const & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | | stl.h:396:3:396:3 | pair | 1 | const class:1 & | @@ -1152,24 +995,12 @@ getParameterTypeName | stl.h:397:30:397:33 | pair | 0 | const pair & | | stl.h:397:30:397:33 | pair | 0 | const pair & | | stl.h:399:8:399:11 | swap | 0 | pair & | -| stl.h:402:72:402:72 | make_pair | 0 | char *&& | -| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[2] | -| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[2] | -| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[4] | -| stl.h:402:72:402:72 | make_pair | 0 | const char(&)[4] | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | | stl.h:402:72:402:72 | make_pair | 0 | func:0 && | -| stl.h:402:72:402:72 | make_pair | 0 | pair && | -| stl.h:402:72:402:72 | make_pair | 1 | char *&& | -| stl.h:402:72:402:72 | make_pair | 1 | char *&& | -| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[2] | -| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | -| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | -| stl.h:402:72:402:72 | make_pair | 1 | const char(&)[4] | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | @@ -1177,9 +1008,7 @@ getParameterTypeName | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:402:72:402:72 | make_pair | 1 | func:1 && | | stl.h:422:3:422:5 | map | 0 | const map & | -| stl.h:422:3:422:5 | map | 0 | const map, allocator>> & | | stl.h:426:8:426:16 | operator= | 0 | const map & | -| stl.h:426:8:426:16 | operator= | 0 | const map, allocator>> & | | stl.h:435:6:435:15 | operator[] | 0 | key_type && | | stl.h:435:6:435:15 | operator[] | 0 | key_type && | | stl.h:436:6:436:7 | at | 0 | const key_type & | @@ -1209,19 +1038,14 @@ getParameterTypeName | stl.h:454:30:454:45 | insert_or_assign | 2 | func:0 && | | stl.h:456:12:456:16 | erase | 0 | iterator | | stl.h:459:8:459:11 | swap | 0 | map & | -| stl.h:459:8:459:11 | swap | 0 | map, allocator>> & | | stl.h:462:27:462:31 | merge | 0 | map & | -| stl.h:462:27:462:31 | merge | 0 | map>> & | | stl.h:465:12:465:15 | find | 0 | const key_type & | | stl.h:468:12:468:22 | lower_bound | 0 | const key_type & | | stl.h:470:12:470:22 | upper_bound | 0 | const key_type & | | stl.h:473:28:473:38 | equal_range | 0 | const key_type & | | stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map & | | stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map & | -| stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map, equal_to, allocator>> & | -| stl.h:490:3:490:15 | unordered_map | 0 | const unordered_map, hash, equal_to, allocator>>> & | | stl.h:494:18:494:26 | operator= | 0 | const unordered_map & | -| stl.h:494:18:494:26 | operator= | 0 | const unordered_map, equal_to, allocator>> & | | stl.h:503:16:503:25 | operator[] | 0 | key_type && | | stl.h:503:16:503:25 | operator[] | 0 | key_type && | | stl.h:504:16:504:17 | at | 0 | const key_type & | @@ -1260,17 +1084,13 @@ getParameterTypeName | stl.h:522:30:522:45 | insert_or_assign | 2 | func:0 && | | stl.h:524:12:524:16 | erase | 0 | iterator | | stl.h:527:8:527:11 | swap | 0 | unordered_map & | -| stl.h:527:8:527:11 | swap | 0 | unordered_map, equal_to, allocator>> & | | stl.h:530:37:530:41 | merge | 0 | unordered_map & | -| stl.h:530:37:530:41 | merge | 0 | unordered_map>> & | | stl.h:533:12:533:15 | find | 0 | const key_type & | | stl.h:536:28:536:38 | equal_range | 0 | const key_type & | | stl.h:555:3:555:5 | set | 0 | const set & | -| stl.h:555:3:555:5 | set | 0 | const set, allocator> & | | stl.h:557:33:557:35 | set | 0 | func:0 | | stl.h:557:33:557:35 | set | 1 | func:0 | | stl.h:560:8:560:16 | operator= | 0 | const set & | -| stl.h:560:8:560:16 | operator= | 0 | const set, allocator> & | | stl.h:568:48:568:54 | emplace | 0 | func:0 && | | stl.h:568:48:568:54 | emplace | 0 | func:0 && | | stl.h:569:36:569:47 | emplace_hint | 0 | const_iterator | @@ -1284,20 +1104,16 @@ getParameterTypeName | stl.h:574:38:574:43 | insert | 1 | func:0 | | stl.h:576:12:576:16 | erase | 0 | iterator | | stl.h:579:8:579:11 | swap | 0 | set & | -| stl.h:579:8:579:11 | swap | 0 | set, allocator> & | | stl.h:582:27:582:31 | merge | 0 | set & | -| stl.h:582:27:582:31 | merge | 0 | set> & | | stl.h:585:12:585:15 | find | 0 | const key_type & | | stl.h:588:12:588:22 | lower_bound | 0 | const key_type & | | stl.h:590:12:590:22 | upper_bound | 0 | const key_type & | | stl.h:592:28:592:38 | equal_range | 0 | const key_type & | | stl.h:609:3:609:15 | unordered_set | 0 | const unordered_set & | -| stl.h:609:3:609:15 | unordered_set | 0 | const unordered_set, equal_to, allocator> & | | stl.h:611:33:611:45 | unordered_set | 0 | func:0 | | stl.h:611:33:611:45 | unordered_set | 1 | func:0 | | stl.h:611:33:611:45 | unordered_set | 2 | size_type | | stl.h:614:18:614:26 | operator= | 0 | const unordered_set & | -| stl.h:614:18:614:26 | operator= | 0 | const unordered_set, equal_to, allocator> & | | stl.h:622:48:622:54 | emplace | 0 | func:0 && | | stl.h:622:48:622:54 | emplace | 0 | func:0 && | | stl.h:623:36:623:47 | emplace_hint | 0 | const_iterator | @@ -1311,21 +1127,17 @@ getParameterTypeName | stl.h:628:38:628:43 | insert | 1 | func:0 | | stl.h:630:12:630:16 | erase | 0 | iterator | | stl.h:633:8:633:11 | swap | 0 | unordered_set & | -| stl.h:633:8:633:11 | swap | 0 | unordered_set, equal_to, allocator> & | | stl.h:636:37:636:41 | merge | 0 | unordered_set & | -| stl.h:636:37:636:41 | merge | 0 | unordered_set> & | | stl.h:639:12:639:15 | find | 0 | const key_type & | | stl.h:641:28:641:38 | equal_range | 0 | const key_type & | | stl.h:671:21:671:39 | basic_format_string | 0 | const func:0 & | | stl.h:671:21:671:39 | basic_format_string | 0 | const func:0 & | | stl.h:678:33:678:38 | format | 0 | format_string | | stl.h:678:33:678:38 | format | 0 | format_string | -| stl.h:678:33:678:38 | format | 1 | char *&& | | stl.h:678:33:678:38 | format | 1 | func:0 && | | stl.h:678:33:678:38 | format | 1 | func:0 && | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 0 | format_string | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | func:0 && | -| stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | int & | | string.cpp:17:6:17:9 | sink | 0 | const char * | | string.cpp:18:6:18:9 | sink | 0 | const string & | | string.cpp:19:6:19:9 | sink | 0 | const char * | @@ -1344,7 +1156,6 @@ getParameterTypeName | structlikeclass.cpp:5:7:5:7 | operator= | 0 | StructLikeClass && | | structlikeclass.cpp:5:7:5:7 | operator= | 0 | const StructLikeClass & | | structlikeclass.cpp:8:2:8:16 | StructLikeClass | 0 | int | -| swap1.cpp:14:9:14:9 | move | 0 | Class & | | swap1.cpp:14:9:14:9 | move | 0 | func:0 & | | swap1.cpp:24:9:24:13 | Class | 0 | Class && | | swap1.cpp:25:9:25:13 | Class | 0 | const Class & | @@ -1355,7 +1166,6 @@ getParameterTypeName | swap1.cpp:53:14:53:17 | swap | 0 | Class & | | swap1.cpp:61:10:61:13 | swap | 0 | Class & | | swap1.cpp:61:10:61:13 | swap | 1 | Class & | -| swap2.cpp:14:9:14:9 | move | 0 | Class & | | swap2.cpp:14:9:14:9 | move | 0 | func:0 & | | swap2.cpp:24:9:24:13 | Class | 0 | Class && | | swap2.cpp:25:9:25:13 | Class | 0 | const Class & | @@ -1367,9 +1177,7 @@ getParameterTypeName | swap2.cpp:61:10:61:13 | swap | 0 | Class & | | swap2.cpp:61:10:61:13 | swap | 1 | Class & | | swap.h:4:20:4:23 | swap | 0 | func:0 & | -| swap.h:4:20:4:23 | swap | 0 | int & | | swap.h:4:20:4:23 | swap | 1 | func:0 & | -| swap.h:4:20:4:23 | swap | 1 | int & | | taint.cpp:4:6:4:21 | arithAssignments | 0 | int | | taint.cpp:4:6:4:21 | arithAssignments | 1 | int | | taint.cpp:22:5:22:13 | increment | 0 | int | @@ -1554,7 +1362,6 @@ getParameterTypeName | taint.cpp:783:5:783:11 | fopen_s | 2 | const char * | | taint.cpp:785:6:785:15 | fopen_test | 0 | char * | | vector.cpp:13:6:13:9 | sink | 0 | int | -| vector.cpp:14:27:14:30 | sink | 0 | vector, allocator>, allocator, allocator>>> & | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | | vector.cpp:16:6:16:37 | test_range_based_for_loop_vector | 0 | int | From 2c58279137a2f3da9b3c71e18d7966e2b9c60ad2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 3 Dec 2024 17:52:29 +0000 Subject: [PATCH 40/65] C++: Add QLDoc to 'isClassConstructedFrom' and 'isFunctionConstructedFrom'. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 9496bfe98ba1..d234dbc8e3ab 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -434,12 +434,30 @@ private predicate elementSpec( summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _) } +/** + * Holds if `c` is an instantiation of a class template `templateClass`, or + * holds with `c = templateClass` if `c` is not an instantiation of any class + * template. + * + * This predicate is used instead of `Class.isConstructedFrom` (which only + * holds for template instantiations) in this file to allow for uniform + * treatment of non-templated classes and class template instantiations. + */ private predicate isClassConstructedFrom(Class c, Class templateClass) { c.isConstructedFrom(templateClass) or not c.isConstructedFrom(_) and c = templateClass } +/** + * Holds if `f` is an instantiation of a function template `templateFunc`, or + * holds with `f = templateFunc` if `f` is not an instantiation of any function + * template. + * + * This predicate is used instead of `Function.isConstructedFrom` (which only + * holds for template instantiations) in this file to allow for uniform + * treatment of non-templated classes and class template instantiations. + */ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { f.isConstructedFrom(templateFunc) or From 0c8245f727e8fc7fac2b5731dcbc5e4d7bd86fdc Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 3 Dec 2024 17:53:01 +0000 Subject: [PATCH 41/65] Update cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index de3df30b2836..d8f5da016330 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -25,7 +25,8 @@ typedef wchar_t* LPWSTR, *PWSTR; typedef BSTR* LPBSTR; typedef unsigned short USHORT; typedef char *LPTSTR; -struct __POSITION { int unused; };typedef __POSITION* POSITION; +struct __POSITION { int unused; }; +typedef __POSITION* POSITION; typedef WORD ATL_URL_PORT; enum ATL_URL_SCHEME{ From 593e2233f827f63161c664be9c54ec556c59ddde Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 3 Dec 2024 17:55:59 +0000 Subject: [PATCH 42/65] C++: Update test changes after 0c8245f727e8fc7fac2b5731dcbc5e4d7bd86fdc. --- .../dataflow/taint-tests/localTaint.expected | 1608 ++++++++--------- .../taint-tests/test_mad-signatures.expected | 400 ++-- 2 files changed, 1004 insertions(+), 1004 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 3f77cb77b9cf..c8a2ee98665e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -140,820 +140,820 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT | | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | | | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT | -| atl.cpp:32:30:32:30 | 1 | atl.cpp:32:29:32:30 | - ... | TAINT | -| atl.cpp:76:14:76:25 | call to source | atl.cpp:77:21:77:21 | x | | -| atl.cpp:77:21:77:21 | x | atl.cpp:77:21:77:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:77:21:77:22 | call to _U_STRINGorID | atl.cpp:78:10:78:10 | u | | -| atl.cpp:82:17:82:43 | call to indirect_source | atl.cpp:83:21:83:21 | y | | -| atl.cpp:83:21:83:21 | y | atl.cpp:83:21:83:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:83:21:83:22 | call to _U_STRINGorID | atl.cpp:84:10:84:10 | u | | -| atl.cpp:103:15:103:35 | call to indirect_source | atl.cpp:104:19:104:19 | x | | -| atl.cpp:104:19:104:19 | x | atl.cpp:104:19:104:20 | call to CA2AEX | TAINT | -| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:105:29:105:29 | a | | -| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:106:10:106:10 | a | | -| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | | -| atl.cpp:104:19:104:20 | call to CA2AEX | atl.cpp:108:3:108:3 | a | | -| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:106:10:106:10 | a | | -| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:107:10:107:10 | a | | -| atl.cpp:105:29:105:29 | ref arg a | atl.cpp:108:3:108:3 | a | | -| atl.cpp:106:10:106:10 | a [post update] | atl.cpp:107:10:107:10 | a | | -| atl.cpp:106:10:106:10 | a [post update] | atl.cpp:108:3:108:3 | a | | -| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:3:108:3 | a | | -| atl.cpp:111:15:111:35 | call to indirect_source | atl.cpp:112:19:112:19 | x | | -| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:113:29:113:29 | a | | -| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:114:10:114:10 | a | | -| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | | -| atl.cpp:112:19:112:23 | call to CA2AEX | atl.cpp:116:3:116:3 | a | | -| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:114:10:114:10 | a | | -| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:115:10:115:10 | a | | -| atl.cpp:113:29:113:29 | ref arg a | atl.cpp:116:3:116:3 | a | | -| atl.cpp:114:10:114:10 | a [post update] | atl.cpp:115:10:115:10 | a | | -| atl.cpp:114:10:114:10 | a [post update] | atl.cpp:116:3:116:3 | a | | -| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:3:116:3 | a | | -| atl.cpp:129:14:129:34 | call to indirect_source | atl.cpp:131:20:131:20 | x | | -| atl.cpp:129:14:129:34 | call to indirect_source | atl.cpp:137:20:137:20 | x | | -| atl.cpp:131:20:131:20 | x | atl.cpp:131:20:131:21 | call to CA2CAEX | TAINT | -| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:132:30:132:30 | a | | -| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:133:10:133:10 | a | | -| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | | -| atl.cpp:131:20:131:21 | call to CA2CAEX | atl.cpp:135:3:135:3 | a | | -| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:138:30:138:30 | a | | -| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:139:10:139:10 | a | | -| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | | -| atl.cpp:137:20:137:24 | call to CA2CAEX | atl.cpp:141:3:141:3 | a | | -| atl.cpp:155:14:155:34 | call to indirect_source | atl.cpp:157:19:157:19 | x | | -| atl.cpp:155:14:155:34 | call to indirect_source | atl.cpp:163:19:163:19 | x | | -| atl.cpp:157:19:157:19 | x | atl.cpp:157:19:157:20 | call to CA2WEX | TAINT | -| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:158:30:158:30 | a | | -| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:159:10:159:10 | a | | -| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | | -| atl.cpp:157:19:157:20 | call to CA2WEX | atl.cpp:161:3:161:3 | a | | -| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:159:10:159:10 | a | | -| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:160:10:160:10 | a | | -| atl.cpp:158:30:158:30 | ref arg a | atl.cpp:161:3:161:3 | a | | -| atl.cpp:159:10:159:10 | a [post update] | atl.cpp:160:10:160:10 | a | | -| atl.cpp:159:10:159:10 | a [post update] | atl.cpp:161:3:161:3 | a | | -| atl.cpp:159:12:159:16 | ref arg m_psz | atl.cpp:160:12:160:16 | m_psz | | -| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:3:161:3 | a | | -| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:164:30:164:30 | a | | -| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:165:10:165:10 | a | | -| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | | -| atl.cpp:163:19:163:23 | call to CA2WEX | atl.cpp:167:3:167:3 | a | | -| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:165:10:165:10 | a | | -| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:166:10:166:10 | a | | -| atl.cpp:164:30:164:30 | ref arg a | atl.cpp:167:3:167:3 | a | | -| atl.cpp:165:10:165:10 | a [post update] | atl.cpp:166:10:166:10 | a | | -| atl.cpp:165:10:165:10 | a [post update] | atl.cpp:167:3:167:3 | a | | -| atl.cpp:165:12:165:16 | ref arg m_psz | atl.cpp:166:12:166:16 | m_psz | | -| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:3:167:3 | a | | -| atl.cpp:215:11:215:21 | call to source | atl.cpp:219:11:219:11 | x | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:219:5:219:5 | a | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:220:10:220:10 | a | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:221:5:221:5 | a | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:222:10:222:10 | a | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:226:15:226:15 | a | | -| atl.cpp:218:20:218:20 | call to CAtlArray | atl.cpp:241:3:241:3 | a | | -| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:220:10:220:10 | a | | -| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:221:5:221:5 | a | | -| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:222:10:222:10 | a | | -| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:226:15:226:15 | a | | -| atl.cpp:219:5:219:5 | ref arg a | atl.cpp:241:3:241:3 | a | | -| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:221:5:221:5 | a | | -| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:222:10:222:10 | a | | -| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:226:15:226:15 | a | | -| atl.cpp:220:10:220:10 | ref arg a | atl.cpp:241:3:241:3 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:222:10:222:10 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:226:15:226:15 | a | | -| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:241:3:241:3 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:226:15:226:15 | a | | -| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:241:3:241:3 | a | | -| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:225:10:225:11 | a2 | | -| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:226:5:226:6 | a2 | | -| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:227:10:227:11 | a2 | | -| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:231:13:231:14 | a2 | | -| atl.cpp:224:20:224:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a2 | | -| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:226:5:226:6 | a2 | | -| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:227:10:227:11 | a2 | | -| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | -| atl.cpp:225:10:225:11 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | -| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:227:10:227:11 | a2 | | -| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | -| atl.cpp:226:5:226:6 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:231:13:231:14 | a2 | | -| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:241:3:241:3 | a2 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:230:10:230:11 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:231:5:231:6 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:232:10:232:11 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:235:11:235:12 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:229:20:229:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:231:5:231:6 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:232:10:232:11 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:230:10:230:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:232:10:232:11 | a3 | | -| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | -| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:231:5:231:6 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:235:11:235:12 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:235:11:235:12 | ref arg a3 | atl.cpp:239:26:239:27 | a3 | | -| atl.cpp:235:11:235:12 | ref arg a3 | atl.cpp:241:3:241:3 | a3 | | -| atl.cpp:235:14:235:20 | call to GetData | atl.cpp:235:10:235:22 | * ... | TAINT | -| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:238:10:238:11 | a4 | | -| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:239:5:239:6 | a4 | | -| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:240:10:240:11 | a4 | | -| atl.cpp:237:20:237:21 | call to CAtlArray | atl.cpp:241:3:241:3 | a4 | | -| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:239:5:239:6 | a4 | | -| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:240:10:240:11 | a4 | | -| atl.cpp:238:10:238:11 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | -| atl.cpp:239:5:239:6 | ref arg a4 | atl.cpp:240:10:240:11 | a4 | | -| atl.cpp:239:5:239:6 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | -| atl.cpp:239:26:239:27 | a3 | atl.cpp:239:25:239:27 | & ... | | -| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:241:3:241:3 | a4 | | -| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:244:5:244:6 | a5 | | -| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:245:10:245:11 | a5 | | -| atl.cpp:243:20:243:21 | call to CAtlArray | atl.cpp:250:3:250:3 | a5 | | -| atl.cpp:244:5:244:6 | ref arg a5 | atl.cpp:245:10:245:11 | a5 | | -| atl.cpp:244:5:244:6 | ref arg a5 | atl.cpp:250:3:250:3 | a5 | | -| atl.cpp:245:10:245:11 | ref arg a5 | atl.cpp:250:3:250:3 | a5 | | -| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:248:5:248:6 | a6 | | -| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:249:10:249:11 | a6 | | -| atl.cpp:247:20:247:21 | call to CAtlArray | atl.cpp:250:3:250:3 | a6 | | -| atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:249:10:249:11 | a6 | | -| atl.cpp:248:5:248:6 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | -| atl.cpp:249:10:249:11 | ref arg a6 | atl.cpp:250:3:250:3 | a6 | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:299:18:299:18 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:307:19:307:19 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:316:29:316:29 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:322:21:322:21 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:330:30:330:30 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:337:31:337:31 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:342:44:342:44 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:351:18:351:18 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:359:19:359:19 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:368:29:368:29 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:374:21:374:21 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:382:30:382:30 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:389:31:389:31 | x | | -| atl.cpp:295:11:295:21 | call to source | atl.cpp:394:44:394:44 | x | | -| atl.cpp:297:24:297:25 | 10 | atl.cpp:297:24:297:26 | call to CAtlList | TAINT | -| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:298:10:298:13 | list | | -| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:299:5:299:8 | list | | -| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:300:10:300:13 | list | | -| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:303:24:303:27 | list | | -| atl.cpp:297:24:297:26 | call to CAtlList | atl.cpp:345:3:345:3 | list | | -| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:299:5:299:8 | list | | -| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:300:10:300:13 | list | | -| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:303:24:303:27 | list | | -| atl.cpp:298:10:298:13 | ref arg list | atl.cpp:345:3:345:3 | list | | -| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:300:10:300:13 | list | | -| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:303:24:303:27 | list | | -| atl.cpp:299:5:299:8 | ref arg list | atl.cpp:345:3:345:3 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:303:24:303:27 | list | | -| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:345:3:345:3 | list | | -| atl.cpp:302:25:302:26 | 10 | atl.cpp:302:25:302:27 | call to CAtlList | TAINT | -| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:303:5:303:9 | list2 | | -| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:304:10:304:14 | list2 | | -| atl.cpp:302:25:302:27 | call to CAtlList | atl.cpp:345:3:345:3 | list2 | | -| atl.cpp:303:5:303:9 | ref arg list2 | atl.cpp:304:10:304:14 | list2 | | -| atl.cpp:303:5:303:9 | ref arg list2 | atl.cpp:345:3:345:3 | list2 | | -| atl.cpp:303:24:303:27 | list | atl.cpp:303:23:303:27 | & ... | | -| atl.cpp:304:10:304:14 | ref arg list2 | atl.cpp:345:3:345:3 | list2 | | -| atl.cpp:306:25:306:26 | 10 | atl.cpp:306:25:306:27 | call to CAtlList | TAINT | -| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:307:5:307:9 | list3 | | -| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:308:10:308:14 | list3 | | -| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:311:24:311:28 | list3 | | -| atl.cpp:306:25:306:27 | call to CAtlList | atl.cpp:345:3:345:3 | list3 | | -| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:308:10:308:14 | list3 | | -| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:311:24:311:28 | list3 | | -| atl.cpp:307:5:307:9 | ref arg list3 | atl.cpp:345:3:345:3 | list3 | | -| atl.cpp:308:10:308:14 | ref arg list3 | atl.cpp:311:24:311:28 | list3 | | -| atl.cpp:308:10:308:14 | ref arg list3 | atl.cpp:345:3:345:3 | list3 | | -| atl.cpp:310:25:310:26 | 10 | atl.cpp:310:25:310:27 | call to CAtlList | TAINT | -| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:311:5:311:9 | list4 | | -| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:312:10:312:14 | list4 | | -| atl.cpp:310:25:310:27 | call to CAtlList | atl.cpp:345:3:345:3 | list4 | | -| atl.cpp:311:5:311:9 | ref arg list4 | atl.cpp:312:10:312:14 | list4 | | -| atl.cpp:311:5:311:9 | ref arg list4 | atl.cpp:345:3:345:3 | list4 | | -| atl.cpp:311:24:311:28 | list3 | atl.cpp:311:23:311:28 | & ... | | -| atl.cpp:312:10:312:14 | ref arg list4 | atl.cpp:345:3:345:3 | list4 | | -| atl.cpp:315:27:315:28 | 10 | atl.cpp:315:27:315:29 | call to CAtlList | TAINT | -| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:316:18:316:22 | list5 | | -| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:316:32:316:36 | list5 | | -| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:317:12:317:16 | list5 | | -| atl.cpp:315:27:315:29 | call to CAtlList | atl.cpp:318:5:318:5 | list5 | | -| atl.cpp:316:18:316:22 | ref arg list5 | atl.cpp:317:12:317:16 | list5 | | -| atl.cpp:316:18:316:22 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | -| atl.cpp:316:24:316:27 | call to Find | atl.cpp:317:24:317:26 | pos | | -| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:316:18:316:22 | list5 | | -| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:317:12:317:16 | list5 | | -| atl.cpp:316:32:316:36 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | -| atl.cpp:317:12:317:16 | ref arg list5 | atl.cpp:318:5:318:5 | list5 | | -| atl.cpp:321:27:321:28 | 10 | atl.cpp:321:27:321:29 | call to CAtlList | TAINT | -| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:322:7:322:11 | list6 | | -| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:323:18:323:22 | list6 | | -| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:324:12:324:16 | list6 | | -| atl.cpp:321:27:321:29 | call to CAtlList | atl.cpp:325:5:325:5 | list6 | | -| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:323:18:323:22 | list6 | | -| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:324:12:324:16 | list6 | | -| atl.cpp:322:7:322:11 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | -| atl.cpp:323:18:323:22 | ref arg list6 | atl.cpp:324:12:324:16 | list6 | | -| atl.cpp:323:18:323:22 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | -| atl.cpp:323:24:323:32 | call to FindIndex | atl.cpp:324:24:324:26 | pos | | -| atl.cpp:324:12:324:16 | ref arg list6 | atl.cpp:325:5:325:5 | list6 | | -| atl.cpp:328:27:328:28 | 10 | atl.cpp:328:27:328:29 | call to CAtlList | TAINT | -| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:329:18:329:22 | list7 | | -| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:330:7:330:11 | list7 | | -| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:331:12:331:16 | list7 | | -| atl.cpp:328:27:328:29 | call to CAtlList | atl.cpp:332:5:332:5 | list7 | | -| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:330:7:330:11 | list7 | | -| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:331:12:331:16 | list7 | | -| atl.cpp:329:18:329:22 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | -| atl.cpp:329:24:329:38 | call to GetTailPosition | atl.cpp:330:25:330:27 | pos | | -| atl.cpp:330:7:330:11 | ref arg list7 | atl.cpp:331:12:331:16 | list7 | | -| atl.cpp:330:7:330:11 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | -| atl.cpp:331:12:331:16 | ref arg list7 | atl.cpp:332:5:332:5 | list7 | | -| atl.cpp:335:27:335:28 | 10 | atl.cpp:335:27:335:29 | call to CAtlList | TAINT | -| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:336:18:336:22 | list8 | | -| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:337:7:337:11 | list8 | | -| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:338:12:338:16 | list8 | | -| atl.cpp:335:27:335:29 | call to CAtlList | atl.cpp:339:5:339:5 | list8 | | -| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:337:7:337:11 | list8 | | -| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:338:12:338:16 | list8 | | -| atl.cpp:336:18:336:22 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | -| atl.cpp:336:24:336:38 | call to GetTailPosition | atl.cpp:337:26:337:28 | pos | | -| atl.cpp:337:7:337:11 | ref arg list8 | atl.cpp:338:12:338:16 | list8 | | -| atl.cpp:337:7:337:11 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | -| atl.cpp:338:12:338:16 | ref arg list8 | atl.cpp:339:5:339:5 | list8 | | -| atl.cpp:341:27:341:28 | 10 | atl.cpp:341:27:341:29 | call to CAtlList | TAINT | -| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:342:7:342:11 | list9 | | -| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:342:19:342:23 | list9 | | -| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:343:12:343:16 | list9 | | -| atl.cpp:341:27:341:29 | call to CAtlList | atl.cpp:344:5:344:5 | list9 | | -| atl.cpp:342:7:342:11 | ref arg list9 | atl.cpp:343:12:343:16 | list9 | | -| atl.cpp:342:7:342:11 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | -| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:342:7:342:11 | list9 | | -| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:343:12:343:16 | list9 | | -| atl.cpp:342:19:342:23 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | -| atl.cpp:343:12:343:16 | ref arg list9 | atl.cpp:344:5:344:5 | list9 | | -| atl.cpp:349:24:349:25 | 10 | atl.cpp:349:24:349:26 | call to CAtlList | TAINT | -| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:350:10:350:13 | list | | -| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:351:5:351:8 | list | | -| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:352:10:352:13 | list | | -| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:355:24:355:27 | list | | -| atl.cpp:349:24:349:26 | call to CAtlList | atl.cpp:397:3:397:3 | list | | -| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:351:5:351:8 | list | | -| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:352:10:352:13 | list | | -| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:355:24:355:27 | list | | -| atl.cpp:350:10:350:13 | ref arg list | atl.cpp:397:3:397:3 | list | | -| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:352:10:352:13 | list | | -| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:355:24:355:27 | list | | -| atl.cpp:351:5:351:8 | ref arg list | atl.cpp:397:3:397:3 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:355:24:355:27 | list | | -| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:397:3:397:3 | list | | -| atl.cpp:354:25:354:26 | 10 | atl.cpp:354:25:354:27 | call to CAtlList | TAINT | -| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:355:5:355:9 | list2 | | -| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:356:10:356:14 | list2 | | -| atl.cpp:354:25:354:27 | call to CAtlList | atl.cpp:397:3:397:3 | list2 | | -| atl.cpp:355:5:355:9 | ref arg list2 | atl.cpp:356:10:356:14 | list2 | | -| atl.cpp:355:5:355:9 | ref arg list2 | atl.cpp:397:3:397:3 | list2 | | -| atl.cpp:355:24:355:27 | list | atl.cpp:355:23:355:27 | & ... | | -| atl.cpp:356:10:356:14 | ref arg list2 | atl.cpp:397:3:397:3 | list2 | | -| atl.cpp:358:25:358:26 | 10 | atl.cpp:358:25:358:27 | call to CAtlList | TAINT | -| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:359:5:359:9 | list3 | | -| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:360:10:360:14 | list3 | | -| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:363:24:363:28 | list3 | | -| atl.cpp:358:25:358:27 | call to CAtlList | atl.cpp:397:3:397:3 | list3 | | -| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:360:10:360:14 | list3 | | -| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:363:24:363:28 | list3 | | -| atl.cpp:359:5:359:9 | ref arg list3 | atl.cpp:397:3:397:3 | list3 | | -| atl.cpp:360:10:360:14 | ref arg list3 | atl.cpp:363:24:363:28 | list3 | | -| atl.cpp:360:10:360:14 | ref arg list3 | atl.cpp:397:3:397:3 | list3 | | -| atl.cpp:362:25:362:26 | 10 | atl.cpp:362:25:362:27 | call to CAtlList | TAINT | -| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:363:5:363:9 | list4 | | -| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:364:10:364:14 | list4 | | -| atl.cpp:362:25:362:27 | call to CAtlList | atl.cpp:397:3:397:3 | list4 | | -| atl.cpp:363:5:363:9 | ref arg list4 | atl.cpp:364:10:364:14 | list4 | | -| atl.cpp:363:5:363:9 | ref arg list4 | atl.cpp:397:3:397:3 | list4 | | -| atl.cpp:363:24:363:28 | list3 | atl.cpp:363:23:363:28 | & ... | | -| atl.cpp:364:10:364:14 | ref arg list4 | atl.cpp:397:3:397:3 | list4 | | -| atl.cpp:367:27:367:28 | 10 | atl.cpp:367:27:367:29 | call to CAtlList | TAINT | -| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:368:18:368:22 | list5 | | -| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:368:32:368:36 | list5 | | -| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:369:12:369:16 | list5 | | -| atl.cpp:367:27:367:29 | call to CAtlList | atl.cpp:370:5:370:5 | list5 | | -| atl.cpp:368:18:368:22 | ref arg list5 | atl.cpp:369:12:369:16 | list5 | | -| atl.cpp:368:18:368:22 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | -| atl.cpp:368:24:368:27 | call to Find | atl.cpp:369:24:369:26 | pos | | -| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:368:18:368:22 | list5 | | -| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:369:12:369:16 | list5 | | -| atl.cpp:368:32:368:36 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | -| atl.cpp:369:12:369:16 | ref arg list5 | atl.cpp:370:5:370:5 | list5 | | -| atl.cpp:373:27:373:28 | 10 | atl.cpp:373:27:373:29 | call to CAtlList | TAINT | -| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:374:7:374:11 | list6 | | -| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:375:18:375:22 | list6 | | -| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:376:12:376:16 | list6 | | -| atl.cpp:373:27:373:29 | call to CAtlList | atl.cpp:377:5:377:5 | list6 | | -| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:375:18:375:22 | list6 | | -| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:376:12:376:16 | list6 | | -| atl.cpp:374:7:374:11 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | -| atl.cpp:375:18:375:22 | ref arg list6 | atl.cpp:376:12:376:16 | list6 | | -| atl.cpp:375:18:375:22 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | -| atl.cpp:375:24:375:32 | call to FindIndex | atl.cpp:376:24:376:26 | pos | | -| atl.cpp:376:12:376:16 | ref arg list6 | atl.cpp:377:5:377:5 | list6 | | -| atl.cpp:380:27:380:28 | 10 | atl.cpp:380:27:380:29 | call to CAtlList | TAINT | -| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:381:18:381:22 | list7 | | -| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:382:7:382:11 | list7 | | -| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:383:12:383:16 | list7 | | -| atl.cpp:380:27:380:29 | call to CAtlList | atl.cpp:384:5:384:5 | list7 | | -| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:382:7:382:11 | list7 | | -| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:383:12:383:16 | list7 | | -| atl.cpp:381:18:381:22 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | -| atl.cpp:381:24:381:38 | call to GetTailPosition | atl.cpp:382:25:382:27 | pos | | -| atl.cpp:382:7:382:11 | ref arg list7 | atl.cpp:383:12:383:16 | list7 | | -| atl.cpp:382:7:382:11 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | -| atl.cpp:383:12:383:16 | ref arg list7 | atl.cpp:384:5:384:5 | list7 | | -| atl.cpp:387:27:387:28 | 10 | atl.cpp:387:27:387:29 | call to CAtlList | TAINT | -| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:388:18:388:22 | list8 | | -| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:389:7:389:11 | list8 | | -| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:390:12:390:16 | list8 | | -| atl.cpp:387:27:387:29 | call to CAtlList | atl.cpp:391:5:391:5 | list8 | | -| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:389:7:389:11 | list8 | | -| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:390:12:390:16 | list8 | | -| atl.cpp:388:18:388:22 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | -| atl.cpp:388:24:388:38 | call to GetTailPosition | atl.cpp:389:26:389:28 | pos | | -| atl.cpp:389:7:389:11 | ref arg list8 | atl.cpp:390:12:390:16 | list8 | | -| atl.cpp:389:7:389:11 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | -| atl.cpp:390:12:390:16 | ref arg list8 | atl.cpp:391:5:391:5 | list8 | | -| atl.cpp:393:27:393:28 | 10 | atl.cpp:393:27:393:29 | call to CAtlList | TAINT | -| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:394:7:394:11 | list9 | | -| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:394:19:394:23 | list9 | | -| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:395:12:395:16 | list9 | | -| atl.cpp:393:27:393:29 | call to CAtlList | atl.cpp:396:5:396:5 | list9 | | -| atl.cpp:394:7:394:11 | ref arg list9 | atl.cpp:395:12:395:16 | list9 | | -| atl.cpp:394:7:394:11 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | -| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:394:7:394:11 | list9 | | -| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:395:12:395:16 | list9 | | -| atl.cpp:394:19:394:23 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | -| atl.cpp:395:12:395:16 | ref arg list9 | atl.cpp:396:5:396:5 | list9 | | -| atl.cpp:453:21:453:33 | new | atl.cpp:454:3:454:6 | safe | | -| atl.cpp:453:21:453:33 | new | atl.cpp:455:10:455:13 | safe | | -| atl.cpp:454:3:454:6 | safe [post update] | atl.cpp:455:10:455:13 | safe | | -| atl.cpp:454:3:454:40 | ... = ... | atl.cpp:454:9:454:14 | pvData [post update] | | -| atl.cpp:454:18:454:38 | call to indirect_source | atl.cpp:454:3:454:40 | ... = ... | | -| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:461:16:461:16 | x | | -| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:468:20:468:20 | x | | -| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:472:16:472:16 | x | | -| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:480:11:480:11 | x | | -| atl.cpp:459:13:459:33 | call to indirect_source | atl.cpp:494:20:494:20 | x | | -| atl.cpp:461:16:461:16 | x | atl.cpp:461:16:461:17 | call to CComBSTR | TAINT | -| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:462:10:462:10 | b | | -| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:464:17:464:17 | b | | -| atl.cpp:461:16:461:17 | call to CComBSTR | atl.cpp:466:3:466:3 | b | | -| atl.cpp:462:10:462:10 | b [post update] | atl.cpp:464:17:464:17 | b | | -| atl.cpp:462:10:462:10 | b [post update] | atl.cpp:466:3:466:3 | b | | -| atl.cpp:462:12:462:16 | ref arg m_str | atl.cpp:465:13:465:17 | m_str | | -| atl.cpp:464:17:464:17 | b | atl.cpp:464:17:464:18 | call to CComBSTR | | -| atl.cpp:464:17:464:18 | call to CComBSTR | atl.cpp:465:10:465:11 | b2 | | -| atl.cpp:464:17:464:18 | call to CComBSTR | atl.cpp:466:3:466:3 | b2 | | -| atl.cpp:465:10:465:11 | b2 [post update] | atl.cpp:466:3:466:3 | b2 | | -| atl.cpp:468:16:468:21 | call to CComBSTR | atl.cpp:469:10:469:10 | b | | -| atl.cpp:468:16:468:21 | call to CComBSTR | atl.cpp:470:3:470:3 | b | | -| atl.cpp:469:10:469:10 | b [post update] | atl.cpp:470:3:470:3 | b | | -| atl.cpp:472:16:472:16 | x | atl.cpp:472:16:472:17 | call to CComBSTR | TAINT | -| atl.cpp:472:16:472:17 | call to CComBSTR | atl.cpp:476:11:476:11 | b | | -| atl.cpp:472:16:472:17 | call to CComBSTR | atl.cpp:512:3:512:3 | b | | -| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:475:10:475:11 | b2 | | -| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:476:5:476:6 | b2 | | -| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:477:10:477:11 | b2 | | -| atl.cpp:474:14:474:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b2 | | -| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:476:5:476:6 | b2 | | -| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:477:10:477:11 | b2 | | -| atl.cpp:475:10:475:11 | b2 [post update] | atl.cpp:512:3:512:3 | b2 | | -| atl.cpp:475:13:475:17 | ref arg m_str | atl.cpp:477:13:477:17 | m_str | | -| atl.cpp:476:5:476:6 | ref arg b2 | atl.cpp:477:10:477:11 | b2 | | -| atl.cpp:476:5:476:6 | ref arg b2 | atl.cpp:512:3:512:3 | b2 | | -| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:512:3:512:3 | b2 | | -| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:480:5:480:6 | b3 | | -| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:481:10:481:11 | b3 | | -| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:482:28:482:29 | b3 | | -| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:483:13:483:14 | b3 | | -| atl.cpp:479:14:479:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b3 | | -| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:481:10:481:11 | b3 | | -| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:482:28:482:29 | b3 | | -| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:483:13:483:14 | b3 | | -| atl.cpp:480:5:480:6 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | -| atl.cpp:480:11:480:11 | x | atl.cpp:480:11:480:11 | call to CComBSTR | TAINT | -| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:482:28:482:29 | b3 | | -| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:483:13:483:14 | b3 | | -| atl.cpp:481:10:481:11 | b3 [post update] | atl.cpp:512:3:512:3 | b3 | | -| atl.cpp:482:28:482:29 | ref arg b3 | atl.cpp:483:13:483:14 | b3 | | -| atl.cpp:482:28:482:29 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | -| atl.cpp:483:11:483:14 | * ... | atl.cpp:483:10:483:14 | * ... | TAINT | -| atl.cpp:483:12:483:12 | call to operator& | atl.cpp:483:11:483:14 | * ... | TAINT | -| atl.cpp:483:13:483:14 | ref arg b3 | atl.cpp:512:3:512:3 | b3 | | -| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:486:5:486:6 | b4 | | -| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:487:10:487:11 | b4 | | -| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:490:19:490:20 | b4 | | -| atl.cpp:485:14:485:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b4 | | -| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:487:10:487:11 | b4 | | -| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:490:19:490:20 | b4 | | -| atl.cpp:486:5:486:6 | ref arg b4 | atl.cpp:512:3:512:3 | b4 | | -| atl.cpp:487:10:487:11 | b4 [post update] | atl.cpp:490:19:490:20 | b4 | | -| atl.cpp:487:10:487:11 | b4 [post update] | atl.cpp:512:3:512:3 | b4 | | -| atl.cpp:487:13:487:17 | ref arg m_str | atl.cpp:490:22:490:26 | m_str | | -| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:490:5:490:6 | b5 | | -| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:491:10:491:11 | b5 | | -| atl.cpp:489:14:489:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b5 | | -| atl.cpp:490:5:490:6 | ref arg b5 | atl.cpp:491:10:491:11 | b5 | | -| atl.cpp:490:5:490:6 | ref arg b5 | atl.cpp:512:3:512:3 | b5 | | -| atl.cpp:490:19:490:20 | b4 [post update] | atl.cpp:512:3:512:3 | b4 | | -| atl.cpp:491:10:491:11 | b5 [post update] | atl.cpp:512:3:512:3 | b5 | | -| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:494:5:494:6 | b6 | | -| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:495:10:495:11 | b6 | | -| atl.cpp:493:14:493:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b6 | | -| atl.cpp:494:5:494:6 | ref arg b6 | atl.cpp:495:10:495:11 | b6 | | -| atl.cpp:494:5:494:6 | ref arg b6 | atl.cpp:512:3:512:3 | b6 | | -| atl.cpp:495:10:495:11 | b6 [post update] | atl.cpp:512:3:512:3 | b6 | | -| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:498:5:498:6 | b7 | | -| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:499:10:499:11 | b7 | | -| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:502:19:502:20 | b7 | | -| atl.cpp:497:14:497:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b7 | | -| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:499:10:499:11 | b7 | | -| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:502:19:502:20 | b7 | | -| atl.cpp:498:5:498:6 | ref arg b7 | atl.cpp:512:3:512:3 | b7 | | -| atl.cpp:499:10:499:11 | b7 [post update] | atl.cpp:502:19:502:20 | b7 | | -| atl.cpp:499:10:499:11 | b7 [post update] | atl.cpp:512:3:512:3 | b7 | | -| atl.cpp:499:13:499:17 | ref arg m_str | atl.cpp:502:22:502:26 | m_str | | -| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:502:5:502:6 | b8 | | -| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:503:10:503:11 | b8 | | -| atl.cpp:501:14:501:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b8 | | -| atl.cpp:502:5:502:6 | ref arg b8 | atl.cpp:503:10:503:11 | b8 | | -| atl.cpp:502:5:502:6 | ref arg b8 | atl.cpp:512:3:512:3 | b8 | | -| atl.cpp:502:19:502:20 | b7 [post update] | atl.cpp:512:3:512:3 | b7 | | -| atl.cpp:503:10:503:11 | b8 [post update] | atl.cpp:512:3:512:3 | b8 | | -| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:507:5:507:6 | b9 | | -| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | | -| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:511:10:511:11 | b9 | | -| atl.cpp:505:14:505:15 | call to CComBSTR | atl.cpp:512:3:512:3 | b9 | | -| atl.cpp:506:15:506:18 | safe | atl.cpp:508:21:508:24 | safe | | -| atl.cpp:506:15:506:18 | safe | atl.cpp:509:10:509:13 | safe | | -| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:508:5:508:6 | b9 | | -| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:511:10:511:11 | b9 | | -| atl.cpp:507:5:507:6 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | -| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:511:10:511:11 | b9 | | -| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | -| atl.cpp:508:20:508:24 | ref arg & ... | atl.cpp:508:21:508:24 | safe [inner post update] | | -| atl.cpp:508:20:508:24 | ref arg & ... | atl.cpp:509:10:509:13 | safe | | -| atl.cpp:508:21:508:24 | safe | atl.cpp:508:20:508:24 | & ... | | -| atl.cpp:511:10:511:11 | ref arg b9 | atl.cpp:512:3:512:3 | b9 | | -| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:516:16:516:16 | w | | -| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:520:15:520:15 | w | | -| atl.cpp:514:16:514:39 | call to indirect_source | atl.cpp:524:20:524:20 | w | | -| atl.cpp:516:16:516:16 | ref arg w | atl.cpp:520:15:520:15 | w | | -| atl.cpp:516:16:516:16 | ref arg w | atl.cpp:524:20:524:20 | w | | -| atl.cpp:516:16:516:16 | w | atl.cpp:516:16:516:17 | call to CComBSTR | TAINT | -| atl.cpp:516:16:516:17 | call to CComBSTR | atl.cpp:517:10:517:10 | b | | -| atl.cpp:516:16:516:17 | call to CComBSTR | atl.cpp:522:3:522:3 | b | | -| atl.cpp:517:10:517:10 | b [post update] | atl.cpp:522:3:522:3 | b | | -| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:520:5:520:6 | b2 | | -| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:521:10:521:11 | b2 | | -| atl.cpp:519:14:519:15 | call to CComBSTR | atl.cpp:522:3:522:3 | b2 | | -| atl.cpp:520:5:520:6 | ref arg b2 | atl.cpp:521:10:521:11 | b2 | | -| atl.cpp:520:5:520:6 | ref arg b2 | atl.cpp:522:3:522:3 | b2 | | -| atl.cpp:520:15:520:15 | ref arg w | atl.cpp:524:20:524:20 | w | | -| atl.cpp:521:10:521:11 | b2 [post update] | atl.cpp:522:3:522:3 | b2 | | -| atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:525:10:525:10 | b | | -| atl.cpp:524:16:524:21 | call to CComBSTR | atl.cpp:526:3:526:3 | b | | -| atl.cpp:525:10:525:10 | b [post update] | atl.cpp:526:3:526:3 | b | | -| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:572:8:572:11 | safe | | -| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:574:24:574:27 | safe | | -| atl.cpp:571:22:571:33 | call to getSafeArray | atl.cpp:585:11:585:14 | safe | | -| atl.cpp:572:8:572:11 | safe [post update] | atl.cpp:574:24:574:27 | safe | | -| atl.cpp:572:8:572:11 | safe [post update] | atl.cpp:585:11:585:14 | safe | | -| atl.cpp:574:24:574:27 | safe | atl.cpp:574:24:574:28 | call to CComSafeArray | TAINT | -| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:575:8:575:8 | c | | -| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | | -| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | -| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | -| atl.cpp:574:24:574:28 | call to CComSafeArray | atl.cpp:579:3:579:3 | c | | -| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:576:8:576:8 | c | | -| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:577:8:577:8 | c | | -| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:578:8:578:8 | c | | -| atl.cpp:575:8:575:8 | ref arg c | atl.cpp:579:3:579:3 | c | | +| atl.cpp:33:30:33:30 | 1 | atl.cpp:33:29:33:30 | - ... | TAINT | +| atl.cpp:77:14:77:25 | call to source | atl.cpp:78:21:78:21 | x | | +| atl.cpp:78:21:78:21 | x | atl.cpp:78:21:78:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:78:21:78:22 | call to _U_STRINGorID | atl.cpp:79:10:79:10 | u | | +| atl.cpp:83:17:83:43 | call to indirect_source | atl.cpp:84:21:84:21 | y | | +| atl.cpp:84:21:84:21 | y | atl.cpp:84:21:84:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:84:21:84:22 | call to _U_STRINGorID | atl.cpp:85:10:85:10 | u | | +| atl.cpp:104:15:104:35 | call to indirect_source | atl.cpp:105:19:105:19 | x | | +| atl.cpp:105:19:105:19 | x | atl.cpp:105:19:105:20 | call to CA2AEX | TAINT | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:106:29:106:29 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:109:3:109:3 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:107:10:107:10 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:108:10:108:10 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:109:3:109:3 | a | | +| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:10:108:10 | a | | +| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:109:3:109:3 | a | | +| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:3:109:3 | a | | +| atl.cpp:112:15:112:35 | call to indirect_source | atl.cpp:113:19:113:19 | x | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:114:29:114:29 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:117:3:117:3 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:115:10:115:10 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:116:10:116:10 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:117:3:117:3 | a | | +| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:10:116:10 | a | | +| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:117:3:117:3 | a | | +| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:3:117:3 | a | | +| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:132:20:132:20 | x | | +| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:138:20:138:20 | x | | +| atl.cpp:132:20:132:20 | x | atl.cpp:132:20:132:21 | call to CA2CAEX | TAINT | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:133:30:133:30 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:136:3:136:3 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:139:30:139:30 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:142:3:142:3 | a | | +| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:158:19:158:19 | x | | +| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:164:19:164:19 | x | | +| atl.cpp:158:19:158:19 | x | atl.cpp:158:19:158:20 | call to CA2WEX | TAINT | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:159:30:159:30 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:162:3:162:3 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:160:10:160:10 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:161:10:161:10 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:162:3:162:3 | a | | +| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:10:161:10 | a | | +| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:162:3:162:3 | a | | +| atl.cpp:160:12:160:16 | ref arg m_psz | atl.cpp:161:12:161:16 | m_psz | | +| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:3:162:3 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:165:30:165:30 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:168:3:168:3 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:166:10:166:10 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:167:10:167:10 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:168:3:168:3 | a | | +| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:10:167:10 | a | | +| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:168:3:168:3 | a | | +| atl.cpp:166:12:166:16 | ref arg m_psz | atl.cpp:167:12:167:16 | m_psz | | +| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:3:168:3 | a | | +| atl.cpp:216:11:216:21 | call to source | atl.cpp:220:11:220:11 | x | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:220:5:220:5 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:221:10:221:10 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:222:5:222:5 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:223:10:223:10 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:227:15:227:15 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:242:3:242:3 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:221:10:221:10 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:222:5:222:5 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:222:5:222:5 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:226:10:226:11 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:227:5:227:6 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:227:5:227:6 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:231:10:231:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:232:5:232:6 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:232:5:232:6 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:236:14:236:20 | call to GetData | atl.cpp:236:10:236:22 | * ... | TAINT | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:239:10:239:11 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:240:5:240:6 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:240:5:240:6 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:240:26:240:27 | a3 | atl.cpp:240:25:240:27 | & ... | | +| atl.cpp:241:10:241:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:245:5:245:6 | a5 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:246:10:246:11 | a5 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:246:10:246:11 | a5 | | +| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:246:10:246:11 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:249:5:249:6 | a6 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:250:10:250:11 | a6 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:250:10:250:11 | a6 | | +| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:250:10:250:11 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:300:18:300:18 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:308:19:308:19 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:317:29:317:29 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:323:21:323:21 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:352:18:352:18 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:360:19:360:19 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:369:29:369:29 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:375:21:375:21 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:383:30:383:30 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:390:31:390:31 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:395:44:395:44 | x | | +| atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:301:10:301:13 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:304:24:304:27 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:346:3:346:3 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:300:5:300:8 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:301:10:301:13 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:301:10:301:13 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:303:25:303:26 | 10 | atl.cpp:303:25:303:27 | call to CAtlList | TAINT | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:304:5:304:9 | list2 | | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:305:10:305:14 | list2 | | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:305:10:305:14 | list2 | | +| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:304:24:304:27 | list | atl.cpp:304:23:304:27 | & ... | | +| atl.cpp:305:10:305:14 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:307:25:307:26 | 10 | atl.cpp:307:25:307:27 | call to CAtlList | TAINT | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:308:5:308:9 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:309:10:309:14 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:309:10:309:14 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:311:25:311:26 | 10 | atl.cpp:311:25:311:27 | call to CAtlList | TAINT | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:312:5:312:9 | list4 | | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:313:10:313:14 | list4 | | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:313:10:313:14 | list4 | | +| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:312:24:312:28 | list3 | atl.cpp:312:23:312:28 | & ... | | +| atl.cpp:313:10:313:14 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:316:27:316:28 | 10 | atl.cpp:316:27:316:29 | call to CAtlList | TAINT | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:18:317:22 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:32:317:36 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:317:24:317:27 | call to Find | atl.cpp:318:24:318:26 | pos | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:317:18:317:22 | list5 | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:318:12:318:16 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:322:27:322:28 | 10 | atl.cpp:322:27:322:29 | call to CAtlList | TAINT | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:323:7:323:11 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:324:18:324:22 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:324:18:324:22 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:324:24:324:32 | call to FindIndex | atl.cpp:325:24:325:26 | pos | | +| atl.cpp:325:12:325:16 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:329:27:329:28 | 10 | atl.cpp:329:27:329:29 | call to CAtlList | TAINT | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:330:18:330:22 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:331:7:331:11 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:331:7:331:11 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:330:24:330:38 | call to GetTailPosition | atl.cpp:331:25:331:27 | pos | | +| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:332:12:332:16 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:336:27:336:28 | 10 | atl.cpp:336:27:336:29 | call to CAtlList | TAINT | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:337:18:337:22 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:338:7:338:11 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:338:7:338:11 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:337:24:337:38 | call to GetTailPosition | atl.cpp:338:26:338:28 | pos | | +| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:339:12:339:16 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:342:27:342:28 | 10 | atl.cpp:342:27:342:29 | call to CAtlList | TAINT | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:7:343:11 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:19:343:23 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:343:7:343:11 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:350:24:350:25 | 10 | atl.cpp:350:24:350:26 | call to CAtlList | TAINT | +| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:351:10:351:13 | list | | +| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:352:5:352:8 | list | | +| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:353:10:353:13 | list | | +| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:356:24:356:27 | list | | +| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:398:3:398:3 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:353:10:353:13 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:355:25:355:26 | 10 | atl.cpp:355:25:355:27 | call to CAtlList | TAINT | +| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | | +| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | | +| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | | +| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | | +| atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:359:25:359:26 | 10 | atl.cpp:359:25:359:27 | call to CAtlList | TAINT | +| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | | +| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | | +| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:363:25:363:26 | 10 | atl.cpp:363:25:363:27 | call to CAtlList | TAINT | +| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | | +| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | | +| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | | +| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | | +| atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:368:27:368:28 | 10 | atl.cpp:368:27:368:29 | call to CAtlList | TAINT | +| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | | +| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | | +| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:369:18:369:22 | list5 | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:374:27:374:28 | 10 | atl.cpp:374:27:374:29 | call to CAtlList | TAINT | +| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | | +| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | | +| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | | +| atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:381:27:381:28 | 10 | atl.cpp:381:27:381:29 | call to CAtlList | TAINT | +| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | | +| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | | +| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:382:24:382:38 | call to GetTailPosition | atl.cpp:383:25:383:27 | pos | | +| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:388:27:388:28 | 10 | atl.cpp:388:27:388:29 | call to CAtlList | TAINT | +| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | | +| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | | +| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:389:24:389:38 | call to GetTailPosition | atl.cpp:390:26:390:28 | pos | | +| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:394:27:394:28 | 10 | atl.cpp:394:27:394:29 | call to CAtlList | TAINT | +| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | | +| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | | +| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:396:12:396:16 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:454:21:454:33 | new | atl.cpp:455:3:455:6 | safe | | +| atl.cpp:454:21:454:33 | new | atl.cpp:456:10:456:13 | safe | | +| atl.cpp:455:3:455:6 | safe [post update] | atl.cpp:456:10:456:13 | safe | | +| atl.cpp:455:3:455:40 | ... = ... | atl.cpp:455:9:455:14 | pvData [post update] | | +| atl.cpp:455:18:455:38 | call to indirect_source | atl.cpp:455:3:455:40 | ... = ... | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:462:16:462:16 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:469:20:469:20 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:473:16:473:16 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:481:11:481:11 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:495:20:495:20 | x | | +| atl.cpp:462:16:462:16 | x | atl.cpp:462:16:462:17 | call to CComBSTR | TAINT | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:463:10:463:10 | b | | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:465:17:465:17 | b | | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:467:3:467:3 | b | | +| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:465:17:465:17 | b | | +| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:467:3:467:3 | b | | +| atl.cpp:463:12:463:16 | ref arg m_str | atl.cpp:466:13:466:17 | m_str | | +| atl.cpp:465:17:465:17 | b | atl.cpp:465:17:465:18 | call to CComBSTR | | +| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:466:10:466:11 | b2 | | +| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:467:3:467:3 | b2 | | +| atl.cpp:466:10:466:11 | b2 [post update] | atl.cpp:467:3:467:3 | b2 | | +| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:470:10:470:10 | b | | +| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:471:3:471:3 | b | | +| atl.cpp:470:10:470:10 | b [post update] | atl.cpp:471:3:471:3 | b | | +| atl.cpp:473:16:473:16 | x | atl.cpp:473:16:473:17 | call to CComBSTR | TAINT | +| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:477:11:477:11 | b | | +| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:513:3:513:3 | b | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:476:10:476:11 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:477:5:477:6 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:477:5:477:6 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:476:13:476:17 | ref arg m_str | atl.cpp:478:13:478:17 | m_str | | +| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:478:10:478:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:481:5:481:6 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:482:10:482:11 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:482:10:482:11 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:481:11:481:11 | x | atl.cpp:481:11:481:11 | call to CComBSTR | TAINT | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:484:11:484:14 | * ... | atl.cpp:484:10:484:14 | * ... | TAINT | +| atl.cpp:484:12:484:12 | call to operator& | atl.cpp:484:11:484:14 | * ... | TAINT | +| atl.cpp:484:13:484:14 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:487:5:487:6 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:488:10:488:11 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:488:10:488:11 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:488:13:488:17 | ref arg m_str | atl.cpp:491:22:491:26 | m_str | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:491:5:491:6 | b5 | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:492:10:492:11 | b5 | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:492:10:492:11 | b5 | | +| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:491:19:491:20 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:492:10:492:11 | b5 [post update] | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:495:5:495:6 | b6 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:496:10:496:11 | b6 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:496:10:496:11 | b6 | | +| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:496:10:496:11 | b6 [post update] | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:499:5:499:6 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:500:10:500:11 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:500:10:500:11 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:500:13:500:17 | ref arg m_str | atl.cpp:503:22:503:26 | m_str | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:503:5:503:6 | b8 | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:504:10:504:11 | b8 | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:504:10:504:11 | b8 | | +| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:503:19:503:20 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:504:10:504:11 | b8 [post update] | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:507:15:507:18 | safe | atl.cpp:509:21:509:24 | safe | | +| atl.cpp:507:15:507:18 | safe | atl.cpp:510:10:510:13 | safe | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:509:21:509:24 | safe [inner post update] | | +| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:510:10:510:13 | safe | | +| atl.cpp:509:21:509:24 | safe | atl.cpp:509:20:509:24 | & ... | | +| atl.cpp:512:10:512:11 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:517:16:517:16 | w | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:521:15:521:15 | w | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:525:20:525:20 | w | | +| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:521:15:521:15 | w | | +| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:525:20:525:20 | w | | +| atl.cpp:517:16:517:16 | w | atl.cpp:517:16:517:17 | call to CComBSTR | TAINT | +| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:518:10:518:10 | b | | +| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:523:3:523:3 | b | | +| atl.cpp:518:10:518:10 | b [post update] | atl.cpp:523:3:523:3 | b | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:521:5:521:6 | b2 | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:522:10:522:11 | b2 | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:522:10:522:11 | b2 | | +| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:521:15:521:15 | ref arg w | atl.cpp:525:20:525:20 | w | | +| atl.cpp:522:10:522:11 | b2 [post update] | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:526:10:526:10 | b | | +| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:527:3:527:3 | b | | +| atl.cpp:526:10:526:10 | b [post update] | atl.cpp:527:3:527:3 | b | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:573:8:573:11 | safe | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:575:24:575:27 | safe | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:586:11:586:14 | safe | | +| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:575:24:575:27 | safe | | +| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:586:11:586:14 | safe | | +| atl.cpp:575:24:575:27 | safe | atl.cpp:575:24:575:28 | call to CComSafeArray | TAINT | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:580:3:580:3 | c | | | atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | | | atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | | -| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:3:579:3 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:580:3:580:3 | c | | | atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:3:579:3 | c | | -| atl.cpp:578:8:578:8 | c [post update] | atl.cpp:579:3:579:3 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:582:10:582:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:585:5:585:5 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:586:10:586:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:589:35:589:35 | c | | -| atl.cpp:581:24:581:24 | call to CComSafeArray | atl.cpp:590:3:590:3 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:583:10:583:10 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:585:5:585:5 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:586:10:586:10 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:587:10:587:10 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:582:10:582:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:579:8:579:8 | c [post update] | atl.cpp:580:3:580:3 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:586:5:586:5 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:590:35:590:35 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:591:3:591:3 | c | | | atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:5:585:5 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:5:586:5 | c | | | atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | | | atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:5:585:5 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:5:586:5 | c | | | atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | | | atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:586:10:586:10 | c | | -| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:587:10:587:10 | c | | -| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:585:5:585:5 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:587:10:587:10 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:590:3:590:3 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:5:586:5 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:591:3:591:3 | c | | | atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:35:589:35 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:589:35:589:35 | ref arg c | atl.cpp:590:3:590:3 | c | | -| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:593:5:593:5 | c | | -| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:594:10:594:10 | c | | -| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | | -| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | -| atl.cpp:592:24:592:24 | call to CComSafeArray | atl.cpp:597:3:597:3 | c | | -| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:594:10:594:10 | c | | -| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:595:10:595:10 | c | | -| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:593:5:593:5 | ref arg c | atl.cpp:597:3:597:3 | c | | -| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:595:10:595:10 | c | | -| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:594:10:594:10 | ref arg c | atl.cpp:597:3:597:3 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:590:35:590:35 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:594:5:594:5 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:598:3:598:3 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:595:10:595:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:598:3:598:3 | c | | | atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:3:597:3 | c | | -| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:3:597:3 | c | | -| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:600:5:600:5 | c | | -| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:601:10:601:10 | c | | -| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | | -| atl.cpp:599:24:599:24 | call to CComSafeArray | atl.cpp:603:3:603:3 | c | | -| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:601:10:601:10 | c | | -| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:602:10:602:10 | c | | -| atl.cpp:600:5:600:5 | ref arg c | atl.cpp:603:3:603:3 | c | | -| atl.cpp:601:10:601:10 | ref arg c | atl.cpp:602:10:602:10 | c | | -| atl.cpp:601:10:601:10 | ref arg c | atl.cpp:603:3:603:3 | c | | -| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:3:603:3 | c | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:665:11:665:11 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:674:20:674:20 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:679:14:679:14 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:687:11:687:11 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:693:15:693:15 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:698:24:698:24 | x | | -| atl.cpp:664:13:664:33 | call to indirect_source | atl.cpp:704:30:704:30 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:674:20:674:20 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:679:14:679:14 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:687:11:687:11 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:693:15:693:15 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:698:24:698:24 | x | | -| atl.cpp:665:11:665:11 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:665:11:665:11 | x | atl.cpp:665:11:665:12 | call to CPathT | TAINT | -| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:666:27:666:27 | p | | -| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:667:8:667:8 | p | | -| atl.cpp:665:11:665:12 | call to CPathT | atl.cpp:669:12:669:12 | p | | -| atl.cpp:666:27:666:27 | ref arg p | atl.cpp:667:8:667:8 | p | | -| atl.cpp:666:27:666:27 | ref arg p | atl.cpp:669:12:669:12 | p | | -| atl.cpp:667:8:667:8 | p [post update] | atl.cpp:669:12:669:12 | p | | -| atl.cpp:667:10:667:18 | ref arg m_strPath | atl.cpp:670:11:670:19 | m_strPath | | -| atl.cpp:669:12:669:12 | p | atl.cpp:669:12:669:13 | call to CPathT | | -| atl.cpp:669:12:669:13 | call to CPathT | atl.cpp:670:8:670:9 | p2 | | -| atl.cpp:673:11:673:11 | call to CPathT | atl.cpp:674:5:674:5 | p | | -| atl.cpp:673:11:673:11 | call to CPathT | atl.cpp:675:10:675:10 | p | | -| atl.cpp:674:5:674:5 | ref arg p | atl.cpp:675:10:675:10 | p | | -| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:679:14:679:14 | x | | -| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:687:11:687:11 | x | | -| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:693:15:693:15 | x | | -| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:698:24:698:24 | x | | -| atl.cpp:674:20:674:20 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:679:5:679:5 | p | | -| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:680:10:680:10 | p | | -| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:683:11:683:11 | p | | -| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:684:10:684:10 | p | | -| atl.cpp:678:11:678:11 | call to CPathT | atl.cpp:688:10:688:10 | p | | -| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:680:10:680:10 | p | | -| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:683:11:683:11 | p | | -| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:684:10:684:10 | p | | -| atl.cpp:679:5:679:5 | ref arg p | atl.cpp:688:10:688:10 | p | | -| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:687:11:687:11 | x | | -| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:693:15:693:15 | x | | -| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:698:24:698:24 | x | | -| atl.cpp:679:14:679:14 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:683:11:683:11 | p | | -| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:684:10:684:10 | p | | -| atl.cpp:680:10:680:10 | p [post update] | atl.cpp:688:10:688:10 | p | | -| atl.cpp:680:12:680:20 | ref arg m_strPath | atl.cpp:684:12:684:20 | m_strPath | | -| atl.cpp:680:12:680:20 | ref arg m_strPath | atl.cpp:688:12:688:20 | m_strPath | | -| atl.cpp:682:11:682:12 | call to CPathT | atl.cpp:683:5:683:6 | p2 | | -| atl.cpp:683:11:683:11 | call to operator char *& | atl.cpp:683:8:683:8 | call to operator+= | TAINT | -| atl.cpp:683:11:683:11 | ref arg p | atl.cpp:684:10:684:10 | p | | -| atl.cpp:683:11:683:11 | ref arg p | atl.cpp:688:10:688:10 | p | | -| atl.cpp:684:10:684:10 | p [post update] | atl.cpp:688:10:688:10 | p | | -| atl.cpp:684:12:684:20 | ref arg m_strPath | atl.cpp:688:12:688:20 | m_strPath | | -| atl.cpp:686:11:686:12 | call to CPathT | atl.cpp:687:5:687:6 | p3 | | -| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:693:15:693:15 | x | | -| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:698:24:698:24 | x | | -| atl.cpp:687:11:687:11 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:687:11:687:11 | x | atl.cpp:687:8:687:8 | call to operator+= | TAINT | -| atl.cpp:692:11:692:11 | call to CPathT | atl.cpp:693:5:693:5 | p | | -| atl.cpp:692:11:692:11 | call to CPathT | atl.cpp:694:10:694:10 | p | | -| atl.cpp:693:5:693:5 | ref arg p | atl.cpp:694:10:694:10 | p | | -| atl.cpp:693:15:693:15 | ref arg x | atl.cpp:698:24:698:24 | x | | -| atl.cpp:693:15:693:15 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:697:11:697:11 | call to CPathT | atl.cpp:698:5:698:5 | p | | -| atl.cpp:697:11:697:11 | call to CPathT | atl.cpp:699:10:699:10 | p | | -| atl.cpp:698:5:698:5 | ref arg p | atl.cpp:699:10:699:10 | p | | -| atl.cpp:698:24:698:24 | ref arg x | atl.cpp:704:30:704:30 | x | | -| atl.cpp:703:11:703:11 | call to CPathT | atl.cpp:704:15:704:15 | p | | -| atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:705:10:705:11 | p2 | | -| atl.cpp:704:17:704:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | -| atl.cpp:705:10:705:11 | p2 [post update] | atl.cpp:706:10:706:11 | p2 | | -| atl.cpp:733:11:733:21 | call to source | atl.cpp:736:11:736:11 | x | | -| atl.cpp:733:11:733:21 | call to source | atl.cpp:748:11:748:11 | x | | -| atl.cpp:733:11:733:21 | call to source | atl.cpp:752:23:752:23 | x | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:736:5:736:5 | a | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:737:10:737:10 | a | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:738:5:738:5 | a | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:739:10:739:10 | a | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:743:10:743:10 | a | | -| atl.cpp:735:23:735:23 | call to CSimpleArray | atl.cpp:745:3:745:3 | a | | -| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:737:10:737:10 | a | | -| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:738:5:738:5 | a | | -| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:739:10:739:10 | a | | -| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:743:10:743:10 | a | | -| atl.cpp:736:5:736:5 | ref arg a | atl.cpp:745:3:745:3 | a | | -| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:738:5:738:5 | a | | -| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:739:10:739:10 | a | | -| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:743:10:743:10 | a | | -| atl.cpp:737:10:737:10 | ref arg a | atl.cpp:745:3:745:3 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:739:10:739:10 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:743:10:743:10 | a | | -| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:745:3:745:3 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:743:10:743:10 | a | | -| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:745:3:745:3 | a | | -| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:742:10:742:11 | a2 | | -| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:743:5:743:6 | a2 | | -| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:744:10:744:11 | a2 | | -| atl.cpp:741:23:741:24 | call to CSimpleArray | atl.cpp:745:3:745:3 | a2 | | -| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:743:5:743:6 | a2 | | -| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:744:10:744:11 | a2 | | -| atl.cpp:742:10:742:11 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | -| atl.cpp:743:5:743:6 | ref arg a2 | atl.cpp:744:10:744:11 | a2 | | -| atl.cpp:743:5:743:6 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | -| atl.cpp:743:10:743:10 | a | atl.cpp:743:5:743:6 | ref arg a2 | TAINT | -| atl.cpp:743:10:743:10 | a | atl.cpp:743:8:743:8 | call to operator= | TAINT | -| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:745:3:745:3 | a2 | | -| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:748:5:748:5 | a | | -| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:749:10:749:10 | a | | -| atl.cpp:747:23:747:23 | call to CSimpleArray | atl.cpp:754:3:754:3 | a | | -| atl.cpp:748:5:748:5 | ref arg a | atl.cpp:749:10:749:10 | a | | -| atl.cpp:748:5:748:5 | ref arg a | atl.cpp:754:3:754:3 | a | | -| atl.cpp:749:10:749:10 | ref arg a | atl.cpp:754:3:754:3 | a | | -| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:752:15:752:16 | a2 | | -| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:753:10:753:11 | a2 | | -| atl.cpp:751:23:751:24 | call to CSimpleArray | atl.cpp:754:3:754:3 | a2 | | -| atl.cpp:752:18:752:21 | call to Find | atl.cpp:753:13:753:15 | pos | | -| atl.cpp:753:10:753:11 | ref arg a2 | atl.cpp:754:3:754:3 | a2 | | -| atl.cpp:778:16:778:31 | call to source | atl.cpp:781:20:781:20 | x | | -| atl.cpp:778:16:778:31 | call to source | atl.cpp:791:26:791:26 | x | | -| atl.cpp:778:16:778:31 | call to source | atl.cpp:796:32:796:32 | x | | -| atl.cpp:778:16:778:31 | call to source | atl.cpp:802:22:802:22 | x | | -| atl.cpp:778:16:778:31 | call to source | atl.cpp:807:30:807:30 | x | | -| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:781:5:781:5 | a | | -| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:782:10:782:10 | a | | -| atl.cpp:780:33:780:33 | call to CSimpleMap | atl.cpp:783:3:783:3 | a | | -| atl.cpp:781:5:781:5 | ref arg a | atl.cpp:782:10:782:10 | a | | -| atl.cpp:781:5:781:5 | ref arg a | atl.cpp:783:3:783:3 | a | | -| atl.cpp:782:10:782:10 | ref arg a | atl.cpp:783:3:783:3 | a | | -| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:786:16:786:16 | a | | -| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:787:10:787:10 | a | | -| atl.cpp:785:33:785:33 | call to CSimpleMap | atl.cpp:788:3:788:3 | a | | -| atl.cpp:786:18:786:24 | call to FindKey | atl.cpp:787:23:787:25 | pos | | -| atl.cpp:787:10:787:10 | ref arg a | atl.cpp:788:3:788:3 | a | | -| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:791:16:791:16 | a | | -| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:792:10:792:10 | a | | -| atl.cpp:790:33:790:33 | call to CSimpleMap | atl.cpp:793:3:793:3 | a | | -| atl.cpp:791:18:791:24 | call to FindVal | atl.cpp:792:23:792:25 | pos | | -| atl.cpp:792:10:792:10 | ref arg a | atl.cpp:793:3:793:3 | a | | -| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:796:16:796:16 | a | | -| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:798:10:798:10 | a | | -| atl.cpp:795:33:795:33 | call to CSimpleMap | atl.cpp:799:3:799:3 | a | | -| atl.cpp:796:16:796:16 | ref arg a | atl.cpp:798:10:798:10 | a | | -| atl.cpp:796:16:796:16 | ref arg a | atl.cpp:799:3:799:3 | a | | -| atl.cpp:796:18:796:30 | call to ReverseLookup | atl.cpp:797:10:797:12 | key | | -| atl.cpp:796:18:796:30 | call to ReverseLookup | atl.cpp:798:19:798:21 | key | | -| atl.cpp:797:10:797:12 | ref arg key | atl.cpp:798:19:798:21 | key | | -| atl.cpp:798:10:798:10 | ref arg a | atl.cpp:799:3:799:3 | a | | -| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:802:5:802:5 | a | | -| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:803:10:803:10 | a | | -| atl.cpp:801:33:801:33 | call to CSimpleMap | atl.cpp:804:3:804:3 | a | | -| atl.cpp:802:5:802:5 | ref arg a | atl.cpp:803:10:803:10 | a | | -| atl.cpp:802:5:802:5 | ref arg a | atl.cpp:804:3:804:3 | a | | -| atl.cpp:803:10:803:10 | ref arg a | atl.cpp:804:3:804:3 | a | | -| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:807:5:807:5 | a | | -| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:808:10:808:10 | a | | -| atl.cpp:806:33:806:33 | call to CSimpleMap | atl.cpp:809:3:809:3 | a | | -| atl.cpp:807:5:807:5 | ref arg a | atl.cpp:808:10:808:10 | a | | -| atl.cpp:807:5:807:5 | ref arg a | atl.cpp:809:3:809:3 | a | | -| atl.cpp:808:10:808:10 | ref arg a | atl.cpp:809:3:809:3 | a | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:852:16:852:16 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:865:19:865:19 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:871:23:871:23 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:876:22:876:22 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:881:22:881:22 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:886:24:886:24 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:891:21:891:21 | x | | -| atl.cpp:850:13:850:33 | call to indirect_source | atl.cpp:896:22:896:22 | x | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:852:3:852:5 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:853:8:853:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:854:8:854:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | -| atl.cpp:851:8:851:10 | call to CUrl | atl.cpp:899:1:899:1 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:853:8:853:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:854:8:854:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:855:8:855:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:856:8:856:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:857:8:857:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:858:8:858:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:859:8:859:10 | url | | -| atl.cpp:852:3:852:5 | ref arg url | atl.cpp:899:1:899:1 | url | | -| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:865:5:865:8 | url2 | | -| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | | -| atl.cpp:862:10:862:13 | call to CUrl | atl.cpp:868:3:868:3 | url2 | | -| atl.cpp:863:11:863:13 | len | atl.cpp:866:29:866:31 | len | | -| atl.cpp:864:10:864:15 | buffer | atl.cpp:866:20:866:25 | buffer | | -| atl.cpp:864:10:864:15 | buffer | atl.cpp:867:10:867:15 | buffer | | -| atl.cpp:865:5:865:8 | ref arg url2 | atl.cpp:866:5:866:8 | url2 | | -| atl.cpp:865:5:865:8 | ref arg url2 | atl.cpp:868:3:868:3 | url2 | | -| atl.cpp:866:20:866:25 | ref arg buffer | atl.cpp:867:10:867:15 | buffer | | -| atl.cpp:866:28:866:31 | ref arg & ... | atl.cpp:866:29:866:31 | len [inner post update] | | -| atl.cpp:866:29:866:31 | len | atl.cpp:866:28:866:31 | & ... | | -| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:871:5:871:8 | url2 | | -| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:872:10:872:13 | url2 | | -| atl.cpp:870:10:870:13 | call to CUrl | atl.cpp:873:3:873:3 | url2 | | -| atl.cpp:871:5:871:8 | ref arg url2 | atl.cpp:872:10:872:13 | url2 | | -| atl.cpp:871:5:871:8 | ref arg url2 | atl.cpp:873:3:873:3 | url2 | | -| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:876:5:876:8 | url2 | | -| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:877:10:877:13 | url2 | | -| atl.cpp:875:10:875:13 | call to CUrl | atl.cpp:878:3:878:3 | url2 | | -| atl.cpp:876:5:876:8 | ref arg url2 | atl.cpp:877:10:877:13 | url2 | | -| atl.cpp:876:5:876:8 | ref arg url2 | atl.cpp:878:3:878:3 | url2 | | -| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:881:5:881:8 | url2 | | -| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:882:10:882:13 | url2 | | -| atl.cpp:880:10:880:13 | call to CUrl | atl.cpp:883:3:883:3 | url2 | | -| atl.cpp:881:5:881:8 | ref arg url2 | atl.cpp:882:10:882:13 | url2 | | -| atl.cpp:881:5:881:8 | ref arg url2 | atl.cpp:883:3:883:3 | url2 | | -| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:886:5:886:8 | url2 | | -| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:887:10:887:13 | url2 | | -| atl.cpp:885:10:885:13 | call to CUrl | atl.cpp:888:3:888:3 | url2 | | -| atl.cpp:886:5:886:8 | ref arg url2 | atl.cpp:887:10:887:13 | url2 | | -| atl.cpp:886:5:886:8 | ref arg url2 | atl.cpp:888:3:888:3 | url2 | | -| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:891:5:891:8 | url2 | | -| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:892:10:892:13 | url2 | | -| atl.cpp:890:10:890:13 | call to CUrl | atl.cpp:893:3:893:3 | url2 | | -| atl.cpp:891:5:891:8 | ref arg url2 | atl.cpp:892:10:892:13 | url2 | | -| atl.cpp:891:5:891:8 | ref arg url2 | atl.cpp:893:3:893:3 | url2 | | -| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:896:5:896:8 | url2 | | -| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:897:10:897:13 | url2 | | -| atl.cpp:895:10:895:13 | call to CUrl | atl.cpp:898:3:898:3 | url2 | | -| atl.cpp:896:5:896:8 | ref arg url2 | atl.cpp:897:10:897:13 | url2 | | -| atl.cpp:896:5:896:8 | ref arg url2 | atl.cpp:898:3:898:3 | url2 | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:601:5:601:5 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:604:3:604:3 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:602:10:602:10 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:603:10:603:10 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:10:603:10 | c | | +| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:666:11:666:11 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:675:20:675:20 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:680:14:680:14 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:688:11:688:11 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:694:15:694:15 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:699:24:699:24 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:705:30:705:30 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:675:20:675:20 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:680:14:680:14 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:666:11:666:11 | x | atl.cpp:666:11:666:12 | call to CPathT | TAINT | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:667:27:667:27 | p | | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:668:8:668:8 | p | | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:670:12:670:12 | p | | +| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:668:8:668:8 | p | | +| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:670:12:670:12 | p | | +| atl.cpp:668:8:668:8 | p [post update] | atl.cpp:670:12:670:12 | p | | +| atl.cpp:668:10:668:18 | ref arg m_strPath | atl.cpp:671:11:671:19 | m_strPath | | +| atl.cpp:670:12:670:12 | p | atl.cpp:670:12:670:13 | call to CPathT | | +| atl.cpp:670:12:670:13 | call to CPathT | atl.cpp:671:8:671:9 | p2 | | +| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:675:5:675:5 | p | | +| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:676:10:676:10 | p | | +| atl.cpp:675:5:675:5 | ref arg p | atl.cpp:676:10:676:10 | p | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:680:14:680:14 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:685:10:685:10 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:689:10:689:10 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:685:10:685:10 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:689:10:689:10 | p | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | | +| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:685:10:685:10 | p | | +| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:689:10:689:10 | p | | +| atl.cpp:681:12:681:20 | ref arg m_strPath | atl.cpp:685:12:685:20 | m_strPath | | +| atl.cpp:681:12:681:20 | ref arg m_strPath | atl.cpp:689:12:689:20 | m_strPath | | +| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | | +| atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT | +| atl.cpp:684:11:684:11 | ref arg p | atl.cpp:685:10:685:10 | p | | +| atl.cpp:684:11:684:11 | ref arg p | atl.cpp:689:10:689:10 | p | | +| atl.cpp:685:10:685:10 | p [post update] | atl.cpp:689:10:689:10 | p | | +| atl.cpp:685:12:685:20 | ref arg m_strPath | atl.cpp:689:12:689:20 | m_strPath | | +| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:688:11:688:11 | x | atl.cpp:688:8:688:8 | call to operator+= | TAINT | +| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:694:5:694:5 | p | | +| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:695:10:695:10 | p | | +| atl.cpp:694:5:694:5 | ref arg p | atl.cpp:695:10:695:10 | p | | +| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:699:5:699:5 | p | | +| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:700:10:700:10 | p | | +| atl.cpp:699:5:699:5 | ref arg p | atl.cpp:700:10:700:10 | p | | +| atl.cpp:699:24:699:24 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:704:11:704:11 | call to CPathT | atl.cpp:705:15:705:15 | p | | +| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | +| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | | +| atl.cpp:706:10:706:11 | p2 [post update] | atl.cpp:707:10:707:11 | p2 | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:737:11:737:11 | x | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:749:11:749:11 | x | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:753:23:753:23 | x | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:737:5:737:5 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:738:10:738:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:739:5:739:5 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:740:10:740:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:744:10:744:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:746:3:746:3 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:738:10:738:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:739:5:739:5 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:739:5:739:5 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:743:10:743:11 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:744:5:744:6 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:744:5:744:6 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:744:10:744:10 | a | atl.cpp:744:5:744:6 | ref arg a2 | TAINT | +| atl.cpp:744:10:744:10 | a | atl.cpp:744:8:744:8 | call to operator= | TAINT | +| atl.cpp:745:10:745:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:749:5:749:5 | a | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:750:10:750:10 | a | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:755:3:755:3 | a | | +| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:750:10:750:10 | a | | +| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:755:3:755:3 | a | | +| atl.cpp:750:10:750:10 | ref arg a | atl.cpp:755:3:755:3 | a | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:753:15:753:16 | a2 | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:754:10:754:11 | a2 | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:755:3:755:3 | a2 | | +| atl.cpp:753:18:753:21 | call to Find | atl.cpp:754:13:754:15 | pos | | +| atl.cpp:754:10:754:11 | ref arg a2 | atl.cpp:755:3:755:3 | a2 | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:782:20:782:20 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:792:26:792:26 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:797:32:797:32 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:803:22:803:22 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:808:30:808:30 | x | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:782:5:782:5 | a | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:783:10:783:10 | a | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:784:3:784:3 | a | | +| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:783:10:783:10 | a | | +| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:784:3:784:3 | a | | +| atl.cpp:783:10:783:10 | ref arg a | atl.cpp:784:3:784:3 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:787:16:787:16 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:788:10:788:10 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:789:3:789:3 | a | | +| atl.cpp:787:18:787:24 | call to FindKey | atl.cpp:788:23:788:25 | pos | | +| atl.cpp:788:10:788:10 | ref arg a | atl.cpp:789:3:789:3 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:792:16:792:16 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:793:10:793:10 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:794:3:794:3 | a | | +| atl.cpp:792:18:792:24 | call to FindVal | atl.cpp:793:23:793:25 | pos | | +| atl.cpp:793:10:793:10 | ref arg a | atl.cpp:794:3:794:3 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:797:16:797:16 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:799:10:799:10 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:800:3:800:3 | a | | +| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:799:10:799:10 | a | | +| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:800:3:800:3 | a | | +| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:798:10:798:12 | key | | +| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:799:19:799:21 | key | | +| atl.cpp:798:10:798:12 | ref arg key | atl.cpp:799:19:799:21 | key | | +| atl.cpp:799:10:799:10 | ref arg a | atl.cpp:800:3:800:3 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:803:5:803:5 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:804:10:804:10 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:805:3:805:3 | a | | +| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:804:10:804:10 | a | | +| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:805:3:805:3 | a | | +| atl.cpp:804:10:804:10 | ref arg a | atl.cpp:805:3:805:3 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:808:5:808:5 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:809:10:809:10 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:810:3:810:3 | a | | +| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:809:10:809:10 | a | | +| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:810:3:810:3 | a | | +| atl.cpp:809:10:809:10 | ref arg a | atl.cpp:810:3:810:3 | a | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:853:16:853:16 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:866:19:866:19 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:872:23:872:23 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:877:22:877:22 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:882:22:882:22 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:887:24:887:24 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:892:21:892:21 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:897:22:897:22 | x | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:853:3:853:5 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:854:8:854:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:860:8:860:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:900:1:900:1 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:854:8:854:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:855:8:855:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:856:8:856:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:857:8:857:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:858:8:858:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:859:8:859:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:860:8:860:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:900:1:900:1 | url | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:869:3:869:3 | url2 | | +| atl.cpp:864:11:864:13 | len | atl.cpp:867:29:867:31 | len | | +| atl.cpp:865:10:865:15 | buffer | atl.cpp:867:20:867:25 | buffer | | +| atl.cpp:865:10:865:15 | buffer | atl.cpp:868:10:868:15 | buffer | | +| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:867:5:867:8 | url2 | | +| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:869:3:869:3 | url2 | | +| atl.cpp:867:20:867:25 | ref arg buffer | atl.cpp:868:10:868:15 | buffer | | +| atl.cpp:867:28:867:31 | ref arg & ... | atl.cpp:867:29:867:31 | len [inner post update] | | +| atl.cpp:867:29:867:31 | len | atl.cpp:867:28:867:31 | & ... | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:872:5:872:8 | url2 | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:873:10:873:13 | url2 | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:874:3:874:3 | url2 | | +| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:873:10:873:13 | url2 | | +| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:874:3:874:3 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:877:5:877:8 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:878:10:878:13 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:879:3:879:3 | url2 | | +| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:878:10:878:13 | url2 | | +| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:879:3:879:3 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:882:5:882:8 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:883:10:883:13 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:884:3:884:3 | url2 | | +| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:883:10:883:13 | url2 | | +| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:884:3:884:3 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:887:5:887:8 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:888:10:888:13 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:889:3:889:3 | url2 | | +| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:888:10:888:13 | url2 | | +| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:889:3:889:3 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:892:5:892:8 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:893:10:893:13 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:894:3:894:3 | url2 | | +| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:893:10:893:13 | url2 | | +| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:894:3:894:3 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:897:5:897:8 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:898:10:898:13 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:899:3:899:3 | url2 | | +| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:898:10:898:13 | url2 | | +| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:899:3:899:3 | url2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 0d121219209a..7e8a52fdb35b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1,78 +1,78 @@ signatureMatches -| atl.cpp:68:3:68:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:68:3:68:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:69:3:69:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:256:3:256:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:256:3:256:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:410:3:410:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:410:3:410:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:412:3:412:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:412:3:412:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:413:3:413:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:413:3:413:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:418:11:418:16 | Append | (wchar_t) | CComBSTR | Append | 0 | -| atl.cpp:419:11:419:16 | Append | (char) | CComBSTR | Append | 0 | -| atl.cpp:420:11:420:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:420:11:420:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:421:11:421:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:421:11:421:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:424:11:424:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:425:11:425:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:437:8:437:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:437:8:437:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | -| atl.cpp:437:8:437:17 | LoadString | (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | -| atl.cpp:438:8:438:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:438:8:438:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:447:13:447:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:447:13:447:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:537:3:537:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:541:11:541:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:543:11:543:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | -| atl.cpp:543:11:543:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | -| atl.cpp:762:8:762:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:762:8:762:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:762:8:762:10 | Add | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:762:8:762:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:762:8:762:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:762:8:762:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:762:8:762:10 | Add | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:762:8:762:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:773:8:773:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:773:8:773:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:773:8:773:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:773:8:773:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:773:8:773:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:773:8:773:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:773:8:773:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:773:8:773:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | -| atl.cpp:774:8:774:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | -| atl.cpp:839:15:839:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:840:15:840:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:841:15:841:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:844:15:844:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:845:15:845:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:846:15:846:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:425:11:425:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | +| atl.cpp:438:8:438:17 | LoadString | (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | +| atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | +| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:763:8:763:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:763:8:763:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:763:8:763:10 | Add | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:763:8:763:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:763:8:763:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:763:8:763:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:763:8:763:10 | Add | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:763:8:763:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:774:8:774:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | +| atl.cpp:840:15:840:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:841:15:841:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:842:15:842:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:845:15:845:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:846:15:846:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:847:15:847:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | @@ -518,134 +518,134 @@ getParameterTypeName | arrayassignment.cpp:124:6:124:9 | sink | 0 | int * | | atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && | | atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & | -| atl.cpp:49:16:49:16 | operator= | 0 | const tagSAFEARRAYBOUND & | -| atl.cpp:49:16:49:16 | operator= | 0 | tagSAFEARRAYBOUND && | -| atl.cpp:54:16:54:16 | operator= | 0 | const tagVARIANT & | -| atl.cpp:54:16:54:16 | operator= | 0 | tagVARIANT && | -| atl.cpp:58:16:58:16 | operator= | 0 | const tagSAFEARRAY & | -| atl.cpp:58:16:58:16 | operator= | 0 | tagSAFEARRAY && | -| atl.cpp:67:8:67:8 | _U_STRINGorID | 0 | _U_STRINGorID && | -| atl.cpp:67:8:67:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | -| atl.cpp:67:8:67:8 | operator= | 0 | _U_STRINGorID && | -| atl.cpp:67:8:67:8 | operator= | 0 | const _U_STRINGorID & | -| atl.cpp:68:3:68:15 | _U_STRINGorID | 0 | UINT | -| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | LPCTSTR | -| atl.cpp:193:10:193:12 | Add | 0 | INARGTYPclass:0 | -| atl.cpp:195:10:195:15 | Append | 0 | const CAtlArray & | -| atl.cpp:196:8:196:11 | Copy | 0 | const CAtlArray & | -| atl.cpp:198:6:198:10 | GetAt | 0 | size_t | -| atl.cpp:202:8:202:20 | InsertArrayAt | 0 | size_t | -| atl.cpp:202:8:202:20 | InsertArrayAt | 1 | const CAtlArray * | -| atl.cpp:203:8:203:15 | InsertAt | 0 | size_t | -| atl.cpp:203:8:203:15 | InsertAt | 1 | INARGTYPclass:0 | -| atl.cpp:203:8:203:15 | InsertAt | 2 | size_t | -| atl.cpp:208:8:208:16 | SetAtGrow | 0 | size_t | -| atl.cpp:208:8:208:16 | SetAtGrow | 1 | INARGTYPclass:0 | -| atl.cpp:210:6:210:15 | operator[] | 0 | size_t | -| atl.cpp:256:3:256:10 | CAtlList | 0 | UINT | -| atl.cpp:259:12:259:18 | AddHead | 0 | INARGTYPclass:0 | -| atl.cpp:260:8:260:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:262:12:262:18 | AddTail | 0 | INARGTYPclass:0 | -| atl.cpp:263:8:263:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:264:12:264:15 | Find | 0 | INARGTYPclass:0 | -| atl.cpp:264:12:264:15 | Find | 1 | POSITION | -| atl.cpp:265:12:265:20 | FindIndex | 0 | size_t | -| atl.cpp:266:6:266:10 | GetAt | 0 | POSITION | -| atl.cpp:279:12:279:22 | InsertAfter | 0 | POSITION | -| atl.cpp:279:12:279:22 | InsertAfter | 1 | INARGTYPclass:0 | -| atl.cpp:280:12:280:23 | InsertBefore | 0 | POSITION | -| atl.cpp:280:12:280:23 | InsertBefore | 1 | INARGTYPclass:0 | -| atl.cpp:290:8:290:12 | SetAt | 0 | POSITION | -| atl.cpp:290:8:290:12 | SetAt | 1 | INARGTYPclass:0 | -| atl.cpp:400:8:400:8 | operator= | 0 | IUnknown && | -| atl.cpp:400:8:400:8 | operator= | 0 | const IUnknown & | -| atl.cpp:402:8:402:8 | operator= | 0 | ISequentialStream && | -| atl.cpp:402:8:402:8 | operator= | 0 | const ISequentialStream & | -| atl.cpp:404:8:404:8 | operator= | 0 | IStream && | -| atl.cpp:404:8:404:8 | operator= | 0 | const IStream & | -| atl.cpp:406:8:406:8 | operator= | 0 | const CComBSTR & | -| atl.cpp:408:3:408:10 | CComBSTR | 0 | const CComBSTR & | -| atl.cpp:409:3:409:10 | CComBSTR | 0 | int | +| atl.cpp:50:16:50:16 | operator= | 0 | const tagSAFEARRAYBOUND & | +| atl.cpp:50:16:50:16 | operator= | 0 | tagSAFEARRAYBOUND && | +| atl.cpp:55:16:55:16 | operator= | 0 | const tagVARIANT & | +| atl.cpp:55:16:55:16 | operator= | 0 | tagVARIANT && | +| atl.cpp:59:16:59:16 | operator= | 0 | const tagSAFEARRAY & | +| atl.cpp:59:16:59:16 | operator= | 0 | tagSAFEARRAY && | +| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | _U_STRINGorID && | +| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | +| atl.cpp:68:8:68:8 | operator= | 0 | _U_STRINGorID && | +| atl.cpp:68:8:68:8 | operator= | 0 | const _U_STRINGorID & | +| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | UINT | +| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | LPCTSTR | +| atl.cpp:194:10:194:12 | Add | 0 | INARGTYPclass:0 | +| atl.cpp:196:10:196:15 | Append | 0 | const CAtlArray & | +| atl.cpp:197:8:197:11 | Copy | 0 | const CAtlArray & | +| atl.cpp:199:6:199:10 | GetAt | 0 | size_t | +| atl.cpp:203:8:203:20 | InsertArrayAt | 0 | size_t | +| atl.cpp:203:8:203:20 | InsertArrayAt | 1 | const CAtlArray * | +| atl.cpp:204:8:204:15 | InsertAt | 0 | size_t | +| atl.cpp:204:8:204:15 | InsertAt | 1 | INARGTYPclass:0 | +| atl.cpp:204:8:204:15 | InsertAt | 2 | size_t | +| atl.cpp:209:8:209:16 | SetAtGrow | 0 | size_t | +| atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 | +| atl.cpp:211:6:211:15 | operator[] | 0 | size_t | +| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | +| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:265:12:265:15 | Find | 1 | POSITION | +| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | +| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | +| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | +| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && | +| atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & | +| atl.cpp:403:8:403:8 | operator= | 0 | ISequentialStream && | +| atl.cpp:403:8:403:8 | operator= | 0 | const ISequentialStream & | +| atl.cpp:405:8:405:8 | operator= | 0 | IStream && | +| atl.cpp:405:8:405:8 | operator= | 0 | const IStream & | +| atl.cpp:407:8:407:8 | operator= | 0 | const CComBSTR & | +| atl.cpp:409:3:409:10 | CComBSTR | 0 | const CComBSTR & | | atl.cpp:410:3:410:10 | CComBSTR | 0 | int | -| atl.cpp:410:3:410:10 | CComBSTR | 1 | LPCOLESTR | | atl.cpp:411:3:411:10 | CComBSTR | 0 | int | -| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCSTR | -| atl.cpp:412:3:412:10 | CComBSTR | 0 | LPCOLESTR | -| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCSTR | -| atl.cpp:414:3:414:10 | CComBSTR | 0 | CComBSTR && | -| atl.cpp:417:11:417:16 | Append | 0 | const CComBSTR & | -| atl.cpp:418:11:418:16 | Append | 0 | wchar_t | -| atl.cpp:419:11:419:16 | Append | 0 | char | -| atl.cpp:420:11:420:16 | Append | 0 | LPCOLESTR | -| atl.cpp:421:11:421:16 | Append | 0 | LPCSTR | -| atl.cpp:422:11:422:16 | Append | 0 | LPCOLESTR | -| atl.cpp:422:11:422:16 | Append | 1 | int | -| atl.cpp:423:11:423:20 | AppendBSTR | 0 | BSTR | -| atl.cpp:424:11:424:21 | AppendBytes | 0 | const char * | -| atl.cpp:424:11:424:21 | AppendBytes | 1 | int | -| atl.cpp:425:11:425:21 | ArrayToBSTR | 0 | const SAFEARRAY * | -| atl.cpp:426:11:426:20 | AssignBSTR | 0 | const BSTR | -| atl.cpp:427:8:427:13 | Attach | 0 | BSTR | -| atl.cpp:428:11:428:21 | BSTRToArray | 0 | LPSAFEARRAY | -| atl.cpp:431:11:431:16 | CopyTo | 0 | BSTR * | -| atl.cpp:433:11:433:16 | CopyTo | 0 | VARIANT * | -| atl.cpp:437:8:437:17 | LoadString | 0 | HINSTANCE | -| atl.cpp:437:8:437:17 | LoadString | 1 | UINT | -| atl.cpp:438:8:438:17 | LoadString | 0 | UINT | -| atl.cpp:439:11:439:24 | ReadFromStream | 0 | IStream * | -| atl.cpp:441:11:441:23 | WriteToStream | 0 | IStream * | -| atl.cpp:446:13:446:22 | operator+= | 0 | const CComBSTR & | -| atl.cpp:447:13:447:22 | operator+= | 0 | LPCOLESTR | -| atl.cpp:537:3:537:15 | CComSafeArray | 0 | const SAFEARRAY * | -| atl.cpp:541:11:541:13 | Add | 0 | const SAFEARRAY * | -| atl.cpp:543:11:543:13 | Add | 0 | const class:0 & | -| atl.cpp:543:11:543:13 | Add | 1 | BOOL | -| atl.cpp:551:6:551:10 | GetAt | 0 | LONG | -| atl.cpp:562:11:562:15 | SetAt | 0 | LONG | -| atl.cpp:562:11:562:15 | SetAt | 1 | const class:0 & | -| atl.cpp:562:11:562:15 | SetAt | 2 | BOOL | -| atl.cpp:564:6:564:15 | operator[] | 0 | long | -| atl.cpp:565:6:565:15 | operator[] | 0 | int | -| atl.cpp:609:3:609:8 | CPathT | 0 | PCXSTR | -| atl.cpp:610:3:610:8 | CPathT | 0 | const CPathT & | -| atl.cpp:614:8:614:19 | AddExtension | 0 | PCXSTR | -| atl.cpp:615:8:615:13 | Append | 0 | PCXSTR | -| atl.cpp:618:8:618:14 | Combine | 0 | PCXSTR | -| atl.cpp:618:8:618:14 | Combine | 1 | PCXSTR | -| atl.cpp:619:22:619:33 | CommonPrefix | 0 | PCXSTR | -| atl.cpp:656:23:656:32 | operator+= | 0 | PCXSTR | -| atl.cpp:716:8:716:10 | Add | 0 | const class:0 & | -| atl.cpp:717:7:717:10 | Find | 0 | const class:0 & | -| atl.cpp:728:6:728:15 | operator[] | 0 | int | -| atl.cpp:729:21:729:29 | operator= | 0 | const CSimpleArray & | -| atl.cpp:762:8:762:10 | Add | 0 | const class:0 & | -| atl.cpp:762:8:762:10 | Add | 1 | const class:1 & | -| atl.cpp:763:7:763:13 | FindKey | 0 | const class:0 & | -| atl.cpp:764:7:764:13 | FindVal | 0 | const class:1 & | -| atl.cpp:767:9:767:18 | GetValueAt | 0 | int | -| atl.cpp:768:8:768:13 | Lookup | 0 | const class:0 & | -| atl.cpp:772:8:772:20 | ReverseLookup | 0 | const class:1 & | -| atl.cpp:773:8:773:12 | SetAt | 0 | const class:0 & | -| atl.cpp:773:8:773:12 | SetAt | 1 | const class:1 & | -| atl.cpp:774:8:774:17 | SetAtIndex | 0 | int | -| atl.cpp:774:8:774:17 | SetAtIndex | 1 | const class:0 & | -| atl.cpp:774:8:774:17 | SetAtIndex | 2 | const class:1 & | -| atl.cpp:813:9:813:17 | operator= | 0 | const CUrl & | -| atl.cpp:815:3:815:6 | CUrl | 0 | const CUrl & | -| atl.cpp:818:15:818:26 | Canonicalize | 0 | DWORD | -| atl.cpp:821:8:821:15 | CrackUrl | 0 | LPCTSTR | -| atl.cpp:821:8:821:15 | CrackUrl | 1 | DWORD | -| atl.cpp:822:15:822:23 | CreateUrl | 0 | LPTSTR | -| atl.cpp:822:15:822:23 | CreateUrl | 1 | DWORD * | -| atl.cpp:822:15:822:23 | CreateUrl | 2 | DWORD | -| atl.cpp:839:15:839:26 | SetExtraInfo | 0 | LPCTSTR | -| atl.cpp:840:15:840:25 | SetHostName | 0 | LPCTSTR | -| atl.cpp:841:15:841:25 | SetPassword | 0 | LPCTSTR | -| atl.cpp:842:15:842:27 | SetPortNumber | 0 | ATL_URL_PORT | -| atl.cpp:843:15:843:23 | SetScheme | 0 | ATL_URL_SCHEME | -| atl.cpp:844:15:844:27 | SetSchemeName | 0 | LPCTSTR | -| atl.cpp:845:15:845:24 | SetUrlPath | 0 | LPCTSTR | -| atl.cpp:846:15:846:25 | SetUserName | 0 | LPCTSTR | +| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCOLESTR | +| atl.cpp:412:3:412:10 | CComBSTR | 0 | int | +| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCSTR | +| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCOLESTR | +| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCSTR | +| atl.cpp:415:3:415:10 | CComBSTR | 0 | CComBSTR && | +| atl.cpp:418:11:418:16 | Append | 0 | const CComBSTR & | +| atl.cpp:419:11:419:16 | Append | 0 | wchar_t | +| atl.cpp:420:11:420:16 | Append | 0 | char | +| atl.cpp:421:11:421:16 | Append | 0 | LPCOLESTR | +| atl.cpp:422:11:422:16 | Append | 0 | LPCSTR | +| atl.cpp:423:11:423:16 | Append | 0 | LPCOLESTR | +| atl.cpp:423:11:423:16 | Append | 1 | int | +| atl.cpp:424:11:424:20 | AppendBSTR | 0 | BSTR | +| atl.cpp:425:11:425:21 | AppendBytes | 0 | const char * | +| atl.cpp:425:11:425:21 | AppendBytes | 1 | int | +| atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * | +| atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR | +| atl.cpp:428:8:428:13 | Attach | 0 | BSTR | +| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY | +| atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * | +| atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * | +| atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE | +| atl.cpp:438:8:438:17 | LoadString | 1 | UINT | +| atl.cpp:439:8:439:17 | LoadString | 0 | UINT | +| atl.cpp:440:11:440:24 | ReadFromStream | 0 | IStream * | +| atl.cpp:442:11:442:23 | WriteToStream | 0 | IStream * | +| atl.cpp:447:13:447:22 | operator+= | 0 | const CComBSTR & | +| atl.cpp:448:13:448:22 | operator+= | 0 | LPCOLESTR | +| atl.cpp:538:3:538:15 | CComSafeArray | 0 | const SAFEARRAY * | +| atl.cpp:542:11:542:13 | Add | 0 | const SAFEARRAY * | +| atl.cpp:544:11:544:13 | Add | 0 | const class:0 & | +| atl.cpp:544:11:544:13 | Add | 1 | BOOL | +| atl.cpp:552:6:552:10 | GetAt | 0 | LONG | +| atl.cpp:563:11:563:15 | SetAt | 0 | LONG | +| atl.cpp:563:11:563:15 | SetAt | 1 | const class:0 & | +| atl.cpp:563:11:563:15 | SetAt | 2 | BOOL | +| atl.cpp:565:6:565:15 | operator[] | 0 | long | +| atl.cpp:566:6:566:15 | operator[] | 0 | int | +| atl.cpp:610:3:610:8 | CPathT | 0 | PCXSTR | +| atl.cpp:611:3:611:8 | CPathT | 0 | const CPathT & | +| atl.cpp:615:8:615:19 | AddExtension | 0 | PCXSTR | +| atl.cpp:616:8:616:13 | Append | 0 | PCXSTR | +| atl.cpp:619:8:619:14 | Combine | 0 | PCXSTR | +| atl.cpp:619:8:619:14 | Combine | 1 | PCXSTR | +| atl.cpp:620:22:620:33 | CommonPrefix | 0 | PCXSTR | +| atl.cpp:657:23:657:32 | operator+= | 0 | PCXSTR | +| atl.cpp:717:8:717:10 | Add | 0 | const class:0 & | +| atl.cpp:718:7:718:10 | Find | 0 | const class:0 & | +| atl.cpp:729:6:729:15 | operator[] | 0 | int | +| atl.cpp:730:21:730:29 | operator= | 0 | const CSimpleArray & | +| atl.cpp:763:8:763:10 | Add | 0 | const class:0 & | +| atl.cpp:763:8:763:10 | Add | 1 | const class:1 & | +| atl.cpp:764:7:764:13 | FindKey | 0 | const class:0 & | +| atl.cpp:765:7:765:13 | FindVal | 0 | const class:1 & | +| atl.cpp:768:9:768:18 | GetValueAt | 0 | int | +| atl.cpp:769:8:769:13 | Lookup | 0 | const class:0 & | +| atl.cpp:773:8:773:20 | ReverseLookup | 0 | const class:1 & | +| atl.cpp:774:8:774:12 | SetAt | 0 | const class:0 & | +| atl.cpp:774:8:774:12 | SetAt | 1 | const class:1 & | +| atl.cpp:775:8:775:17 | SetAtIndex | 0 | int | +| atl.cpp:775:8:775:17 | SetAtIndex | 1 | const class:0 & | +| atl.cpp:775:8:775:17 | SetAtIndex | 2 | const class:1 & | +| atl.cpp:814:9:814:17 | operator= | 0 | const CUrl & | +| atl.cpp:816:3:816:6 | CUrl | 0 | const CUrl & | +| atl.cpp:819:15:819:26 | Canonicalize | 0 | DWORD | +| atl.cpp:822:8:822:15 | CrackUrl | 0 | LPCTSTR | +| atl.cpp:822:8:822:15 | CrackUrl | 1 | DWORD | +| atl.cpp:823:15:823:23 | CreateUrl | 0 | LPTSTR | +| atl.cpp:823:15:823:23 | CreateUrl | 1 | DWORD * | +| atl.cpp:823:15:823:23 | CreateUrl | 2 | DWORD | +| atl.cpp:840:15:840:26 | SetExtraInfo | 0 | LPCTSTR | +| atl.cpp:841:15:841:25 | SetHostName | 0 | LPCTSTR | +| atl.cpp:842:15:842:25 | SetPassword | 0 | LPCTSTR | +| atl.cpp:843:15:843:27 | SetPortNumber | 0 | ATL_URL_PORT | +| atl.cpp:844:15:844:23 | SetScheme | 0 | ATL_URL_SCHEME | +| atl.cpp:845:15:845:27 | SetSchemeName | 0 | LPCTSTR | +| atl.cpp:846:15:846:24 | SetUrlPath | 0 | LPCTSTR | +| atl.cpp:847:15:847:25 | SetUserName | 0 | LPCTSTR | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | From 3abb9049bb1fb9d3aa8031b42c4621ad0de7224e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 3 Dec 2024 19:06:20 +0000 Subject: [PATCH 43/65] C++: Fix testcase to reveal problematic models. --- .../library-tests/dataflow/taint-tests/atl.cpp | 4 ++-- .../dataflow/taint-tests/localTaint.expected | 16 ++++------------ 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index d8f5da016330..0fb0456daa45 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -682,11 +682,11 @@ void test_CPathT() { CPath p2; p2 += p; - sink(p.m_strPath); // $ ir + sink(p2.m_strPath); // $ MISSING: ir CPath p3; p3 += x; - sink(p.m_strPath); // $ ir + sink(p3.m_strPath); // $ MISSING: ir } { diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index c8a2ee98665e..41c3822aed52 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -761,28 +761,20 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | | | atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | | | atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | | -| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:685:10:685:10 | p | | -| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:689:10:689:10 | p | | | atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | | | atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | | -| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:685:10:685:10 | p | | -| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:689:10:689:10 | p | | | atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | | | atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | | | atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | | | atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | | | atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | | -| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:685:10:685:10 | p | | -| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:689:10:689:10 | p | | -| atl.cpp:681:12:681:20 | ref arg m_strPath | atl.cpp:685:12:685:20 | m_strPath | | -| atl.cpp:681:12:681:20 | ref arg m_strPath | atl.cpp:689:12:689:20 | m_strPath | | | atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | | +| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:685:10:685:11 | p2 | | +| atl.cpp:684:5:684:6 | ref arg p2 | atl.cpp:685:10:685:11 | p2 | | | atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT | -| atl.cpp:684:11:684:11 | ref arg p | atl.cpp:685:10:685:10 | p | | -| atl.cpp:684:11:684:11 | ref arg p | atl.cpp:689:10:689:10 | p | | -| atl.cpp:685:10:685:10 | p [post update] | atl.cpp:689:10:689:10 | p | | -| atl.cpp:685:12:685:20 | ref arg m_strPath | atl.cpp:689:12:689:20 | m_strPath | | | atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | | +| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:689:10:689:11 | p3 | | +| atl.cpp:688:5:688:6 | ref arg p3 | atl.cpp:689:10:689:11 | p3 | | | atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | | | atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | | | atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | | From c3086d4ecda3b5c8ba986fb89c9c7ad408daad3b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 3 Dec 2024 19:13:00 +0000 Subject: [PATCH 44/65] C++: Fix models and accept test changes. --- cpp/ql/lib/ext/CPathT.model.yml | 7 ++++--- .../dataflow/external-models/flow.expected | 10 +++++----- .../dataflow/external-models/validatemodels.expected | 1 - cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/cpp/ql/lib/ext/CPathT.model.yml b/cpp/ql/lib/ext/CPathT.model.yml index 2138dd6c9425..8211343d479e 100644 --- a/cpp/ql/lib/ext/CPathT.model.yml +++ b/cpp/ql/lib/ext/CPathT.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CPathT", True, "CPathT", "", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] @@ -18,5 +18,6 @@ extensions: # - ["", "CPathT", True, "operator const T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] # - ["", "CPathT", True, "operator T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CPathT", True, "operator +=", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CPathT", True, "operator +=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 3c5b69b09f4b..a8a3e5a209a5 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:809 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:807 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:808 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:810 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:808 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:809 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:808 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:809 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:809 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:810 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 166d834ea768..39dade253254 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -1,4 +1,3 @@ -| Dubious member name "operator +=" in summary model. | | Dubious member name "operator BSTR" in summary model. | | Dubious member name "operator LPCSTR" in summary model. | | Dubious member name "operator LPSAFEARRAY" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 0fb0456daa45..a6638ad3f563 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -682,11 +682,11 @@ void test_CPathT() { CPath p2; p2 += p; - sink(p2.m_strPath); // $ MISSING: ir + sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD CPath p3; p3 += x; - sink(p3.m_strPath); // $ MISSING: ir + sink(p3.m_strPath); // $ ir } { From 8d035e61a3b744d9a878c18661e2f14e685b780f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 12:33:02 +0000 Subject: [PATCH 45/65] C++: Fix test. --- .../dataflow/taint-tests/atl.cpp | 32 +++--- .../dataflow/taint-tests/localTaint.expected | 102 +++++++++--------- .../taint-tests/test_mad-signatures.expected | 17 +++ 3 files changed, 84 insertions(+), 67 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index a6638ad3f563..05d14c06c362 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -347,52 +347,52 @@ void test_CAtlList() { int* p = indirect_source(); { - CAtlList list(10); + CAtlList list(10); sink(list.GetHead()); - list.AddHead(x); + list.AddHead(p); sink(list.GetHead()); // $ ir - CAtlList list2(10); + CAtlList list2(10); list2.AddHeadList(&list); sink(list2.GetHead()); // $ ir - CAtlList list3(10); - list3.AddTail(x); + CAtlList list3(10); + list3.AddTail(p); sink(list3.GetHead()); // $ ir - CAtlList list4(10); + CAtlList list4(10); list4.AddTailList(&list3); sink(list4.GetHead()); // $ ir { - CAtlList list5(10); - auto pos = list5.Find(x, list5.GetHeadPosition()); + CAtlList list5(10); + auto pos = list5.Find(p, list5.GetHeadPosition()); sink(list5.GetAt(pos)); // $ MISSING: ir } { - CAtlList list6(10); - list6.AddHead(x); + CAtlList list6(10); + list6.AddHead(p); auto pos = list6.FindIndex(0); sink(list6.GetAt(pos)); // $ ir } { - CAtlList list7(10); + CAtlList list7(10); auto pos = list7.GetTailPosition(); - list7.InsertAfter(pos, x); + list7.InsertAfter(pos, p); sink(list7.GetHead()); // $ ir } { - CAtlList list8(10); + CAtlList list8(10); auto pos = list8.GetTailPosition(); - list8.InsertBefore(pos, x); + list8.InsertBefore(pos, p); sink(list8.GetHead()); // $ ir } { - CAtlList list9(10); - list9.SetAt(list9.GetHeadPosition(), x); + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), p); sink(list9.GetHead()); // $ ir } } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 41c3822aed52..a35e1c53d1c5 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -299,13 +299,6 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | | | atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | | | atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:352:18:352:18 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:360:19:360:19 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:369:29:369:29 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:375:21:375:21 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:383:30:383:30 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:390:31:390:31 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:395:44:395:44 | x | | | atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT | | atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | | | atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | | @@ -406,12 +399,19 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | | atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | | atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | -| atl.cpp:350:24:350:25 | 10 | atl.cpp:350:24:350:26 | call to CAtlList | TAINT | -| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:351:10:351:13 | list | | -| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:352:5:352:8 | list | | -| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:353:10:353:13 | list | | -| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:356:24:356:27 | list | | -| atl.cpp:350:24:350:26 | call to CAtlList | atl.cpp:398:3:398:3 | list | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:352:18:352:18 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:360:19:360:19 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:369:29:369:29 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:375:21:375:21 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:383:30:383:30 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:390:31:390:31 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:395:44:395:44 | p | | +| atl.cpp:350:25:350:26 | 10 | atl.cpp:350:25:350:27 | call to CAtlList | TAINT | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:351:10:351:13 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:352:5:352:8 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:353:10:353:13 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:356:24:356:27 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:398:3:398:3 | list | | | atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | | | atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | | | atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | | @@ -421,37 +421,37 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | | | atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | | | atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | | -| atl.cpp:355:25:355:26 | 10 | atl.cpp:355:25:355:27 | call to CAtlList | TAINT | -| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | | -| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | | -| atl.cpp:355:25:355:27 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:355:26:355:27 | 10 | atl.cpp:355:26:355:28 | call to CAtlList | TAINT | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | | | atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | | | atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | | atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | | | atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | -| atl.cpp:359:25:359:26 | 10 | atl.cpp:359:25:359:27 | call to CAtlList | TAINT | -| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | | -| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | | -| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | | -| atl.cpp:359:25:359:27 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:359:26:359:27 | 10 | atl.cpp:359:26:359:28 | call to CAtlList | TAINT | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | | | atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | | | atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | | atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | | atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | | atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | -| atl.cpp:363:25:363:26 | 10 | atl.cpp:363:25:363:27 | call to CAtlList | TAINT | -| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | | -| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | | -| atl.cpp:363:25:363:27 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:363:26:363:27 | 10 | atl.cpp:363:26:363:28 | call to CAtlList | TAINT | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | | | atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | | | atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | | atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | | | atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | -| atl.cpp:368:27:368:28 | 10 | atl.cpp:368:27:368:29 | call to CAtlList | TAINT | -| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | | -| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | | -| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | | -| atl.cpp:368:27:368:29 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:368:28:368:29 | 10 | atl.cpp:368:28:368:30 | call to CAtlList | TAINT | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | | | atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | | atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | | atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | | @@ -459,11 +459,11 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | | atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | | atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | -| atl.cpp:374:27:374:28 | 10 | atl.cpp:374:27:374:29 | call to CAtlList | TAINT | -| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | | -| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | | -| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | | -| atl.cpp:374:27:374:29 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:374:28:374:29 | 10 | atl.cpp:374:28:374:30 | call to CAtlList | TAINT | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | | | atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | | | atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | | atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | @@ -471,11 +471,11 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | | atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | | | atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | -| atl.cpp:381:27:381:28 | 10 | atl.cpp:381:27:381:29 | call to CAtlList | TAINT | -| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | | -| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | | -| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | | -| atl.cpp:381:27:381:29 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:381:28:381:29 | 10 | atl.cpp:381:28:381:30 | call to CAtlList | TAINT | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | | | atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | | | atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | | atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | @@ -483,11 +483,11 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | | atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | | atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | -| atl.cpp:388:27:388:28 | 10 | atl.cpp:388:27:388:29 | call to CAtlList | TAINT | -| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | | -| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | | -| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | | -| atl.cpp:388:27:388:29 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:388:28:388:29 | 10 | atl.cpp:388:28:388:30 | call to CAtlList | TAINT | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | | | atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | | | atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | | atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | @@ -495,11 +495,11 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | | atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | | atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | -| atl.cpp:394:27:394:28 | 10 | atl.cpp:394:27:394:29 | call to CAtlList | TAINT | -| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | | -| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | | -| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | | -| atl.cpp:394:27:394:29 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:394:28:394:29 | 10 | atl.cpp:394:28:394:30 | call to CAtlList | TAINT | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | | | atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | | atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | | atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 7e8a52fdb35b..9284dc759eb1 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -3,6 +3,8 @@ signatureMatches | atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | @@ -543,19 +545,34 @@ getParameterTypeName | atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 | | atl.cpp:211:6:211:15 | operator[] | 0 | size_t | | atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | +| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | | atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | | atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | | atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | | atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | | atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:265:12:265:15 | Find | 1 | POSITION | | atl.cpp:265:12:265:15 | Find | 1 | POSITION | | atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | +| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | +| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | | atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | | atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | | atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | | atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | +| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | +| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | | atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | | atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | +| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | +| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | | atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | | atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && | | atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & | From de75e033beb7b871e23f7dc706fd904bcbf19529 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 12:42:48 +0000 Subject: [PATCH 46/65] C++: Remove taint to POSITIONs. --- cpp/ql/lib/ext/CAtlList.model.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml index eb59fb8417ed..411b9390a9c2 100644 --- a/cpp/ql/lib/ext/CAtlList.model.yml +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -7,9 +7,7 @@ extensions: - ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "FindIndex", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetAt", "", "", "Argument[0]", "ReturnValue[*@]", "taint", "manual"] - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "GetHeadPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetNext", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] @@ -17,9 +15,5 @@ extensions: - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "GetTailPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "taint", "manual"] - - ["", "CAtlList", True, "SwapElements", "", "", "Argument[0]", "Argument[1]", "taint", "manual"] - - ["", "CAtlList", True, "SwapElements", "", "", "Argument[1]", "Argument[0]", "taint", "manual"] From 9dc3aecf67e2a5fcf47b2b5c10ccd37b4d7ae152 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 12:48:55 +0000 Subject: [PATCH 47/65] C++: Remove more taint to POSITIONs. --- cpp/ql/lib/ext/CAtlList.model.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml index 411b9390a9c2..4b724ce717cf 100644 --- a/cpp/ql/lib/ext/CAtlList.model.yml +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -9,11 +9,9 @@ extensions: - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetHeadPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetNext", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetPrev", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetTailPosition", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "taint", "manual"] From c7dee4b02050448973eeb14c979fe7b254321bb3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 12:52:13 +0000 Subject: [PATCH 48/65] C++: Remove more taint to POSITIONs. --- cpp/ql/lib/ext/CAtlList.model.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml index 4b724ce717cf..a2de8a645d00 100644 --- a/cpp/ql/lib/ext/CAtlList.model.yml +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -9,8 +9,6 @@ extensions: - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CAtlList", True, "GetNext", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CAtlList", True, "GetPrev", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] From 279a30c7e80300d7ae5ffc003c5e1bff0bf1c5bd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 12:52:41 +0000 Subject: [PATCH 49/65] C++: Make 'SetAt' a value-preserving step. --- cpp/ql/lib/ext/CAtlList.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml index a2de8a645d00..6d952f2ca133 100644 --- a/cpp/ql/lib/ext/CAtlList.model.yml +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -12,4 +12,4 @@ extensions: - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "taint", "manual"] + - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] From 4f00e229e0296e97560923442508a9ae30ad904f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 4 Dec 2024 13:49:07 +0000 Subject: [PATCH 50/65] C++: Accept more test changes. --- .../dataflow/external-models/flow.expected | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index a8a3e5a209a5..81a9c605f005 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:810 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:808 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:809 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:809 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:810 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | From d0bf3b84e4c263789324ae4f8cb33ca70fedb009 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:27:17 +0000 Subject: [PATCH 51/65] C++: Add missing MaD row for move constructor. --- cpp/ql/lib/ext/CComBSTR.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index b578956edec2..0cbf021a8a9f 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -8,6 +8,7 @@ extensions: - ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "Append", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] From 904db38a5f3fae9580968a39fbbac3768c7f444b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:29:13 +0000 Subject: [PATCH 52/65] C++: Add missing space between type name and '&'. --- cpp/ql/lib/ext/CComBSTR.model.yml | 4 ++-- cpp/ql/lib/ext/CComSafeArray.model.yml | 4 ++-- cpp/ql/lib/ext/CPathT.model.yml | 4 ++-- cpp/ql/lib/ext/CRegKey.model.yml | 4 ++-- .../dataflow/external-models/flow.expected | 10 ++++----- .../external-models/validatemodels.expected | 8 +++---- .../taint-tests/test_mad-signatures.expected | 22 ++++++++++++++----- 7 files changed, 33 insertions(+), 23 deletions(-) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index 0cbf021a8a9f..d281eb32dfb0 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -7,9 +7,9 @@ extensions: - ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "Append", "(const CComBSTR&)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CComSafeArray.model.yml b/cpp/ql/lib/ext/CComSafeArray.model.yml index 4128ae13e177..8da350ff140a 100644 --- a/cpp/ql/lib/ext/CComSafeArray.model.yml +++ b/cpp/ql/lib/ext/CComSafeArray.model.yml @@ -21,7 +21,7 @@ extensions: - ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] - ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] - ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray&)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] - - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray&)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CPathT.model.yml b/cpp/ql/lib/ext/CPathT.model.yml index 8211343d479e..870e7ac55360 100644 --- a/cpp/ql/lib/ext/CPathT.model.yml +++ b/cpp/ql/lib/ext/CPathT.model.yml @@ -15,8 +15,8 @@ extensions: - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"] - ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] # Note: These don't work currently since we cannot use the template parameter in the name of the function - # - ["", "CPathT", True, "operator const T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - # - ["", "CPathT", True, "operator T&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + # - ["", "CPathT", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + # - ["", "CPathT", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index 52b742029ac5..45114347ee0d 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CRegKey", True, "CRegKey", "(CRegKey&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] @@ -12,7 +12,7 @@ extensions: - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "(DWORD&,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[**0]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "operator HKEY", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 81a9c605f005..137642d522a4 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 39dade253254..7b089db8a6d2 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -11,14 +11,14 @@ | Dubious member name "operator=" in summary model. | | Dubious member name "operator[]" in summary model. | | Dubious signature "(CAtlFile &)" in summary model. | -| Dubious signature "(CRegKey&)" in summary model. | -| Dubious signature "(DWORD&,LPCTSTR)" in summary model. | +| Dubious signature "(CComBSTR &&)" in summary model. | +| Dubious signature "(CRegKey &)" in summary model. | +| Dubious signature "(DWORD &,LPCTSTR)" in summary model. | | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | | Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. | | Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. | -| Dubious signature "(const CComBSTR&)" in summary model. | +| Dubious signature "(const CComBSTR &)" in summary model. | | Dubious signature "(const CComSafeArray &)" in summary model. | -| Dubious signature "(const CComSafeArray&)" in summary model. | | Dubious signature "(const SAFEARRAY &)" in summary model. | | Dubious signature "(const SAFEARRAY *)" in summary model. | | Dubious signature "(const SAFEARRAYBOUND *,UINT)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 9284dc759eb1..f1e4b841d870 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -6,6 +6,10 @@ signatureMatches | atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | | atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | | atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | | atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | @@ -14,6 +18,9 @@ signatureMatches | atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | | atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:415:3:415:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | +| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | | atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 | | atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 | | atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | @@ -31,6 +38,8 @@ signatureMatches | atl.cpp:438:8:438:17 | LoadString | (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | | atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | | atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | | atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | | atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | @@ -357,9 +366,10 @@ signatureMatches | vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 | getSignatureParameterName | (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & | -| (CRegKey&) | CRegKey | CRegKey | 0 | CRegKey& | -| (DWORD&,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD& | -| (DWORD&,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR | +| (CComBSTR &&) | CComBSTR | CComBSTR | 0 | CComBSTR && | +| (CRegKey &) | CRegKey | CRegKey | 0 | CRegKey & | +| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD & | +| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR | | (HANDLE) | CAtlFile | CAtlFile | 0 | HANDLE | | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | HINSTANCE | | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | UINT | @@ -401,10 +411,10 @@ getSignatureParameterName | (UINT) | CComBSTR | LoadString | 0 | UINT | | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT | | (char) | CComBSTR | Append | 0 | char | -| (const CComBSTR&) | CComBSTR | Append | 0 | const CComBSTR& | -| (const CComBSTR&) | CComBSTR | CComBSTR | 0 | const CComBSTR& | +| (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & | +| (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & | | (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & | -| (const CComSafeArray&) | CComSafeArray | operator= | 0 | const CComSafeArray& | +| (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & | | (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & | | (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | From f7b55e05ebcc1163e7a725043b6d7aa6e29100fc Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:30:34 +0000 Subject: [PATCH 53/65] C++: 'Attach' is value-preserving. --- cpp/ql/lib/ext/CComBSTR.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index d281eb32dfb0..7ee43290ba31 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -19,7 +19,7 @@ extensions: - ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[*0].Field[*pvData]", "value", "manual"] - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] From 6388a9af95051c49f484be6f296f8ad3b9c0a248 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:31:33 +0000 Subject: [PATCH 54/65] C++: Delete duplicated MaD row. --- cpp/ql/lib/ext/CComBSTR.model.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index 7ee43290ba31..cd3cd7b50756 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -26,7 +26,6 @@ extensions: - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] - ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] From 66de42c576d64425456db4b7c7b1d45c085f18f8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:33:29 +0000 Subject: [PATCH 55/65] C++: Fix MaD row for 'operator&' on 'CComBSTR's. --- cpp/ql/lib/ext/CComBSTR.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index cd3cd7b50756..1865a244ef30 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -28,6 +28,6 @@ extensions: - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] - ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] - - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] \ No newline at end of file From 3d0a2057f61d9564e7741f638214d650ac646a67 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:46:14 +0000 Subject: [PATCH 56/65] C++: Fix 'BSTRToArray' stub and MaD model. --- cpp/ql/lib/ext/CComBSTR.model.yml | 2 +- .../dataflow/external-models/flow.expected | 10 +++++----- cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 6 +++--- .../dataflow/taint-tests/localTaint.expected | 4 ++-- .../dataflow/taint-tests/test_mad-signatures.expected | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml index 1865a244ef30..d31f3e36a512 100644 --- a/cpp/ql/lib/ext/CComBSTR.model.yml +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -20,7 +20,7 @@ extensions: - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[*0].Field[*pvData]", "value", "manual"] + - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"] - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 137642d522a4..81a9c605f005 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 05d14c06c362..9a57fd604a5e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -426,7 +426,7 @@ struct CComBSTR { HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw(); HRESULT AssignBSTR(const BSTR bstrSrc) throw(); void Attach(BSTR src) throw(); - HRESULT BSTRToArray(LPSAFEARRAY ppArray) throw(); + HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw(); unsigned int ByteLength() const throw(); BSTR Copy() const throw(); HRESULT CopyTo(BSTR* pbstr) throw(); @@ -504,10 +504,10 @@ void test_CComBSTR() { sink(b8.m_str); // $ ir CComBSTR b9; - SAFEARRAY safe; + LPSAFEARRAY safe; b9.Append(source()); b9.BSTRToArray(&safe); - sink(safe.pvData); // $ ir + sink(safe->pvData); // $ ir sink(b9.Copy()); // $ ir } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index a35e1c53d1c5..d3ee7b7c0895 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -606,8 +606,8 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | | | atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | | -| atl.cpp:507:15:507:18 | safe | atl.cpp:509:21:509:24 | safe | | -| atl.cpp:507:15:507:18 | safe | atl.cpp:510:10:510:13 | safe | | +| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe | | +| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe | | | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | | | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | | atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index f1e4b841d870..6627139ae6e2 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -613,7 +613,7 @@ getParameterTypeName | atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * | | atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR | | atl.cpp:428:8:428:13 | Attach | 0 | BSTR | -| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY | +| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * | | atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * | | atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * | | atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE | From 59f4b3c0db3d12177b34950c0070af798f8fa7e2 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 6 Dec 2024 15:58:07 +0000 Subject: [PATCH 57/65] C++: Get rid of the model for 'Create'. --- cpp/ql/lib/ext/CComSafeArray.model.yml | 1 - .../dataflow/external-models/flow.expected | 10 +++++----- .../dataflow/external-models/validatemodels.expected | 1 - .../dataflow/taint-tests/test_mad-signatures.expected | 3 --- 4 files changed, 5 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/ext/CComSafeArray.model.yml b/cpp/ql/lib/ext/CComSafeArray.model.yml index 8da350ff140a..61aec61e7d2b 100644 --- a/cpp/ql/lib/ext/CComSafeArray.model.yml +++ b/cpp/ql/lib/ext/CComSafeArray.model.yml @@ -11,7 +11,6 @@ extensions: - ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"] - - ["", "CComSafeArray", True, "Create", "(const SAFEARRAYBOUND *,UINT)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] - ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] - ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 81a9c605f005..8930cadb8d8a 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:799 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:797 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:798 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:798 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:799 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 7b089db8a6d2..423e238ecd7e 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -21,7 +21,6 @@ | Dubious signature "(const CComSafeArray &)" in summary model. | | Dubious signature "(const SAFEARRAY &)" in summary model. | | Dubious signature "(const SAFEARRAY *)" in summary model. | -| Dubious signature "(const SAFEARRAYBOUND *,UINT)" in summary model. | | Dubious signature "(const T &,BOOL)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 6627139ae6e2..2d69f088fef3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -35,7 +35,6 @@ signatureMatches | atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | | atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | | atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | -| atl.cpp:438:8:438:17 | LoadString | (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | | atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | | atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | @@ -419,8 +418,6 @@ getSignatureParameterName | (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * | -| (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 0 | const SAFEARRAYBOUND * | -| (const SAFEARRAYBOUND *,UINT) | CComSafeArray | Create | 1 | UINT | | (const T &,BOOL) | CComSafeArray | Add | 0 | const class:0 & | | (const T &,BOOL) | CComSafeArray | Add | 1 | BOOL | | (const deque &) | deque | deque | 0 | const deque & | From d735a1433bc1b8cf363c484923e1ed8983e0afc6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:23:15 +0000 Subject: [PATCH 58/65] C++: Also flow to the return value of 'operator='. --- cpp/ql/lib/ext/CSimpleArray.model.yml | 3 ++- .../dataflow/external-models/flow.expected | 10 +++++----- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/ext/CSimpleArray.model.yml b/cpp/ql/lib/ext/CSimpleArray.model.yml index 1c6337bf74c3..8daae929651e 100644 --- a/cpp/ql/lib/ext/CSimpleArray.model.yml +++ b/cpp/ql/lib/ext/CSimpleArray.model.yml @@ -8,4 +8,5 @@ extensions: - ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] \ No newline at end of file + - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 8930cadb8d8a..81a9c605f005 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:799 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:797 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:798 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:798 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:799 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | From d3dc318ba1504c4e74874efe5e9d118ea5dd8784 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:26:46 +0000 Subject: [PATCH 59/65] C++: Make 'GetValueAt' a value-preserving step. --- cpp/ql/lib/ext/CSimpleMap.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CSimpleMap.model.yml b/cpp/ql/lib/ext/CSimpleMap.model.yml index 323b5be01742..814e814228ed 100644 --- a/cpp/ql/lib/ext/CSimpleMap.model.yml +++ b/cpp/ql/lib/ext/CSimpleMap.model.yml @@ -4,7 +4,7 @@ extensions: extensible: summaryModel data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - - ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "taint", "manual"] + - ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] From db86f6aaf92b33bed3fb0d8da9535b353cb28ee4 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:32:22 +0000 Subject: [PATCH 60/65] C++: Fix annotation. --- cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 9a57fd604a5e..0e70a101620f 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -785,7 +785,7 @@ void test_CSimpleMap() { { CSimpleMap a; auto pos = a.FindKey("hello"); - sink(a.GetValueAt(pos)); // $ MISSING: ir + sink(a.GetValueAt(pos)); // clean } { CSimpleMap a; From 674dbce36d71d284790d6ecc1864a7887424d835 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:38:37 +0000 Subject: [PATCH 61/65] C++: Add taint flow through 'CRegKey::Create'. --- cpp/ql/lib/ext/CRegKey.model.yml | 1 + .../dataflow/external-models/flow.expected | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index 45114347ee0d..84d85c40a018 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -5,6 +5,7 @@ extensions: data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 81a9c605f005..137642d522a4 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:800 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:798 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:799 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:799 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:800 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | From 7f87a25768dbd14718079766f91d04b45560abb8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:41:14 +0000 Subject: [PATCH 62/65] C++: Fix 'QueryMultiStringValue' model. --- cpp/ql/lib/ext/CRegKey.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index 84d85c40a018..a68a360afc09 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -9,7 +9,7 @@ extensions: - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] From 184dfc24b9e199859db493dbd58c59f307d4ac1c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 13:42:39 +0000 Subject: [PATCH 63/65] C++: Fix 'QueryStringValue' model. --- cpp/ql/lib/ext/CRegKey.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index a68a360afc09..fd13291591dc 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -11,7 +11,7 @@ extensions: - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[**1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[**0]", "taint", "manual"] From 5f33733b6e87f06d155bda4114d8174b0b038c1c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 14:27:24 +0000 Subject: [PATCH 64/65] C++: Fix 'QueryValue' model. --- cpp/ql/lib/ext/CRegKey.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index fd13291591dc..6b3da2adfb7c 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -14,7 +14,7 @@ extensions: - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[**0]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "operator HKEY", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file From 8bdd10c0c23ccb3419002fa19f295be465feb4a8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 9 Dec 2024 14:31:17 +0000 Subject: [PATCH 65/65] C++: Fix spurious columns in 'CRegKey'. --- cpp/ql/lib/ext/CRegKey.model.yml | 6 +++--- .../dataflow/external-models/validatemodels.expected | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml index 6b3da2adfb7c..1cf2a7d67733 100644 --- a/cpp/ql/lib/ext/CRegKey.model.yml +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -15,6 +15,6 @@ extensions: - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "operator HKEY", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - - ["", "CRegKey", True, "QueryValue", "operator=", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file + - ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 423e238ecd7e..b2c54e67c2ff 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -1,4 +1,5 @@ | Dubious member name "operator BSTR" in summary model. | +| Dubious member name "operator HKEY" in summary model. | | Dubious member name "operator LPCSTR" in summary model. | | Dubious member name "operator LPSAFEARRAY" in summary model. | | Dubious member name "operator LPSTR" in summary model. | @@ -44,5 +45,3 @@ | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. | | Dubious signature "(vector &&)" in summary model. | | Dubious signature "(vector &&,const Allocator &)" in summary model. | -| Dubious signature "operator HKEY" in summary model. | -| Dubious signature "operator=" in summary model. |