diff --git a/cpp/ql/lib/ext/CA2CAEX.model.yml b/cpp/ql/lib/ext/CA2CAEX.model.yml new file mode 100644 index 000000000000..ee1d53a537cb --- /dev/null +++ b/cpp/ql/lib/ext/CA2CAEX.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(UINT)", "", "Argument[0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["", "_U_STRINGorID", True, "_U_STRINGorID", "(LPCTSTR)", "", "Argument[*0]", "Argument[-1].Field[*m_lpstr]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2AEX", True, "CA2AEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2AEX", True, "operator LPSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2CAEX", True, "CA2CAEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2CAEX", True, "operator LPCSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[*m_psz]", "value", "manual"] + - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[*m_psz]", "ReturnValue[*]", "value", "manual"] + - ["", "CA2WEX", True, "CA2WEX", "", "", "Argument[*0]", "Argument[-1].Field[m_szBuffer]", "value", "manual"] + - ["", "CA2WEX", True, "operator LPWSTR", "", "", "Argument[-1].Field[m_szBuffer]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CAtlArray.model.yml b/cpp/ql/lib/ext/CAtlArray.model.yml new file mode 100644 index 000000000000..29afc0c99598 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlArray.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlArray", True, "Add", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "Append", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "Copy", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlArray", True, "InsertArrayAt", "", "", "Argument[*1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "InsertAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "SetAt", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "SetAtGrow", "", "", "Argument[@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlFile.model.yml b/cpp/ql/lib/ext/CAtlFile.model.yml new file mode 100644 index 000000000000..03584d62f037 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlFile.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlFile", True, "CAtlFile", "(CAtlFile &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CAtlFile", True, "CAtlFile", "(HANDLE)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml new file mode 100644 index 000000000000..dcf9fd6ca70d --- /dev/null +++ b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlFileMappingBase", True, "CAtlFileMappingBase", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CAtlFileMappingBase", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "GetData", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "GetHandle", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "MapFile", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlList.model.yml b/cpp/ql/lib/ext/CAtlList.model.yml new file mode 100644 index 000000000000..6d952f2ca133 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlList.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlList", True, "AddHead", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddHeadList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddTail", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "AddTailList", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "GetAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "GetHead", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "GetTail", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CAtlList", True, "InsertAfter", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "InsertBefore", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CAtlList", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml new file mode 100644 index 000000000000..71a05266a2d3 --- /dev/null +++ b/cpp/ql/lib/ext/CAtlTemporaryFile.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CAtlTemporaryFile", True, "Create", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CAtlTemporaryFile", True, "Read", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CAtlTemporaryFile", True, "Write", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CComBSTR.model.yml b/cpp/ql/lib/ext/CComBSTR.model.yml new file mode 100644 index 000000000000..d31f3e36a512 --- /dev/null +++ b/cpp/ql/lib/ext/CComBSTR.model.yml @@ -0,0 +1,33 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CComBSTR", True, "CComBSTR", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(int,LPCSTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(int,LPCOLESTR)", "", "Argument[*1]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "CComBSTR", "(CComBSTR &&)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "Append", "(const CComBSTR &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCOLESTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "Append", "(LPCOLESTR,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "AppendBytes", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "AppendBSTR", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "ArrayToBSTR", "", "", "Argument[*0].Field[*pvData]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "AssignBSTR", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "Attach", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComBSTR", True, "BSTRToArray", "", "", "Argument[-1]", "Argument[**0].Field[*pvData]", "value", "manual"] + - ["", "CComBSTR", True, "Copy", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CComBSTR", True, "CopyTo", "", "", "Argument[-1]", "Argument[*0]", "value", "manual"] + - ["", "CComBSTR", True, "LoadString", "(HINSTANCE,UINT)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "LoadString", "(UINT)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "ReadFromStream", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CComBSTR", True, "WriteToStream", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CComBSTR", True, "operator BSTR", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CComBSTR", True, "operator&", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CComBSTR", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CComSafeArray.model.yml b/cpp/ql/lib/ext/CComSafeArray.model.yml new file mode 100644 index 000000000000..61aec61e7d2b --- /dev/null +++ b/cpp/ql/lib/ext/CComSafeArray.model.yml @@ -0,0 +1,26 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CComSafeArray", True, "CComSafeArray", "(const CComSafeArray &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY &)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CComSafeArray", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "Add", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "Add", "(const T &,BOOL)", "", "Argument[*@0]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "Attach", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CopyFrom", "", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "CopyTo", "", "", "Argument[-1].Field[*m_psa]", "Argument[*0]", "value", "manual"] + - ["", "CComSafeArray", True, "GetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["", "CComSafeArray", True, "GetLowerBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComSafeArray", True, "GetSafeArrayPtr", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "GetUpperBound", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CComSafeArray", True, "MultiDimGetAt", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "Argument[*@1]", "value", "manual"] + - ["", "CComSafeArray", True, "MultiDimSetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Field[*m_psa].Field[*@pvData]", "value", "manual"] + - ["", "CComSafeArray", True, "operator LPSAFEARRAY", "", "", "Argument[-1].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "operator[]", "", "", "Argument[-1].Field[*m_psa].Field[*@pvData]", "ReturnValue[*@]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "ReturnValue[*]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const CComSafeArray &)", "", "Argument[*0].Field[*m_psa]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "Argument[-1].Field[*m_psa]", "value", "manual"] + - ["", "CComSafeArray", True, "operator=", "(const SAFEARRAY *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CPathT.model.yml b/cpp/ql/lib/ext/CPathT.model.yml new file mode 100644 index 000000000000..870e7ac55360 --- /dev/null +++ b/cpp/ql/lib/ext/CPathT.model.yml @@ -0,0 +1,23 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CPathT", True, "CPathT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CPathT", True, "AddExtension", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Combine", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "Combine", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["", "CPathT", True, "CommonPrefix", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CPathT", True, "GetExtension", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + - ["", "CPathT", True, "RelativePathTo", "", "", "Argument[*2]", "ReturnValue[-1]", "taint", "manual"] + - ["", "CPathT", True, "RenameExtension", "", "", "Argument[*0]", "ReturnValue[-1]", "taint", "manual"] + # Note: These don't work currently since we cannot use the template parameter in the name of the function + # - ["", "CPathT", True, "operator const T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + # - ["", "CPathT", True, "operator T &", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CPathT", True, "operator+=", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] diff --git a/cpp/ql/lib/ext/CRegKey.model.yml b/cpp/ql/lib/ext/CRegKey.model.yml new file mode 100644 index 000000000000..1cf2a7d67733 --- /dev/null +++ b/cpp/ql/lib/ext/CRegKey.model.yml @@ -0,0 +1,20 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CRegKey", True, "CRegKey", "(CRegKey &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CRegKey", True, "CRegKey", "(HKEY)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "Create", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "Attach", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryBinaryValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryDWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryMultiStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryQWORDValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryStringValue", "", "", "Argument[*0]", "Argument[*1]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(LPCTSTR,DWORD *,void *,ULONG *)", "", "Argument[*0]", "Argument[*2]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(DWORD &,LPCTSTR)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["", "CRegKey", True, "QueryValue", "(LPTSTR,LPCTSTR,DWORD *)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["", "CRegKey", True, "operator HKEY", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CRegKey", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleArray.model.yml b/cpp/ql/lib/ext/CSimpleArray.model.yml new file mode 100644 index 000000000000..8daae929651e --- /dev/null +++ b/cpp/ql/lib/ext/CSimpleArray.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CSimpleArray", True, "CSimpleArray", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "Add", "", "", "Argument[*0]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "GetData", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleArray", True, "SetAtIndex", "", "", "Argument[*1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleArray", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleMap.model.yml b/cpp/ql/lib/ext/CSimpleMap.model.yml new file mode 100644 index 000000000000..814e814228ed --- /dev/null +++ b/cpp/ql/lib/ext/CSimpleMap.model.yml @@ -0,0 +1,12 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CSimpleMap", True, "Add", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "GetValueAt", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleMap", True, "Lookup", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] + - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CUrl.model.yml b/cpp/ql/lib/ext/CUrl.model.yml new file mode 100644 index 000000000000..3a4f8fe2ff5a --- /dev/null +++ b/cpp/ql/lib/ext/CUrl.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CUrl", True, "CUrl", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CUrl", True, "CrackUrl", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "CreateUrl", "", "", "Argument[-1]", "Argument[*0]", "taint", "manual"] + - ["", "CUrl", True, "GetExtraInfo", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetHostName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetPassword", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetSchemeName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetUrlPath", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "GetUserName", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CUrl", True, "SetExtraInfo", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetHostName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetPassword", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 49610b7c85b6..d234dbc8e3ab 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -434,18 +434,48 @@ private predicate elementSpec( summaryModel(namespace, type, subtypes, name, signature, ext, _, _, _, _, _) } +/** + * Holds if `c` is an instantiation of a class template `templateClass`, or + * holds with `c = templateClass` if `c` is not an instantiation of any class + * template. + * + * This predicate is used instead of `Class.isConstructedFrom` (which only + * holds for template instantiations) in this file to allow for uniform + * treatment of non-templated classes and class template instantiations. + */ +private predicate isClassConstructedFrom(Class c, Class templateClass) { + c.isConstructedFrom(templateClass) + or + not c.isConstructedFrom(_) and c = templateClass +} + +/** + * Holds if `f` is an instantiation of a function template `templateFunc`, or + * holds with `f = templateFunc` if `f` is not an instantiation of any function + * template. + * + * This predicate is used instead of `Function.isConstructedFrom` (which only + * holds for template instantiations) in this file to allow for uniform + * treatment of non-templated classes and class template instantiations. + */ +private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { + f.isConstructedFrom(templateFunc) + or + not f.isConstructedFrom(_) and f = templateFunc +} + /** Gets the fully templated version of `f`. */ private Function getFullyTemplatedFunction(Function f) { not f.isFromUninstantiatedTemplate(_) and ( exists(Class c, Class templateClass, int i | - c.isConstructedFrom(templateClass) and + isClassConstructedFrom(c, templateClass) and f = c.getAMember(i) and result = templateClass.getCanonicalMember(i) ) or not exists(f.getDeclaringType()) and - f.isConstructedFrom(result) + isFunctionConstructedFrom(f, result) ) } @@ -489,7 +519,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining) { // If there is a declaring type then we start by expanding the function templates exists(Class template | - f.getDeclaringType().isConstructedFrom(template) and + isClassConstructedFrom(f.getDeclaringType(), template) and remaining = template.getNumberOfTemplateArguments() and result = getTypeNameWithoutFunctionTemplates(f, n, 0) ) @@ -501,7 +531,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining or exists(string mid, TemplateParameter tp, Class template | mid = getTypeNameWithoutClassTemplates(f, n, remaining + 1) and - f.getDeclaringType().isConstructedFrom(template) and + isClassConstructedFrom(f.getDeclaringType(), template) and tp = template.getTemplateArgument(remaining) and result = mid.replaceAll(tp.getName(), "class:" + remaining.toString()) ) @@ -742,6 +772,22 @@ private predicate elementSpecMatchesSignature( signatureMatches(func, signature, type, name, 0) } +/** + * Holds when `method` has name `nameWithoutArgs`, and gets the enclosing + * class of `method`. Unlike `method.getClassAndName` this predicate does + * not strip typedefs from the name when `method` is an `ConversionOperator`. + */ +bindingset[nameWithoutArgs] +pragma[inline_late] +private Class getClassAndNameImpl(Function method, string nameWithoutArgs) { + exists(string memberName | result = method.getClassAndName(memberName) | + nameWithoutArgs = "operator " + method.(ConversionOperator).getDestType() + or + not method instanceof ConversionOperator and + memberName = nameWithoutArgs + ) +} + /** * Holds if `classWithMethod` has `method` named `name` (excluding any * template parameters). @@ -751,7 +797,7 @@ pragma[inline_late] private predicate hasClassAndName(Class classWithMethod, Function method, string name) { exists(string nameWithoutArgs | parseAngles(name, nameWithoutArgs, _, "") and - classWithMethod = method.getClassAndName(nameWithoutArgs) + classWithMethod = getClassAndNameImpl(method, nameWithoutArgs) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/models/Models.qll b/cpp/ql/lib/semmle/code/cpp/models/Models.qll index f6776a623ffe..83bda3e2a44e 100644 --- a/cpp/ql/lib/semmle/code/cpp/models/Models.qll +++ b/cpp/ql/lib/semmle/code/cpp/models/Models.qll @@ -50,3 +50,10 @@ private import implementations.System private import implementations.StructuredExceptionHandling private import implementations.ZMQ private import implementations.Win32CommandExecution +private import implementations.CA2AEX +private import implementations.CComBSTR +private import implementations.CPathT +private import implementations.CAtlFile +private import implementations.CAtlFileMapping +private import implementations.CAtlTemporaryFile +private import implementations.CRegKey diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll new file mode 100644 index 000000000000..595b6e3bb3eb --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CA2AEX.qll @@ -0,0 +1,17 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** + * The `CA2AEX` (and related) classes from the Windows Active Template library. + */ +class Ca2Aex extends Class { + Ca2Aex() { this.hasGlobalName(["CA2AEX", "CA2CAEX", "CA2WEX"]) } +} + +private class Ca2AexTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + Ca2AexTaintInheritingContent() { + // The two members m_psz and m_szBuffer + this.getField().getDeclaringType() instanceof Ca2Aex + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll new file mode 100644 index 000000000000..6c01a29c539d --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFile.qll @@ -0,0 +1,17 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFile` class from Microsoft's Active Template Library. + */ +class CAtlFile extends Class { + CAtlFile() { this.hasGlobalName("CAtlFile") } +} + +private class CAtlFileRead extends MemberFunction, LocalFlowSourceFunction { + CAtlFileRead() { this.getClassAndName("Read") instanceof CAtlFile } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isParameterDeref(0) and + description = "string read by " + this.getName() + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll new file mode 100644 index 000000000000..85dae06806fb --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlFileMapping.qll @@ -0,0 +1,37 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFileMapping` class from Microsoft's Active Template Library. + */ +class CAtlFileMapping extends Class { + CAtlFileMapping() { this.hasGlobalName("CAtlFileMapping") } +} + +/** + * The `CAtlFileMappingBase` class from Microsoft's Active Template Library. + */ +class CAtlFileMappingBase extends Class { + CAtlFileMappingBase() { this.hasGlobalName("CAtlFileMappingBase") } +} + +private class CAtlFileMappingBaseGetData extends MemberFunction, LocalFlowSourceFunction { + CAtlFileMappingBaseGetData() { + this.getClassAndName("GetData") = any(CAtlFileMappingBase fileMaping).getADerivedClass*() + } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isReturnValueDeref(1) and + description = "data read by " + this.getName() + } +} + +private class CAtlFileMappingGetData extends MemberFunction, LocalFlowSourceFunction { + CAtlFileMappingGetData() { + this.(ConversionOperator).getDeclaringType() instanceof CAtlFileMapping + } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isReturnValueDeref(1) and + description = "data read by " + this.getName() + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll new file mode 100644 index 000000000000..cc3a36d0fbd7 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CAtlTemporaryFile.qll @@ -0,0 +1,17 @@ +import semmle.code.cpp.models.interfaces.FlowSource + +/** + * The `CAtlFile` class from Microsoft's Active Template Library. + */ +class CAtlTemporaryFile extends Class { + CAtlTemporaryFile() { this.hasGlobalName("CAtlTemporaryFile") } +} + +private class CAtlTemporaryFileRead extends MemberFunction, LocalFlowSourceFunction { + CAtlTemporaryFileRead() { this.getClassAndName("Read") instanceof CAtlTemporaryFile } + + override predicate hasLocalFlowSource(FunctionOutput output, string description) { + output.isParameterDeref(0) and + description = "string read by " + this.getName() + } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll new file mode 100644 index 000000000000..55d18a52ae45 --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CComBSTR.qll @@ -0,0 +1,16 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CComBSTR` class from the Microsoft "Active Template Library". */ +class CcomBstr extends Class { + CcomBstr() { this.hasGlobalName("CComBSTR") } +} + +private class Mstr extends Field { + Mstr() { this.getDeclaringType() instanceof CcomBstr and this.hasName("m_str") } +} + +private class MstrTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + MstrTaintInheritingContent() { this.getField() instanceof Mstr } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll new file mode 100644 index 000000000000..b2fe3a363c7c --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CPathT.qll @@ -0,0 +1,16 @@ +private import cpp +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CPathT` class from the Microsoft "Active Template Library". */ +class CPathT extends Class { + CPathT() { this.hasGlobalName("CPathT") } +} + +private class MStrPath extends Field { + MStrPath() { this.getDeclaringType() instanceof CPathT and this.hasName("m_strPath") } +} + +private class MStrPathTaintInheritingContent extends TaintInheritingContent, DataFlow::FieldContent { + MStrPathTaintInheritingContent() { this.getField() instanceof MStrPath } +} diff --git a/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll new file mode 100644 index 000000000000..e6d1a5ba09ec --- /dev/null +++ b/cpp/ql/lib/semmle/code/cpp/models/implementations/CRegKey.qll @@ -0,0 +1,87 @@ +private import cpp +private import semmle.code.cpp.models.interfaces.FlowSource +private import semmle.code.cpp.ir.dataflow.FlowSteps +private import semmle.code.cpp.dataflow.new.DataFlow + +/** The `CRegKey` class from the Microsoft "Active Template Library". */ +class CRegKey extends Class { + CRegKey() { this.hasGlobalName("CRegKey") } +} + +module CRegKey { + /** The `m_hKey` member on a object of type `CRegKey`. */ + class MhKey extends Field { + MhKey() { + this.getDeclaringType() instanceof CRegKey and + this.getName() = "m_hKey" + } + } + + private class MhKeyPathTaintInheritingContent extends TaintInheritingContent, + DataFlow::FieldContent + { + MhKeyPathTaintInheritingContent() { this.getField() instanceof MhKey } + } + + private class CRegKeyMemberFunction extends MemberFunction { + string name; + + CRegKeyMemberFunction() { this.getClassAndName(name) instanceof CRegKey } + } + + abstract private class CRegKeyFlowSource extends CRegKeyMemberFunction, LocalFlowSourceFunction { + FunctionOutput output; + + final override predicate hasLocalFlowSource(FunctionOutput output_, string description) { + output_ = output and + description = "registry string read by " + name + } + } + + /** The `CRegKey::QueryBinaryValue` function from Win32. */ + class QueryBinaryValue extends CRegKeyFlowSource { + QueryBinaryValue() { name = "QueryBinaryValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryDWORDValue` function from Win32. */ + class QueryDwordValue extends CRegKeyFlowSource { + QueryDwordValue() { name = "QueryDWORDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryGUIDValue` function from Win32. */ + class QueryGuidValue extends CRegKeyFlowSource { + QueryGuidValue() { name = "QueryGUIDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryMultiStringValue` function from Win32. */ + class QueryMultiStringValue extends CRegKeyFlowSource { + QueryMultiStringValue() { name = "QueryMultiStringValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryQWORDValue` function from Win32. */ + class QueryQwordValue extends CRegKeyFlowSource { + QueryQwordValue() { name = "QueryQWORDValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryStringValue` function from Win32. */ + class QueryStringValue extends CRegKeyFlowSource { + QueryStringValue() { name = "QueryStringValue" and output.isParameterDeref(1) } + } + + /** The `CRegKey::QueryValue` function from Win32. */ + class QueryValue extends CRegKeyFlowSource { + QueryValue() { + name = "QueryValue" and + ( + this.getNumberOfParameters() = 4 and + output.isParameterDeref(2) + or + this.getNumberOfParameters() = 2 and + output.isParameterDeref(0) + or + this.getNumberOfParameters() = 3 and + output.isParameterDeref(0) + ) + } + } +} diff --git a/cpp/ql/src/change-notes/2024-11-27-active-template-library.md b/cpp/ql/src/change-notes/2024-11-27-active-template-library.md new file mode 100644 index 000000000000..a677ac661077 --- /dev/null +++ b/cpp/ql/src/change-notes/2024-11-27-active-template-library.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added dataflow models and flow sources for Microsoft's Active Template Library (ATL). \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index a3d09178f2c3..137642d522a4 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -11,14 +11,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:644 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:642 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:643 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:643 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:644 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 2e0a493585c6..b2c54e67c2ff 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -1,8 +1,28 @@ +| Dubious member name "operator BSTR" in summary model. | +| Dubious member name "operator HKEY" in summary model. | +| Dubious member name "operator LPCSTR" in summary model. | +| Dubious member name "operator LPSAFEARRAY" in summary model. | +| Dubious member name "operator LPSTR" in summary model. | +| Dubious member name "operator LPWSTR" in summary model. | +| Dubious member name "operator PCXSTR" in summary model. | +| Dubious member name "operator&" in summary model. | | Dubious member name "operator*" in summary model. | +| Dubious member name "operator+=" in summary model. | | Dubious member name "operator->" in summary model. | | Dubious member name "operator=" in summary model. | | Dubious member name "operator[]" in summary model. | +| Dubious signature "(CAtlFile &)" in summary model. | +| Dubious signature "(CComBSTR &&)" in summary model. | +| Dubious signature "(CRegKey &)" in summary model. | +| Dubious signature "(DWORD &,LPCTSTR)" in summary model. | | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | +| Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. | +| Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. | +| Dubious signature "(const CComBSTR &)" in summary model. | +| Dubious signature "(const CComSafeArray &)" in summary model. | +| Dubious signature "(const SAFEARRAY &)" in summary model. | +| Dubious signature "(const SAFEARRAY *)" in summary model. | +| Dubious signature "(const T &,BOOL)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | | Dubious signature "(const forward_list &)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp new file mode 100644 index 000000000000..7df5e3dc1a08 --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/source-sink-tests/atl.cpp @@ -0,0 +1,389 @@ +typedef void* HANDLE; +typedef long LONG; +typedef LONG HRESULT; +typedef const char* LPCTSTR; +typedef unsigned long DWORD; +typedef unsigned long ULONG; +typedef void* PVOID; +typedef void* LPVOID; +typedef bool BOOL; +typedef const void* LPCVOID; +typedef unsigned long long ULONGLONG; +typedef long long LONGLONG; +typedef unsigned long* ULONG_PTR; +typedef char *LPTSTR; +typedef DWORD* LPDWORD; +typedef ULONG REGSAM; +typedef DWORD SECURITY_INFORMATION, *PSECURITY_INFORMATION; +typedef PVOID PSECURITY_DESCRIPTOR; +typedef struct _GUID { + unsigned long Data1; + unsigned short Data2; + unsigned short Data3; + unsigned char Data4[8]; +} GUID; +typedef GUID* REFGUID; + +typedef struct _SECURITY_ATTRIBUTES { + DWORD nLength; + LPVOID lpSecurityDescriptor; + BOOL bInheritHandle; +} SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; + +typedef struct _FILETIME { + DWORD dwLowDateTime; + DWORD dwHighDateTime; +} FILETIME, *PFILETIME, *LPFILETIME; + +using size_t = decltype(sizeof(int)); +using SIZE_T = size_t; + +typedef struct _OVERLAPPED { + ULONG_PTR Internal; + ULONG_PTR InternalHigh; + union { + struct { + DWORD Offset; + DWORD OffsetHigh; + } DUMMYSTRUCTNAME; + PVOID Pointer; + } DUMMYUNIONNAME; + HANDLE hEvent; +} OVERLAPPED, *LPOVERLAPPED; + +using LPOVERLAPPED_COMPLETION_ROUTINE = void(DWORD, DWORD, LPOVERLAPPED); + +using HKEY = void*; + +class CAtlTransactionManager; + +class CHandle { + CHandle() throw(); + CHandle(CHandle& h) throw(); + explicit CHandle(HANDLE h) throw(); +}; + +struct CAtlFile : public CHandle { + CAtlFile() throw(); + CAtlFile(CAtlTransactionManager* pTM) throw(); + CAtlFile(CAtlFile& file) throw(); + explicit CAtlFile(HANDLE hFile) throw(); + + HRESULT Create( + LPCTSTR szFilename, + DWORD dwDesiredAccess, + DWORD dwShareMode, + DWORD dwCreationDisposition, + DWORD dwFlagsAndAttributes, + LPSECURITY_ATTRIBUTES lpsa, + HANDLE hTemplateFile) throw(); + + HRESULT Flush() throw(); + HRESULT GetOverlappedResult( + LPOVERLAPPED pOverlapped, + DWORD& dwBytesTransferred, + BOOL bWait + ) throw(); + + HRESULT GetPosition(ULONGLONG& nPos) const throw(); + HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Seek( + LONGLONG nOffset, + DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped, + LPOVERLAPPED_COMPLETION_ROUTINE pfnCompletionRoutine) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + LPOVERLAPPED pOverlapped) throw(); +}; + +void test_CAtlFile() { + CAtlFile catFile; + char buffer[1024]; + catFile.Read(buffer, 1024); // $ local_source +} + +struct CAtlFileMappingBase { + CAtlFileMappingBase(CAtlFileMappingBase& orig); + CAtlFileMappingBase() throw(); + ~CAtlFileMappingBase() throw(); + + HRESULT CopyFrom(CAtlFileMappingBase& orig) throw(); + void* GetData() const throw(); + HANDLE GetHandle() throw (); + SIZE_T GetMappingSize() throw(); + + HRESULT MapFile( + HANDLE hFile, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT MapSharedMem( + SIZE_T nMappingSize, + LPCTSTR szName, + BOOL* pbAlreadyExisted, + LPSECURITY_ATTRIBUTES lpsa, + DWORD dwMappingProtection, + DWORD dwViewDesiredAccess) throw(); + + HRESULT OpenMapping( + LPCTSTR szName, + SIZE_T nMappingSize, + ULONGLONG nOffset, + DWORD dwViewDesiredAccess) throw(); + + HRESULT Unmap() throw(); +}; + +template +struct CAtlFileMapping : public CAtlFileMappingBase { + operator T*() const throw(); +}; + +void test_CAtlFileMapping(CAtlFileMapping mapping) { + char* data = static_cast(mapping); // $ local_source + void* data2 = mapping.GetData(); // $ local_source +} + +struct CAtlTemporaryFile { + CAtlTemporaryFile() throw(); + ~CAtlTemporaryFile() throw(); + HRESULT Close(LPCTSTR szNewName) throw(); + HRESULT Create(LPCTSTR pszDir, DWORD dwDesiredAccess) throw(); + HRESULT Flush() throw(); + HRESULT GetPosition(ULONGLONG& nPos) const throw(); + HRESULT GetSize(ULONGLONG& nLen) const throw(); + HRESULT HandsOff() throw(); + HRESULT HandsOn() throw(); + HRESULT LockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Read( + LPVOID pBuffer, + DWORD nBufSize, + DWORD& nBytesRead) throw(); + HRESULT Seek(LONGLONG nOffset, DWORD dwFrom) throw(); + + HRESULT SetSize(ULONGLONG nNewLen) throw(); + LPCTSTR TempFileName() throw(); + HRESULT UnlockRange(ULONGLONG nPos, ULONGLONG nCount) throw(); + + HRESULT Write( + LPCVOID pBuffer, + DWORD nBufSize, + DWORD* pnBytesWritten) throw(); + operator HANDLE() throw(); +}; + +void test_CAtlTemporaryFile() { + CAtlTemporaryFile file; + char buffer[1024]; + DWORD bytesRead; + file.Read(buffer, 1024, bytesRead); // $ local_source +} + +struct CRegKey { + CRegKey() throw(); + CRegKey(CRegKey& key) throw(); + explicit CRegKey(HKEY hKey) throw(); + CRegKey(CAtlTransactionManager* pTM) throw(); + + ~CRegKey() throw(); + void Attach(HKEY hKey) throw(); + LONG Close() throw(); + + LONG Create( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPTSTR lpszClass, + DWORD dwOptions, + REGSAM samDesired, + LPSECURITY_ATTRIBUTES lpSecAttr, + LPDWORD lpdwDisposition) throw(); + + LONG DeleteSubKey(LPCTSTR lpszSubKey) throw(); + LONG DeleteValue(LPCTSTR lpszValue) throw(); + HKEY Detach() throw(); + + LONG EnumKey( + DWORD iIndex, + LPTSTR pszName, + LPDWORD pnNameLength, + FILETIME* pftLastWriteTime) throw(); + + LONG Flush() throw(); + + LONG GetKeySecurity( + SECURITY_INFORMATION si, + PSECURITY_DESCRIPTOR psd, + LPDWORD pnBytes) throw(); + + LONG NotifyChangeKeyValue( + BOOL bWatchSubtree, + DWORD dwNotifyFilter, + HANDLE hEvent, + BOOL bAsync) throw(); + + LONG Open( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + REGSAM samDesired) throw(); + + LONG QueryBinaryValue( + LPCTSTR pszValueName, + void* pValue, + ULONG* pnBytes) throw(); + + LONG QueryDWORDValue( + LPCTSTR pszValueName, + DWORD& dwValue) throw(); + + LONG QueryGUIDValue( + LPCTSTR pszValueName, + GUID& guidValue) throw(); + + LONG QueryMultiStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryQWORDValue( + LPCTSTR pszValueName, + ULONGLONG& qwValue) throw(); + + LONG QueryStringValue( + LPCTSTR pszValueName, + LPTSTR pszValue, + ULONG* pnChars) throw(); + + LONG QueryValue( + LPCTSTR pszValueName, + DWORD* pdwType, + void* pData, + ULONG* pnBytes) throw(); + + LONG QueryValue( + DWORD& dwValue, + LPCTSTR lpszValueName); + + LONG QueryValue( + LPTSTR szValue, + LPCTSTR lpszValueName, + DWORD* pdwCount); + + LONG RecurseDeleteKey(LPCTSTR lpszKey) throw(); + + LONG SetBinaryValue( + LPCTSTR pszValueName, + const void* pValue, + ULONG nBytes) throw(); + + LONG SetDWORDValue(LPCTSTR pszValueName, DWORD dwValue) throw(); + + LONG SetGUIDValue(LPCTSTR pszValueName, REFGUID guidValue) throw(); + + LONG SetKeySecurity(SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR psd) throw(); + + LONG SetKeyValue( + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName) throw(); + + LONG SetMultiStringValue(LPCTSTR pszValueName, LPCTSTR pszValue) throw(); + + LONG SetQWORDValue(LPCTSTR pszValueName, ULONGLONG qwValue) throw(); + + LONG SetStringValue( + LPCTSTR pszValueName, + LPCTSTR pszValue, + DWORD dwType) throw(); + + LONG SetValue( + LPCTSTR pszValueName, + DWORD dwType, + const void* pValue, + ULONG nBytes) throw(); + + static LONG SetValue( + HKEY hKeyParent, + LPCTSTR lpszKeyName, + LPCTSTR lpszValue, + LPCTSTR lpszValueName); + + LONG SetValue( + DWORD dwValue, + LPCTSTR lpszValueName); + + LONG SetValue( + LPCTSTR lpszValue, + LPCTSTR lpszValueName, + bool bMulti, + int nValueLen); + + operator HKEY() const throw(); + CRegKey& operator= (CRegKey& key) throw(); + + HKEY m_hKey; +}; + +void test_CRegKey() { + CRegKey key; + char data[1024]; + ULONG bytesRead; + key.QueryBinaryValue("foo", data, &bytesRead); // $ local_source + + DWORD value; + key.QueryDWORDValue("foo", value); // $ local_source + + GUID guid; + key.QueryGUIDValue("foo", guid); // $ local_source + + key.QueryMultiStringValue("foo", data, &bytesRead); // $ local_source + + ULONGLONG qword; + key.QueryQWORDValue("foo", qword); // $ local_source + + key.QueryStringValue("foo", data, &bytesRead); // $ local_source + + key.QueryValue(data, "foo", &bytesRead); // $ local_source + + DWORD type; + key.QueryValue("foo", &type, data, &bytesRead); // $ local_source + + DWORD value2; + key.QueryValue(value2, "foo"); // $ local_source +} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp new file mode 100644 index 000000000000..0e70a101620f --- /dev/null +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -0,0 +1,900 @@ +namespace { + template T source(); + template T* indirect_source(); + void sink(...); +} + +typedef unsigned int UINT; +typedef long LONG; +typedef void* LPVOID; +typedef void* PVOID; +typedef bool BOOL; +typedef char* PSTR, *LPSTR; +typedef const char* LPCTSTR; +typedef unsigned short WORD; +typedef unsigned long DWORD; +typedef void* HANDLE; +typedef LONG HRESULT; +typedef unsigned long ULONG; +typedef const char* LPCSTR; +typedef wchar_t OLECHAR; +typedef OLECHAR* LPOLESTR; +typedef const LPOLESTR LPCOLESTR; +typedef OLECHAR* BSTR; +typedef wchar_t* LPWSTR, *PWSTR; +typedef BSTR* LPBSTR; +typedef unsigned short USHORT; +typedef char *LPTSTR; +struct __POSITION { int unused; }; +typedef __POSITION* POSITION; +typedef WORD ATL_URL_PORT; + +enum ATL_URL_SCHEME{ + ATL_URL_SCHEME_UNKNOWN = -1, + ATL_URL_SCHEME_FTP = 0, + ATL_URL_SCHEME_GOPHER = 1, + ATL_URL_SCHEME_HTTP = 2, + ATL_URL_SCHEME_HTTPS = 3, + ATL_URL_SCHEME_FILE = 4, + ATL_URL_SCHEME_NEWS = 5, + ATL_URL_SCHEME_MAILTO = 6, + ATL_URL_SCHEME_SOCKS = 7 +}; + +using HINSTANCE = void*; +using size_t = decltype(sizeof(int)); +using SIZE_T = size_t; + +#define NULL nullptr + +typedef struct tagSAFEARRAYBOUND { + ULONG cElements; + LONG lLbound; +} SAFEARRAYBOUND, *LPSAFEARRAYBOUND; + +typedef struct tagVARIANT { + /* ... */ +} VARIANT; + +typedef struct tagSAFEARRAY { + USHORT cDims; + USHORT fFeatures; + ULONG cbElements; + ULONG cLocks; + PVOID pvData; + SAFEARRAYBOUND rgsabound[1]; +} SAFEARRAY, *LPSAFEARRAY; + +struct _U_STRINGorID { + _U_STRINGorID(UINT nID); + _U_STRINGorID(LPCTSTR lpString); + + LPCTSTR m_lpstr; +}; + +void test__U_STRINGorID() { + { + UINT x = source(); + _U_STRINGorID u(x); + sink(u.m_lpstr); // $ ir + } + + { + LPCTSTR y = indirect_source(); + _U_STRINGorID u(y); + sink(u.m_lpstr); // $ ir + } +} + +template +struct CA2AEX { + LPSTR m_psz; + char m_szBuffer[t_nBufferLength]; + + CA2AEX(LPCSTR psz, UINT nCodePage); + CA2AEX(LPCSTR psz); + + ~CA2AEX(); + + operator LPSTR() const throw(); +}; + +void test_CA2AEX() { + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir + } + + { + LPSTR x = indirect_source(); + CA2AEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_szBuffer); // $ ir + } +} + +template +struct CA2CAEX { + CA2CAEX(LPCSTR psz, UINT nCodePage) ; + CA2CAEX(LPCSTR psz) ; + ~CA2CAEX() throw(); + operator LPCSTR() const throw(); + LPCSTR m_psz; +}; + +void test_CA2CAEX() { + LPCSTR x = indirect_source(); + { + CA2CAEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } + { + CA2CAEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } +} + +template +struct CA2WEX { + CA2WEX(LPCSTR psz, UINT nCodePage) ; + CA2WEX(LPCSTR psz) ; + ~CA2WEX() throw(); + operator LPWSTR() const throw(); + LPWSTR m_psz; + wchar_t m_szBuffer[t_nBufferLength]; +}; + +void test_CA2WEX() { + LPCSTR x = indirect_source(); + { + CA2WEX<128> a(x); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } + { + CA2WEX<128> a(x, 0); + sink(static_cast(a)); // $ ir + sink(a.m_psz); // $ ir + sink(a.m_psz); // $ ir + } +} + +template +struct CElementTraitsBase { + typedef const T& INARGTYPE; + typedef T& OUTARGTYPE; + + static void CopyElements(T* pDest, const T* pSrc, size_t nElements); + static void RelocateElements(T* pDest, T* pSrc, size_t nElements); +}; + +template +struct CDefaultElementTraits : public CElementTraitsBase {}; + +template +struct CElementTraits : public CDefaultElementTraits {}; + +template> +struct CAtlArray { + using INARGTYPE = typename ETraits::INARGTYPE; + using OUTARGTYPE = typename ETraits::OUTARGTYPE; + + CAtlArray() throw(); + ~CAtlArray() throw(); + + size_t Add(INARGTYPE element); + size_t Add(); + size_t Append(const CAtlArray& aSrc); + void Copy(const CAtlArray& aSrc); + const E& GetAt(size_t iElement) const throw(); + E& GetAt(size_t iElement) throw(); + size_t GetCount() const throw(); + E* GetData() throw(); + const E* GetData() const throw(); + void InsertArrayAt(size_t iStart, const CAtlArray* paNew); + void InsertAt(size_t iElement, INARGTYPE element, size_t nCount); + bool IsEmpty() const throw(); + void RemoveAll() throw(); + void RemoveAt(size_t iElement, size_t nCount); + void SetAt(size_t iElement, INARGTYPE element); + void SetAtGrow(size_t iElement, INARGTYPE element); + bool SetCount(size_t nNewSize, int nGrowBy); + E& operator[](size_t ielement) throw(); + const E& operator[](size_t ielement) const throw(); +}; + +void test_CAtlArray() { + int x = source(); + + { + CAtlArray a; + a.Add(x); + sink(a[0]); // $ ir + a.Add(0); + sink(a[0]); // $ ir + + CAtlArray a2; + sink(a2[0]); + a2.Append(a); + sink(a2[0]); // $ ir + + CAtlArray a3; + sink(a3[0]); + a3.Copy(a2); + sink(a3[0]); // $ ir + + sink(a3.GetAt(0)); // $ ir + sink(*a3.GetData()); // $ ir + + CAtlArray a4; + sink(a4.GetAt(0)); + a4.InsertArrayAt(0, &a3); + sink(a4.GetAt(0)); // $ ir + } + { + CAtlArray a5; + a5.InsertAt(0, source(), 1); + sink(a5[0]); // $ ir + + CAtlArray a6; + a6.SetAtGrow(0, source()); + sink(a6[0]); // $ ir + } +} + +template> +struct CAtlList { + using INARGTYPE = typename ETraits::INARGTYPE; + CAtlList(UINT nBlockSize) throw(); + ~CAtlList() throw(); + POSITION AddHead(); + POSITION AddHead(INARGTYPE element); + void AddHeadList(const CAtlList* plNew); + POSITION AddTail(); + POSITION AddTail(INARGTYPE element); + void AddTailList(const CAtlList* plNew); + POSITION Find(INARGTYPE element, POSITION posStartAfter) const throw(); + POSITION FindIndex(size_t iElement) const throw(); + E& GetAt(POSITION pos) throw(); + const E& GetAt(POSITION pos) const throw(); + size_t GetCount() const throw(); + E& GetHead() throw(); + const E& GetHead() const throw(); + POSITION GetHeadPosition() const throw(); + E& GetNext(POSITION& pos) throw(); + const E& GetNext(POSITION& pos) const throw(); + E& GetPrev(POSITION& pos) throw(); + const E& GetPrev(POSITION& pos) const throw(); + E& GetTail() throw(); + const E& GetTail() const throw(); + POSITION GetTailPosition() const throw(); + POSITION InsertAfter(POSITION pos, INARGTYPE element); + POSITION InsertBefore(POSITION pos, INARGTYPE element); + bool IsEmpty() const throw(); + void MoveToHead(POSITION pos) throw(); + void MoveToTail(POSITION pos) throw(); + void RemoveAll() throw(); + void RemoveAt(POSITION pos) throw(); + E RemoveHead(); + void RemoveHeadNoReturn() throw(); + E RemoveTail(); + void RemoveTailNoReturn() throw(); + void SetAt(POSITION pos, INARGTYPE element); + void SwapElements(POSITION pos1, POSITION pos2) throw(); +}; + +void test_CAtlList() { + int x = source(); + { + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(x); + sink(list.GetHead()); // $ ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ ir + + CAtlList list3(10); + list3.AddTail(x); + sink(list3.GetHead()); // $ ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ ir + + { + CAtlList list5(10); + auto pos = list5.Find(x, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(x); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, x); + sink(list7.GetHead()); // $ ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, x); + sink(list8.GetHead()); // $ ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), x); + sink(list9.GetHead()); // $ ir + } + } + + int* p = indirect_source(); + { + CAtlList list(10); + sink(list.GetHead()); + list.AddHead(p); + sink(list.GetHead()); // $ ir + + CAtlList list2(10); + list2.AddHeadList(&list); + sink(list2.GetHead()); // $ ir + + CAtlList list3(10); + list3.AddTail(p); + sink(list3.GetHead()); // $ ir + + CAtlList list4(10); + list4.AddTailList(&list3); + sink(list4.GetHead()); // $ ir + + { + CAtlList list5(10); + auto pos = list5.Find(p, list5.GetHeadPosition()); + sink(list5.GetAt(pos)); // $ MISSING: ir + } + + { + CAtlList list6(10); + list6.AddHead(p); + auto pos = list6.FindIndex(0); + sink(list6.GetAt(pos)); // $ ir + } + + { + CAtlList list7(10); + auto pos = list7.GetTailPosition(); + list7.InsertAfter(pos, p); + sink(list7.GetHead()); // $ ir + } + + { + CAtlList list8(10); + auto pos = list8.GetTailPosition(); + list8.InsertBefore(pos, p); + sink(list8.GetHead()); // $ ir + } + { + CAtlList list9(10); + list9.SetAt(list9.GetHeadPosition(), p); + sink(list9.GetHead()); // $ ir + } + } +} + +struct IUnknown { }; + +struct ISequentialStream : public IUnknown { }; + +struct IStream : public ISequentialStream { }; + +struct CComBSTR { + CComBSTR() throw(); + CComBSTR(const CComBSTR& src); + CComBSTR(int nSize); + CComBSTR(int nSize, LPCOLESTR sz); + CComBSTR(int nSize, LPCSTR sz); + CComBSTR(LPCOLESTR pSrc); + CComBSTR(LPCSTR pSrc); + CComBSTR(CComBSTR&& src) throw(); + ~CComBSTR(); + + HRESULT Append(const CComBSTR& bstrSrc) throw(); + HRESULT Append(wchar_t ch) throw(); + HRESULT Append(char ch) throw(); + HRESULT Append(LPCOLESTR lpsz) throw(); + HRESULT Append(LPCSTR lpsz) throw(); + HRESULT Append(LPCOLESTR lpsz, int nLen) throw(); + HRESULT AppendBSTR(BSTR p) throw(); + HRESULT AppendBytes(const char* lpsz, int nLen) throw(); + HRESULT ArrayToBSTR(const SAFEARRAY* pSrc) throw(); + HRESULT AssignBSTR(const BSTR bstrSrc) throw(); + void Attach(BSTR src) throw(); + HRESULT BSTRToArray(LPSAFEARRAY* ppArray) throw(); + unsigned int ByteLength() const throw(); + BSTR Copy() const throw(); + HRESULT CopyTo(BSTR* pbstr) throw(); + + HRESULT CopyTo(VARIANT* pvarDest) throw(); + BSTR Detach() throw(); + void Empty() throw(); + unsigned int Length() const throw(); + bool LoadString(HINSTANCE hInst, UINT nID) throw(); + bool LoadString(UINT nID) throw(); + HRESULT ReadFromStream(IStream* pStream) throw(); + HRESULT ToUpper() throw(); + HRESULT WriteToStream(IStream* pStream) throw(); + + operator BSTR() const throw(); + BSTR* operator&() throw(); + + CComBSTR& operator+= (const CComBSTR& bstrSrc); + CComBSTR& operator+= (const LPCOLESTR pszSrc); + + BSTR m_str; +}; + +LPSAFEARRAY getSafeArray() { + SAFEARRAY* safe = new SAFEARRAY; + safe->pvData = indirect_source(); + return safe; +} + +void test_CComBSTR() { + char* x = indirect_source(); + { + CComBSTR b(x); + sink(b.m_str); // $ ir + + CComBSTR b2(b); + sink(b2.m_str); // $ ir + } + { + CComBSTR b(10, x); + sink(b.m_str); // $ ir + } + { + CComBSTR b(x); + + CComBSTR b2; + sink(b2.m_str); + b2 += b; + sink(b2.m_str); // $ ir + + CComBSTR b3; + b3 += x; + sink(b3.m_str); // $ ir + sink(static_cast(b3)); // $ ir + sink(**&b3); // $ ir + + CComBSTR b4; + b4.Append(source()); + sink(b4.m_str); // $ ir + + CComBSTR b5; + b5.AppendBSTR(b4.m_str); + sink(b5.m_str); // $ ir + + CComBSTR b6; + b6.AppendBytes(x, 10); + sink(b6.m_str); // $ ir + + CComBSTR b7; + b7.ArrayToBSTR(getSafeArray()); + sink(b7.m_str); // $ ir + + CComBSTR b8; + b8.AssignBSTR(b7.m_str); + sink(b8.m_str); // $ ir + + CComBSTR b9; + LPSAFEARRAY safe; + b9.Append(source()); + b9.BSTRToArray(&safe); + sink(safe->pvData); // $ ir + + sink(b9.Copy()); // $ ir + } + + wchar_t* w = indirect_source(); + { + CComBSTR b(w); + sink(b.m_str); // $ ir + + CComBSTR b2; + b2.Attach(w); + sink(b2.m_str); // $ ir + } + { + CComBSTR b(10, w); + sink(b.m_str); // $ ir + } +} + +template +struct CComSafeArray { + CComSafeArray(); + CComSafeArray(const SAFEARRAYBOUND& bound); + CComSafeArray(ULONG ulCount, LONG lLBound); + CComSafeArray(const SAFEARRAYBOUND* pBound, UINT uDims); + CComSafeArray(const CComSafeArray& saSrc); + CComSafeArray(const SAFEARRAY& saSrc); + CComSafeArray(const SAFEARRAY* psaSrc); + + ~CComSafeArray() throw(); + + HRESULT Add(const SAFEARRAY* psaSrc); + HRESULT Add(ULONG ulCount, const T* pT, BOOL bCopy); + HRESULT Add(const T& t, BOOL bCopy); + HRESULT Attach(const SAFEARRAY* psaSrc); + HRESULT CopyFrom(LPSAFEARRAY* ppArray); + HRESULT CopyTo(LPSAFEARRAY* ppArray); + HRESULT Create(const SAFEARRAYBOUND* pBound, UINT uDims); + HRESULT Create(ULONG ulCount, LONG lLBound); + HRESULT Destroy(); + LPSAFEARRAY Detach(); + T& GetAt(LONG lIndex) const; + ULONG GetCount(UINT uDim) const; + UINT GetDimensions() const; + LONG GetLowerBound(UINT uDim) const; + LPSAFEARRAY GetSafeArrayPtr() throw(); + LONG GetUpperBound(UINT uDim) const; + bool IsSizable() const; + HRESULT MultiDimGetAt(const LONG* alIndex, T& t); + HRESULT MultiDimSetAt(const LONG* alIndex, const T& t); + HRESULT Resize(const SAFEARRAYBOUND* pBound); + HRESULT Resize(ULONG ulCount, LONG lLBound); + HRESULT SetAt(LONG lIndex, const T& t, BOOL bCopy); + operator LPSAFEARRAY() const; + T& operator[](long lindex) const; + T& operator[](int nindex) const; + + LPSAFEARRAY m_psa; +}; + +void test_CComSafeArray() { + LPSAFEARRAY safe = getSafeArray(); + sink(safe->pvData); // $ ir + { + CComSafeArray c(safe); + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(c.m_psa->pvData); // $ ir + } + { + CComSafeArray c; + sink(c[0]); + sink(c.GetAt(0)); + sink(c.GetSafeArrayPtr()->pvData); + c.Add(safe); + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + sink(static_cast(c)->pvData); // $ ir + } + { + CComSafeArray c; + c.Add(source(), true); + sink(c[0]); // $ ir + sink(c.GetAt(0)); // $ ir + sink(c.GetSafeArrayPtr()->pvData); // $ ir + } + { + CComSafeArray c; + c.SetAt(0, source(), true); + sink(c[0]); // $ ir + sink(c[0L]); // $ ir + } +} + +template +struct CPathT { + typedef StringType PCXSTR; // simplified + CPathT(PCXSTR pszPath); + CPathT(const CPathT& path); + CPathT() throw(); + + void AddBackslash(); + BOOL AddExtension(PCXSTR pszExtension); + BOOL Append(PCXSTR pszMore); + void BuildRoot(int iDrive); + void Canonicalize(); + void Combine(PCXSTR pszDir, PCXSTR pszFile); + CPathT CommonPrefix(PCXSTR pszOther); + BOOL CompactPathEx(UINT nMaxChars, DWORD dwFlags); + BOOL FileExists() const; + int FindExtension() const; + int FindFileName() const; + int GetDriveNumber() const; + StringType GetExtension() const; + BOOL IsDirectory() const; + BOOL IsFileSpec() const; + BOOL IsPrefix(PCXSTR pszPrefix) const; + BOOL IsRelative() const; + BOOL IsRoot() const; + BOOL IsSameRoot(PCXSTR pszOther) const; + BOOL IsUNC() const; + BOOL IsUNCServer() const; + BOOL IsUNCServerShare() const; + BOOL MakePretty(); + BOOL MatchSpec(PCXSTR pszSpec) const; + void QuoteSpaces(); + BOOL RelativePathTo( + PCXSTR pszFrom, + DWORD dwAttrFrom, + PCXSTR pszTo, + DWORD dwAttrTo); + void RemoveArgs(); + void RemoveBackslash(); + void RemoveBlanks(); + void RemoveExtension(); + BOOL RemoveFileSpec(); + BOOL RenameExtension(PCXSTR pszExtension); + int SkipRoot() const; + void StripPath(); + BOOL StripToRoot(); + void UnquoteSpaces(); + operator const StringType&() const throw(); + operator PCXSTR() const throw(); + operator StringType&() throw(); + CPathT& operator+=(PCXSTR pszMore); + + StringType m_strPath; +}; + +using CPath = CPathT; + +void test_CPathT() { + char* x = indirect_source(); + CPath p(x); + sink(static_cast(p)); // $ MISSING: ir + sink(p.m_strPath); // $ ir + + CPath p2(p); + sink(p2.m_strPath); // $ ir + + { + CPath p; + p.AddExtension(x); + sink(p.m_strPath); // $ ir + } + { + CPath p; + p.Append(x); + sink(p.m_strPath); // $ ir + + CPath p2; + p2 += p; + sink(p2.m_strPath); // $ MISSING: ir // this requires flow through `operator StringType&()` which we can't yet model in MaD + + CPath p3; + p3 += x; + sink(p3.m_strPath); // $ ir + } + + { + CPath p; + p.Combine(x, nullptr); + sink(p.m_strPath); // $ ir + } + { + CPath p; + p.Combine(nullptr, x); + sink(p.m_strPath); // $ ir + } + + { + CPath p; + auto p2 = p.CommonPrefix(x); + sink(p2.m_strPath); // $ ir + sink(p2.GetExtension()); // $ ir + } +} + +template +struct CSimpleArray { + CSimpleArray(const CSimpleArray& src); + CSimpleArray(); + ~CSimpleArray(); + + BOOL Add(const T& t); + int Find(const T& t) const; + T* GetData() const; + int GetSize() const; + BOOL Remove(const T& t); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + + BOOL SetAtIndex( + int nIndex, + const T& t); + + T& operator[](int nindex); + CSimpleArray & operator=(const CSimpleArray& src); +}; + +void test_CSimpleArray() { + int x = source(); + { + CSimpleArray a; + a.Add(x); + sink(a[0]); // $ ir + a.Add(0); + sink(a[0]); // $ ir + + CSimpleArray a2; + sink(a2[0]); + a2 = a; + sink(a2[0]); // $ ir + } + { + CSimpleArray a; + a.Add(x); + sink(a.GetData()); // $ ir + + CSimpleArray a2; + int pos = a2.Find(x); + sink(a2[pos]); // $ MISSING: ir + } +} + +template +struct CSimpleMap { + CSimpleMap(); + ~CSimpleMap(); + + BOOL Add(const TKey& key, const TVal& val); + int FindKey(const TKey& key) const; + int FindVal(const TVal& val) const; + TKey& GetKeyAt(int nIndex) const; + int GetSize() const; + TVal& GetValueAt(int nIndex) const; + TVal Lookup(const TKey& key) const; + BOOL Remove(const TKey& key); + void RemoveAll(); + BOOL RemoveAt(int nIndex); + TKey ReverseLookup(const TVal& val) const; + BOOL SetAt(const TKey& key, const TVal& val); + BOOL SetAtIndex(int nIndex, const TKey& key, const TVal& val); +}; + +void test_CSimpleMap() { + wchar_t* x = source(); + { + CSimpleMap a; + a.Add("hello", x); + sink(a.Lookup("hello")); // $ ir + } + { + CSimpleMap a; + auto pos = a.FindKey("hello"); + sink(a.GetValueAt(pos)); // clean + } + { + CSimpleMap a; + auto pos = a.FindVal(x); + sink(a.GetValueAt(pos)); // $ MISSING: ir + } + { + CSimpleMap a; + auto key = a.ReverseLookup(x); + sink(key); + sink(a.Lookup(key)); // $ MISSING: ir + } + { + CSimpleMap a; + a.SetAt("hello", x); + sink(a.Lookup("hello")); // $ ir + } + { + CSimpleMap a; + a.SetAtIndex(0, "hello", x); + sink(a.Lookup("hello")); // $ ir + } +} + +struct CUrl { + CUrl& operator= (const CUrl& urlThat) throw(); + CUrl() throw(); + CUrl(const CUrl& urlThat) throw(); + ~CUrl() throw(); + + inline BOOL Canonicalize(DWORD dwFlags) throw(); + inline void Clear() throw(); + + BOOL CrackUrl(LPCTSTR lpszUrl, DWORD dwFlags) throw(); + inline BOOL CreateUrl(LPTSTR lpszUrl, DWORD* pdwMaxLength, DWORD dwFlags) const throw(); + + inline LPCTSTR GetExtraInfo() const throw(); + inline DWORD GetExtraInfoLength() const throw(); + inline LPCTSTR GetHostName() const throw(); + inline DWORD GetHostNameLength() const throw(); + inline LPCTSTR GetPassword() const throw(); + inline DWORD GetPasswordLength() const throw(); + inline ATL_URL_PORT GetPortNumber() const throw(); + inline ATL_URL_SCHEME GetScheme() const throw(); + inline LPCTSTR GetSchemeName() const throw(); + inline DWORD GetSchemeNameLength() const throw(); + inline DWORD GetUrlLength() const throw(); + inline LPCTSTR GetUrlPath() const throw(); + inline DWORD GetUrlPathLength() const throw(); + inline LPCTSTR GetUserName() const throw(); + inline DWORD GetUserNameLength() const throw(); + inline BOOL SetExtraInfo(LPCTSTR lpszInfo) throw(); + inline BOOL SetHostName(LPCTSTR lpszHost) throw(); + inline BOOL SetPassword(LPCTSTR lpszPass) throw(); + inline BOOL SetPortNumber(ATL_URL_PORT nPrt) throw(); + inline BOOL SetScheme(ATL_URL_SCHEME nScheme) throw(); + inline BOOL SetSchemeName(LPCTSTR lpszSchm) throw(); + inline BOOL SetUrlPath(LPCTSTR lpszPath) throw(); + inline BOOL SetUserName(LPCTSTR lpszUser) throw(); +}; + +void test_CUrl() { + char* x = indirect_source(); + CUrl url; + url.CrackUrl(x, 0); + sink(url); // $ ir + sink(url.GetExtraInfo()); // $ ir + sink(url.GetHostName()); // $ ir + sink(url.GetPassword()); // $ ir + sink(url.GetSchemeName()); // $ ir + sink(url.GetUrlPath()); // $ ir + sink(url.GetUserName()); // $ ir + + { + CUrl url2; + DWORD len; + char buffer[1024]; + url2.CrackUrl(x, 0); + url2.CreateUrl(buffer, &len, 0); + sink(buffer); // $ ast ir + } + { + CUrl url2; + url2.SetExtraInfo(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetHostName(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetPassword(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetSchemeName(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetUrlPath(x); + sink(url2); // $ ir + } + { + CUrl url2; + url2.SetUserName(x); + sink(url2); // $ ir + } +} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index b5ddf84747ae..d3ee7b7c0895 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -140,6 +140,812 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT | | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | | | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT | +| atl.cpp:33:30:33:30 | 1 | atl.cpp:33:29:33:30 | - ... | TAINT | +| atl.cpp:77:14:77:25 | call to source | atl.cpp:78:21:78:21 | x | | +| atl.cpp:78:21:78:21 | x | atl.cpp:78:21:78:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:78:21:78:22 | call to _U_STRINGorID | atl.cpp:79:10:79:10 | u | | +| atl.cpp:83:17:83:43 | call to indirect_source | atl.cpp:84:21:84:21 | y | | +| atl.cpp:84:21:84:21 | y | atl.cpp:84:21:84:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:84:21:84:22 | call to _U_STRINGorID | atl.cpp:85:10:85:10 | u | | +| atl.cpp:104:15:104:35 | call to indirect_source | atl.cpp:105:19:105:19 | x | | +| atl.cpp:105:19:105:19 | x | atl.cpp:105:19:105:20 | call to CA2AEX | TAINT | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:106:29:106:29 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | | +| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:109:3:109:3 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:107:10:107:10 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:108:10:108:10 | a | | +| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:109:3:109:3 | a | | +| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:10:108:10 | a | | +| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:109:3:109:3 | a | | +| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:3:109:3 | a | | +| atl.cpp:112:15:112:35 | call to indirect_source | atl.cpp:113:19:113:19 | x | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:114:29:114:29 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | | +| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:117:3:117:3 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:115:10:115:10 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:116:10:116:10 | a | | +| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:117:3:117:3 | a | | +| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:10:116:10 | a | | +| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:117:3:117:3 | a | | +| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:3:117:3 | a | | +| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:132:20:132:20 | x | | +| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:138:20:138:20 | x | | +| atl.cpp:132:20:132:20 | x | atl.cpp:132:20:132:21 | call to CA2CAEX | TAINT | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:133:30:133:30 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | | +| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:136:3:136:3 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:139:30:139:30 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | | +| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:142:3:142:3 | a | | +| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:158:19:158:19 | x | | +| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:164:19:164:19 | x | | +| atl.cpp:158:19:158:19 | x | atl.cpp:158:19:158:20 | call to CA2WEX | TAINT | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:159:30:159:30 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | | +| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:162:3:162:3 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:160:10:160:10 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:161:10:161:10 | a | | +| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:162:3:162:3 | a | | +| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:10:161:10 | a | | +| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:162:3:162:3 | a | | +| atl.cpp:160:12:160:16 | ref arg m_psz | atl.cpp:161:12:161:16 | m_psz | | +| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:3:162:3 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:165:30:165:30 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | | +| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:168:3:168:3 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:166:10:166:10 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:167:10:167:10 | a | | +| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:168:3:168:3 | a | | +| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:10:167:10 | a | | +| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:168:3:168:3 | a | | +| atl.cpp:166:12:166:16 | ref arg m_psz | atl.cpp:167:12:167:16 | m_psz | | +| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:3:168:3 | a | | +| atl.cpp:216:11:216:21 | call to source | atl.cpp:220:11:220:11 | x | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:220:5:220:5 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:221:10:221:10 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:222:5:222:5 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:223:10:223:10 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:227:15:227:15 | a | | +| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:242:3:242:3 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:221:10:221:10 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:222:5:222:5 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:222:5:222:5 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:223:10:223:10 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:227:15:227:15 | a | | +| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:242:3:242:3 | a | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:226:10:226:11 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:227:5:227:6 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:227:5:227:6 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | +| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:231:10:231:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:232:5:232:6 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:232:5:232:6 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | +| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | +| atl.cpp:236:14:236:20 | call to GetData | atl.cpp:236:10:236:22 | * ... | TAINT | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:239:10:239:11 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:240:5:240:6 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:240:5:240:6 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | +| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:240:26:240:27 | a3 | atl.cpp:240:25:240:27 | & ... | | +| atl.cpp:241:10:241:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:245:5:245:6 | a5 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:246:10:246:11 | a5 | | +| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:246:10:246:11 | a5 | | +| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:246:10:246:11 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:249:5:249:6 | a6 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:250:10:250:11 | a6 | | +| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:250:10:250:11 | a6 | | +| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:250:10:250:11 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:300:18:300:18 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:308:19:308:19 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:317:29:317:29 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:323:21:323:21 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | | +| atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | | +| atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:301:10:301:13 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:304:24:304:27 | list | | +| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:346:3:346:3 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:300:5:300:8 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:301:10:301:13 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:301:10:301:13 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:304:24:304:27 | list | | +| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:346:3:346:3 | list | | +| atl.cpp:303:25:303:26 | 10 | atl.cpp:303:25:303:27 | call to CAtlList | TAINT | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:304:5:304:9 | list2 | | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:305:10:305:14 | list2 | | +| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:305:10:305:14 | list2 | | +| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:304:24:304:27 | list | atl.cpp:304:23:304:27 | & ... | | +| atl.cpp:305:10:305:14 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | +| atl.cpp:307:25:307:26 | 10 | atl.cpp:307:25:307:27 | call to CAtlList | TAINT | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:308:5:308:9 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:309:10:309:14 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:309:10:309:14 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | +| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | +| atl.cpp:311:25:311:26 | 10 | atl.cpp:311:25:311:27 | call to CAtlList | TAINT | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:312:5:312:9 | list4 | | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:313:10:313:14 | list4 | | +| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:313:10:313:14 | list4 | | +| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:312:24:312:28 | list3 | atl.cpp:312:23:312:28 | & ... | | +| atl.cpp:313:10:313:14 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | +| atl.cpp:316:27:316:28 | 10 | atl.cpp:316:27:316:29 | call to CAtlList | TAINT | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:18:317:22 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:32:317:36 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:317:24:317:27 | call to Find | atl.cpp:318:24:318:26 | pos | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:317:18:317:22 | list5 | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | +| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:318:12:318:16 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | +| atl.cpp:322:27:322:28 | 10 | atl.cpp:322:27:322:29 | call to CAtlList | TAINT | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:323:7:323:11 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:324:18:324:22 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:324:18:324:22 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | +| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:324:24:324:32 | call to FindIndex | atl.cpp:325:24:325:26 | pos | | +| atl.cpp:325:12:325:16 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | +| atl.cpp:329:27:329:28 | 10 | atl.cpp:329:27:329:29 | call to CAtlList | TAINT | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:330:18:330:22 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:331:7:331:11 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:331:7:331:11 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:330:24:330:38 | call to GetTailPosition | atl.cpp:331:25:331:27 | pos | | +| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | +| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:332:12:332:16 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | +| atl.cpp:336:27:336:28 | 10 | atl.cpp:336:27:336:29 | call to CAtlList | TAINT | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:337:18:337:22 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:338:7:338:11 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:338:7:338:11 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:337:24:337:38 | call to GetTailPosition | atl.cpp:338:26:338:28 | pos | | +| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | +| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:339:12:339:16 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | +| atl.cpp:342:27:342:28 | 10 | atl.cpp:342:27:342:29 | call to CAtlList | TAINT | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:7:343:11 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:19:343:23 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:343:7:343:11 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | +| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:352:18:352:18 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:360:19:360:19 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:369:29:369:29 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:375:21:375:21 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:383:30:383:30 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:390:31:390:31 | p | | +| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:395:44:395:44 | p | | +| atl.cpp:350:25:350:26 | 10 | atl.cpp:350:25:350:27 | call to CAtlList | TAINT | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:351:10:351:13 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:352:5:352:8 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:353:10:353:13 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:356:24:356:27 | list | | +| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:398:3:398:3 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:353:10:353:13 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | | +| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | | +| atl.cpp:355:26:355:27 | 10 | atl.cpp:355:26:355:28 | call to CAtlList | TAINT | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | | +| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | | +| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | | +| atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | +| atl.cpp:359:26:359:27 | 10 | atl.cpp:359:26:359:28 | call to CAtlList | TAINT | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | +| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | +| atl.cpp:363:26:363:27 | 10 | atl.cpp:363:26:363:28 | call to CAtlList | TAINT | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | | +| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | | +| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | | +| atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | +| atl.cpp:368:28:368:29 | 10 | atl.cpp:368:28:368:30 | call to CAtlList | TAINT | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:369:18:369:22 | list5 | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | +| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | +| atl.cpp:374:28:374:29 | 10 | atl.cpp:374:28:374:30 | call to CAtlList | TAINT | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | +| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | | +| atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | +| atl.cpp:381:28:381:29 | 10 | atl.cpp:381:28:381:30 | call to CAtlList | TAINT | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:382:24:382:38 | call to GetTailPosition | atl.cpp:383:25:383:27 | pos | | +| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | +| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | +| atl.cpp:388:28:388:29 | 10 | atl.cpp:388:28:388:30 | call to CAtlList | TAINT | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:389:24:389:38 | call to GetTailPosition | atl.cpp:390:26:390:28 | pos | | +| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | +| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | +| atl.cpp:394:28:394:29 | 10 | atl.cpp:394:28:394:30 | call to CAtlList | TAINT | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | +| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:396:12:396:16 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | +| atl.cpp:454:21:454:33 | new | atl.cpp:455:3:455:6 | safe | | +| atl.cpp:454:21:454:33 | new | atl.cpp:456:10:456:13 | safe | | +| atl.cpp:455:3:455:6 | safe [post update] | atl.cpp:456:10:456:13 | safe | | +| atl.cpp:455:3:455:40 | ... = ... | atl.cpp:455:9:455:14 | pvData [post update] | | +| atl.cpp:455:18:455:38 | call to indirect_source | atl.cpp:455:3:455:40 | ... = ... | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:462:16:462:16 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:469:20:469:20 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:473:16:473:16 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:481:11:481:11 | x | | +| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:495:20:495:20 | x | | +| atl.cpp:462:16:462:16 | x | atl.cpp:462:16:462:17 | call to CComBSTR | TAINT | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:463:10:463:10 | b | | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:465:17:465:17 | b | | +| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:467:3:467:3 | b | | +| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:465:17:465:17 | b | | +| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:467:3:467:3 | b | | +| atl.cpp:463:12:463:16 | ref arg m_str | atl.cpp:466:13:466:17 | m_str | | +| atl.cpp:465:17:465:17 | b | atl.cpp:465:17:465:18 | call to CComBSTR | | +| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:466:10:466:11 | b2 | | +| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:467:3:467:3 | b2 | | +| atl.cpp:466:10:466:11 | b2 [post update] | atl.cpp:467:3:467:3 | b2 | | +| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:470:10:470:10 | b | | +| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:471:3:471:3 | b | | +| atl.cpp:470:10:470:10 | b [post update] | atl.cpp:471:3:471:3 | b | | +| atl.cpp:473:16:473:16 | x | atl.cpp:473:16:473:17 | call to CComBSTR | TAINT | +| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:477:11:477:11 | b | | +| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:513:3:513:3 | b | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:476:10:476:11 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:477:5:477:6 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:477:5:477:6 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:476:13:476:17 | ref arg m_str | atl.cpp:478:13:478:17 | m_str | | +| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:478:10:478:11 | b2 | | +| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:478:10:478:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:481:5:481:6 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:482:10:482:11 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:482:10:482:11 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:481:11:481:11 | x | atl.cpp:481:11:481:11 | call to CComBSTR | TAINT | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:483:28:483:29 | b3 | | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | +| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:484:11:484:14 | * ... | atl.cpp:484:10:484:14 | * ... | TAINT | +| atl.cpp:484:12:484:12 | call to operator& | atl.cpp:484:11:484:14 | * ... | TAINT | +| atl.cpp:484:13:484:14 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:487:5:487:6 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:488:10:488:11 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:488:10:488:11 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:491:19:491:20 | b4 | | +| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:488:13:488:17 | ref arg m_str | atl.cpp:491:22:491:26 | m_str | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:491:5:491:6 | b5 | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:492:10:492:11 | b5 | | +| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:492:10:492:11 | b5 | | +| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:491:19:491:20 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | +| atl.cpp:492:10:492:11 | b5 [post update] | atl.cpp:513:3:513:3 | b5 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:495:5:495:6 | b6 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:496:10:496:11 | b6 | | +| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:496:10:496:11 | b6 | | +| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:496:10:496:11 | b6 [post update] | atl.cpp:513:3:513:3 | b6 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:499:5:499:6 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:500:10:500:11 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:500:10:500:11 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:503:19:503:20 | b7 | | +| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:500:13:500:17 | ref arg m_str | atl.cpp:503:22:503:26 | m_str | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:503:5:503:6 | b8 | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:504:10:504:11 | b8 | | +| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:504:10:504:11 | b8 | | +| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:503:19:503:20 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | +| atl.cpp:504:10:504:11 | b8 [post update] | atl.cpp:513:3:513:3 | b8 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe | | +| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:509:21:509:24 | safe [inner post update] | | +| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:510:10:510:13 | safe | | +| atl.cpp:509:21:509:24 | safe | atl.cpp:509:20:509:24 | & ... | | +| atl.cpp:512:10:512:11 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:517:16:517:16 | w | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:521:15:521:15 | w | | +| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:525:20:525:20 | w | | +| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:521:15:521:15 | w | | +| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:525:20:525:20 | w | | +| atl.cpp:517:16:517:16 | w | atl.cpp:517:16:517:17 | call to CComBSTR | TAINT | +| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:518:10:518:10 | b | | +| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:523:3:523:3 | b | | +| atl.cpp:518:10:518:10 | b [post update] | atl.cpp:523:3:523:3 | b | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:521:5:521:6 | b2 | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:522:10:522:11 | b2 | | +| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:522:10:522:11 | b2 | | +| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:521:15:521:15 | ref arg w | atl.cpp:525:20:525:20 | w | | +| atl.cpp:522:10:522:11 | b2 [post update] | atl.cpp:523:3:523:3 | b2 | | +| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:526:10:526:10 | b | | +| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:527:3:527:3 | b | | +| atl.cpp:526:10:526:10 | b [post update] | atl.cpp:527:3:527:3 | b | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:573:8:573:11 | safe | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:575:24:575:27 | safe | | +| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:586:11:586:14 | safe | | +| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:575:24:575:27 | safe | | +| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:586:11:586:14 | safe | | +| atl.cpp:575:24:575:27 | safe | atl.cpp:575:24:575:28 | call to CComSafeArray | TAINT | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | | +| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:580:3:580:3 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:579:8:579:8 | c [post update] | atl.cpp:580:3:580:3 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:586:5:586:5 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:590:35:590:35 | c | | +| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:591:3:591:3 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:5:586:5 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:5:586:5 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:5:586:5 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:35:590:35 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:590:35:590:35 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:594:5:594:5 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | | +| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:598:3:598:3 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:595:10:595:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:601:5:601:5 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | | +| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:604:3:604:3 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:602:10:602:10 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:603:10:603:10 | c | | +| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:10:603:10 | c | | +| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:3:604:3 | c | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:666:11:666:11 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:675:20:675:20 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:680:14:680:14 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:688:11:688:11 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:694:15:694:15 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:699:24:699:24 | x | | +| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:705:30:705:30 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:675:20:675:20 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:680:14:680:14 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:666:11:666:11 | x | atl.cpp:666:11:666:12 | call to CPathT | TAINT | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:667:27:667:27 | p | | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:668:8:668:8 | p | | +| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:670:12:670:12 | p | | +| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:668:8:668:8 | p | | +| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:670:12:670:12 | p | | +| atl.cpp:668:8:668:8 | p [post update] | atl.cpp:670:12:670:12 | p | | +| atl.cpp:668:10:668:18 | ref arg m_strPath | atl.cpp:671:11:671:19 | m_strPath | | +| atl.cpp:670:12:670:12 | p | atl.cpp:670:12:670:13 | call to CPathT | | +| atl.cpp:670:12:670:13 | call to CPathT | atl.cpp:671:8:671:9 | p2 | | +| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:675:5:675:5 | p | | +| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:676:10:676:10 | p | | +| atl.cpp:675:5:675:5 | ref arg p | atl.cpp:676:10:676:10 | p | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:680:14:680:14 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | | +| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | | +| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | | +| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | | +| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:685:10:685:11 | p2 | | +| atl.cpp:684:5:684:6 | ref arg p2 | atl.cpp:685:10:685:11 | p2 | | +| atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT | +| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | | +| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:689:10:689:11 | p3 | | +| atl.cpp:688:5:688:6 | ref arg p3 | atl.cpp:689:10:689:11 | p3 | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:688:11:688:11 | x | atl.cpp:688:8:688:8 | call to operator+= | TAINT | +| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:694:5:694:5 | p | | +| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:695:10:695:10 | p | | +| atl.cpp:694:5:694:5 | ref arg p | atl.cpp:695:10:695:10 | p | | +| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:699:24:699:24 | x | | +| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:699:5:699:5 | p | | +| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:700:10:700:10 | p | | +| atl.cpp:699:5:699:5 | ref arg p | atl.cpp:700:10:700:10 | p | | +| atl.cpp:699:24:699:24 | ref arg x | atl.cpp:705:30:705:30 | x | | +| atl.cpp:704:11:704:11 | call to CPathT | atl.cpp:705:15:705:15 | p | | +| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | +| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | | +| atl.cpp:706:10:706:11 | p2 [post update] | atl.cpp:707:10:707:11 | p2 | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:737:11:737:11 | x | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:749:11:749:11 | x | | +| atl.cpp:734:11:734:21 | call to source | atl.cpp:753:23:753:23 | x | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:737:5:737:5 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:738:10:738:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:739:5:739:5 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:740:10:740:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:744:10:744:10 | a | | +| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:746:3:746:3 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:738:10:738:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:739:5:739:5 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:739:5:739:5 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:740:10:740:10 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:744:10:744:10 | a | | +| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:746:3:746:3 | a | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:743:10:743:11 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:744:5:744:6 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:744:5:744:6 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | +| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:744:10:744:10 | a | atl.cpp:744:5:744:6 | ref arg a2 | TAINT | +| atl.cpp:744:10:744:10 | a | atl.cpp:744:8:744:8 | call to operator= | TAINT | +| atl.cpp:745:10:745:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:749:5:749:5 | a | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:750:10:750:10 | a | | +| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:755:3:755:3 | a | | +| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:750:10:750:10 | a | | +| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:755:3:755:3 | a | | +| atl.cpp:750:10:750:10 | ref arg a | atl.cpp:755:3:755:3 | a | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:753:15:753:16 | a2 | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:754:10:754:11 | a2 | | +| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:755:3:755:3 | a2 | | +| atl.cpp:753:18:753:21 | call to Find | atl.cpp:754:13:754:15 | pos | | +| atl.cpp:754:10:754:11 | ref arg a2 | atl.cpp:755:3:755:3 | a2 | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:782:20:782:20 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:792:26:792:26 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:797:32:797:32 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:803:22:803:22 | x | | +| atl.cpp:779:16:779:31 | call to source | atl.cpp:808:30:808:30 | x | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:782:5:782:5 | a | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:783:10:783:10 | a | | +| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:784:3:784:3 | a | | +| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:783:10:783:10 | a | | +| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:784:3:784:3 | a | | +| atl.cpp:783:10:783:10 | ref arg a | atl.cpp:784:3:784:3 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:787:16:787:16 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:788:10:788:10 | a | | +| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:789:3:789:3 | a | | +| atl.cpp:787:18:787:24 | call to FindKey | atl.cpp:788:23:788:25 | pos | | +| atl.cpp:788:10:788:10 | ref arg a | atl.cpp:789:3:789:3 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:792:16:792:16 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:793:10:793:10 | a | | +| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:794:3:794:3 | a | | +| atl.cpp:792:18:792:24 | call to FindVal | atl.cpp:793:23:793:25 | pos | | +| atl.cpp:793:10:793:10 | ref arg a | atl.cpp:794:3:794:3 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:797:16:797:16 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:799:10:799:10 | a | | +| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:800:3:800:3 | a | | +| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:799:10:799:10 | a | | +| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:800:3:800:3 | a | | +| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:798:10:798:12 | key | | +| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:799:19:799:21 | key | | +| atl.cpp:798:10:798:12 | ref arg key | atl.cpp:799:19:799:21 | key | | +| atl.cpp:799:10:799:10 | ref arg a | atl.cpp:800:3:800:3 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:803:5:803:5 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:804:10:804:10 | a | | +| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:805:3:805:3 | a | | +| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:804:10:804:10 | a | | +| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:805:3:805:3 | a | | +| atl.cpp:804:10:804:10 | ref arg a | atl.cpp:805:3:805:3 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:808:5:808:5 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:809:10:809:10 | a | | +| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:810:3:810:3 | a | | +| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:809:10:809:10 | a | | +| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:810:3:810:3 | a | | +| atl.cpp:809:10:809:10 | ref arg a | atl.cpp:810:3:810:3 | a | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:853:16:853:16 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:866:19:866:19 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:872:23:872:23 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:877:22:877:22 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:882:22:882:22 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:887:24:887:24 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:892:21:892:21 | x | | +| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:897:22:897:22 | x | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:853:3:853:5 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:854:8:854:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:860:8:860:10 | url | | +| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:900:1:900:1 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:854:8:854:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:855:8:855:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:856:8:856:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:857:8:857:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:858:8:858:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:859:8:859:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:860:8:860:10 | url | | +| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:900:1:900:1 | url | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | | +| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:869:3:869:3 | url2 | | +| atl.cpp:864:11:864:13 | len | atl.cpp:867:29:867:31 | len | | +| atl.cpp:865:10:865:15 | buffer | atl.cpp:867:20:867:25 | buffer | | +| atl.cpp:865:10:865:15 | buffer | atl.cpp:868:10:868:15 | buffer | | +| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:867:5:867:8 | url2 | | +| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:869:3:869:3 | url2 | | +| atl.cpp:867:20:867:25 | ref arg buffer | atl.cpp:868:10:868:15 | buffer | | +| atl.cpp:867:28:867:31 | ref arg & ... | atl.cpp:867:29:867:31 | len [inner post update] | | +| atl.cpp:867:29:867:31 | len | atl.cpp:867:28:867:31 | & ... | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:872:5:872:8 | url2 | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:873:10:873:13 | url2 | | +| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:874:3:874:3 | url2 | | +| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:873:10:873:13 | url2 | | +| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:874:3:874:3 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:877:5:877:8 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:878:10:878:13 | url2 | | +| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:879:3:879:3 | url2 | | +| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:878:10:878:13 | url2 | | +| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:879:3:879:3 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:882:5:882:8 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:883:10:883:13 | url2 | | +| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:884:3:884:3 | url2 | | +| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:883:10:883:13 | url2 | | +| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:884:3:884:3 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:887:5:887:8 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:888:10:888:13 | url2 | | +| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:889:3:889:3 | url2 | | +| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:888:10:888:13 | url2 | | +| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:889:3:889:3 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:892:5:892:8 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:893:10:893:13 | url2 | | +| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:894:3:894:3 | url2 | | +| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:893:10:893:13 | url2 | | +| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:894:3:894:3 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:897:5:897:8 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:898:10:898:13 | url2 | | +| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:899:3:899:3 | url2 | | +| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:898:10:898:13 | url2 | | +| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:899:3:899:3 | url2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 26031f42c0ac..2d69f088fef3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1,4 +1,91 @@ signatureMatches +| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:415:3:415:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | +| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:425:11:425:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | +| atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | +| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:763:8:763:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:763:8:763:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:763:8:763:10 | Add | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:763:8:763:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:763:8:763:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:763:8:763:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:763:8:763:10 | Add | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:763:8:763:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:774:8:774:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:774:8:774:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:774:8:774:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | +| atl.cpp:840:15:840:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:841:15:841:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:842:15:842:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:845:15:845:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:846:15:846:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:847:15:847:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign | 0 | @@ -267,7 +354,25 @@ signatureMatches | stl.h:678:33:678:38 | format | (format_string,Args &&) | | format | 1 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 0 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 1 | +| string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 | +| taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 | getSignatureParameterName +| (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & | +| (CComBSTR &&) | CComBSTR | CComBSTR | 0 | CComBSTR && | +| (CRegKey &) | CRegKey | CRegKey | 0 | CRegKey & | +| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 0 | DWORD & | +| (DWORD &,LPCTSTR) | CRegKey | QueryValue | 1 | LPCTSTR | +| (HANDLE) | CAtlFile | CAtlFile | 0 | HANDLE | +| (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | HINSTANCE | +| (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | UINT | +| (HKEY) | CRegKey | CRegKey | 0 | HKEY | | (InputIt,InputIt) | deque | assign | 0 | func:0 | | (InputIt,InputIt) | deque | assign | 1 | func:0 | | (InputIt,InputIt) | forward_list | assign | 0 | func:0 | @@ -288,6 +393,33 @@ getSignatureParameterName | (InputIterator,InputIterator,const Allocator &) | vector | vector | 0 | func:0 | | (InputIterator,InputIterator,const Allocator &) | vector | vector | 1 | func:0 | | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | const class:1 & | +| (LPCOLESTR) | CComBSTR | Append | 0 | LPCOLESTR | +| (LPCOLESTR) | CComBSTR | CComBSTR | 0 | LPCOLESTR | +| (LPCOLESTR,int) | CComBSTR | Append | 0 | LPCOLESTR | +| (LPCOLESTR,int) | CComBSTR | Append | 1 | int | +| (LPCSTR) | CComBSTR | Append | 0 | LPCSTR | +| (LPCSTR) | CComBSTR | CComBSTR | 0 | LPCSTR | +| (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | LPCTSTR | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 0 | LPCTSTR | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 1 | DWORD * | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 2 | void * | +| (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 3 | ULONG * | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR | +| (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * | +| (UINT) | CComBSTR | LoadString | 0 | UINT | +| (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT | +| (char) | CComBSTR | Append | 0 | char | +| (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & | +| (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & | +| (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & | +| (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & | +| (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & | +| (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | +| (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | +| (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * | +| (const T &,BOOL) | CComSafeArray | Add | 0 | const class:0 & | +| (const T &,BOOL) | CComSafeArray | Add | 1 | BOOL | | (const deque &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 1 | const class:1 & | @@ -348,6 +480,10 @@ getSignatureParameterName | (forward_list &&) | forward_list | forward_list | 0 | forward_list && | | (forward_list &&,const Allocator &) | forward_list | forward_list | 0 | forward_list && | | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | const class:1 & | +| (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | int | +| (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | LPCOLESTR | +| (int,LPCSTR) | CComBSTR | CComBSTR | 0 | int | +| (int,LPCSTR) | CComBSTR | CComBSTR | 1 | LPCSTR | | (list &&) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 1 | const class:1 & | @@ -374,11 +510,294 @@ getSignatureParameterName | (vector &&) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 1 | const class:1 & | +| (wchar_t) | CComBSTR | Append | 0 | wchar_t | getParameterTypeName +| arrayassignment.cpp:3:6:3:9 | sink | 0 | int | +| arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt | +| arrayassignment.cpp:5:6:5:9 | sink | 0 | MyArray | +| arrayassignment.cpp:37:7:37:7 | MyInt | 0 | const MyInt & | +| arrayassignment.cpp:44:9:44:17 | operator= | 0 | const int & | +| arrayassignment.cpp:45:9:45:17 | operator= | 0 | const MyInt & | +| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | MyArray && | +| arrayassignment.cpp:83:7:83:7 | MyArray | 0 | const MyArray & | +| arrayassignment.cpp:83:7:83:7 | operator= | 0 | MyArray && | +| arrayassignment.cpp:83:7:83:7 | operator= | 0 | const MyArray & | +| arrayassignment.cpp:88:7:88:9 | get | 0 | int | +| arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int | +| arrayassignment.cpp:124:6:124:9 | sink | 0 | int * | +| atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && | +| atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & | +| atl.cpp:50:16:50:16 | operator= | 0 | const tagSAFEARRAYBOUND & | +| atl.cpp:50:16:50:16 | operator= | 0 | tagSAFEARRAYBOUND && | +| atl.cpp:55:16:55:16 | operator= | 0 | const tagVARIANT & | +| atl.cpp:55:16:55:16 | operator= | 0 | tagVARIANT && | +| atl.cpp:59:16:59:16 | operator= | 0 | const tagSAFEARRAY & | +| atl.cpp:59:16:59:16 | operator= | 0 | tagSAFEARRAY && | +| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | _U_STRINGorID && | +| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | +| atl.cpp:68:8:68:8 | operator= | 0 | _U_STRINGorID && | +| atl.cpp:68:8:68:8 | operator= | 0 | const _U_STRINGorID & | +| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | UINT | +| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | LPCTSTR | +| atl.cpp:194:10:194:12 | Add | 0 | INARGTYPclass:0 | +| atl.cpp:196:10:196:15 | Append | 0 | const CAtlArray & | +| atl.cpp:197:8:197:11 | Copy | 0 | const CAtlArray & | +| atl.cpp:199:6:199:10 | GetAt | 0 | size_t | +| atl.cpp:203:8:203:20 | InsertArrayAt | 0 | size_t | +| atl.cpp:203:8:203:20 | InsertArrayAt | 1 | const CAtlArray * | +| atl.cpp:204:8:204:15 | InsertAt | 0 | size_t | +| atl.cpp:204:8:204:15 | InsertAt | 1 | INARGTYPclass:0 | +| atl.cpp:204:8:204:15 | InsertAt | 2 | size_t | +| atl.cpp:209:8:209:16 | SetAtGrow | 0 | size_t | +| atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 | +| atl.cpp:211:6:211:15 | operator[] | 0 | size_t | +| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | +| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | +| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:265:12:265:15 | Find | 1 | POSITION | +| atl.cpp:265:12:265:15 | Find | 1 | POSITION | +| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | +| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | +| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | +| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | +| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | +| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | +| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | +| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | +| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && | +| atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & | +| atl.cpp:403:8:403:8 | operator= | 0 | ISequentialStream && | +| atl.cpp:403:8:403:8 | operator= | 0 | const ISequentialStream & | +| atl.cpp:405:8:405:8 | operator= | 0 | IStream && | +| atl.cpp:405:8:405:8 | operator= | 0 | const IStream & | +| atl.cpp:407:8:407:8 | operator= | 0 | const CComBSTR & | +| atl.cpp:409:3:409:10 | CComBSTR | 0 | const CComBSTR & | +| atl.cpp:410:3:410:10 | CComBSTR | 0 | int | +| atl.cpp:411:3:411:10 | CComBSTR | 0 | int | +| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCOLESTR | +| atl.cpp:412:3:412:10 | CComBSTR | 0 | int | +| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCSTR | +| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCOLESTR | +| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCSTR | +| atl.cpp:415:3:415:10 | CComBSTR | 0 | CComBSTR && | +| atl.cpp:418:11:418:16 | Append | 0 | const CComBSTR & | +| atl.cpp:419:11:419:16 | Append | 0 | wchar_t | +| atl.cpp:420:11:420:16 | Append | 0 | char | +| atl.cpp:421:11:421:16 | Append | 0 | LPCOLESTR | +| atl.cpp:422:11:422:16 | Append | 0 | LPCSTR | +| atl.cpp:423:11:423:16 | Append | 0 | LPCOLESTR | +| atl.cpp:423:11:423:16 | Append | 1 | int | +| atl.cpp:424:11:424:20 | AppendBSTR | 0 | BSTR | +| atl.cpp:425:11:425:21 | AppendBytes | 0 | const char * | +| atl.cpp:425:11:425:21 | AppendBytes | 1 | int | +| atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * | +| atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR | +| atl.cpp:428:8:428:13 | Attach | 0 | BSTR | +| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * | +| atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * | +| atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * | +| atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE | +| atl.cpp:438:8:438:17 | LoadString | 1 | UINT | +| atl.cpp:439:8:439:17 | LoadString | 0 | UINT | +| atl.cpp:440:11:440:24 | ReadFromStream | 0 | IStream * | +| atl.cpp:442:11:442:23 | WriteToStream | 0 | IStream * | +| atl.cpp:447:13:447:22 | operator+= | 0 | const CComBSTR & | +| atl.cpp:448:13:448:22 | operator+= | 0 | LPCOLESTR | +| atl.cpp:538:3:538:15 | CComSafeArray | 0 | const SAFEARRAY * | +| atl.cpp:542:11:542:13 | Add | 0 | const SAFEARRAY * | +| atl.cpp:544:11:544:13 | Add | 0 | const class:0 & | +| atl.cpp:544:11:544:13 | Add | 1 | BOOL | +| atl.cpp:552:6:552:10 | GetAt | 0 | LONG | +| atl.cpp:563:11:563:15 | SetAt | 0 | LONG | +| atl.cpp:563:11:563:15 | SetAt | 1 | const class:0 & | +| atl.cpp:563:11:563:15 | SetAt | 2 | BOOL | +| atl.cpp:565:6:565:15 | operator[] | 0 | long | +| atl.cpp:566:6:566:15 | operator[] | 0 | int | +| atl.cpp:610:3:610:8 | CPathT | 0 | PCXSTR | +| atl.cpp:611:3:611:8 | CPathT | 0 | const CPathT & | +| atl.cpp:615:8:615:19 | AddExtension | 0 | PCXSTR | +| atl.cpp:616:8:616:13 | Append | 0 | PCXSTR | +| atl.cpp:619:8:619:14 | Combine | 0 | PCXSTR | +| atl.cpp:619:8:619:14 | Combine | 1 | PCXSTR | +| atl.cpp:620:22:620:33 | CommonPrefix | 0 | PCXSTR | +| atl.cpp:657:23:657:32 | operator+= | 0 | PCXSTR | +| atl.cpp:717:8:717:10 | Add | 0 | const class:0 & | +| atl.cpp:718:7:718:10 | Find | 0 | const class:0 & | +| atl.cpp:729:6:729:15 | operator[] | 0 | int | +| atl.cpp:730:21:730:29 | operator= | 0 | const CSimpleArray & | +| atl.cpp:763:8:763:10 | Add | 0 | const class:0 & | +| atl.cpp:763:8:763:10 | Add | 1 | const class:1 & | +| atl.cpp:764:7:764:13 | FindKey | 0 | const class:0 & | +| atl.cpp:765:7:765:13 | FindVal | 0 | const class:1 & | +| atl.cpp:768:9:768:18 | GetValueAt | 0 | int | +| atl.cpp:769:8:769:13 | Lookup | 0 | const class:0 & | +| atl.cpp:773:8:773:20 | ReverseLookup | 0 | const class:1 & | +| atl.cpp:774:8:774:12 | SetAt | 0 | const class:0 & | +| atl.cpp:774:8:774:12 | SetAt | 1 | const class:1 & | +| atl.cpp:775:8:775:17 | SetAtIndex | 0 | int | +| atl.cpp:775:8:775:17 | SetAtIndex | 1 | const class:0 & | +| atl.cpp:775:8:775:17 | SetAtIndex | 2 | const class:1 & | +| atl.cpp:814:9:814:17 | operator= | 0 | const CUrl & | +| atl.cpp:816:3:816:6 | CUrl | 0 | const CUrl & | +| atl.cpp:819:15:819:26 | Canonicalize | 0 | DWORD | +| atl.cpp:822:8:822:15 | CrackUrl | 0 | LPCTSTR | +| atl.cpp:822:8:822:15 | CrackUrl | 1 | DWORD | +| atl.cpp:823:15:823:23 | CreateUrl | 0 | LPTSTR | +| atl.cpp:823:15:823:23 | CreateUrl | 1 | DWORD * | +| atl.cpp:823:15:823:23 | CreateUrl | 2 | DWORD | +| atl.cpp:840:15:840:26 | SetExtraInfo | 0 | LPCTSTR | +| atl.cpp:841:15:841:25 | SetHostName | 0 | LPCTSTR | +| atl.cpp:842:15:842:25 | SetPassword | 0 | LPCTSTR | +| atl.cpp:843:15:843:27 | SetPortNumber | 0 | ATL_URL_PORT | +| atl.cpp:844:15:844:23 | SetScheme | 0 | ATL_URL_SCHEME | +| atl.cpp:845:15:845:27 | SetSchemeName | 0 | LPCTSTR | +| atl.cpp:846:15:846:24 | SetUrlPath | 0 | LPCTSTR | +| atl.cpp:847:15:847:25 | SetUserName | 0 | LPCTSTR | +| bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | +| bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | +| bsd.cpp:12:5:12:10 | accept | 0 | int | +| bsd.cpp:12:5:12:10 | accept | 1 | sockaddr * | +| bsd.cpp:12:5:12:10 | accept | 2 | int * | +| bsd.cpp:14:6:14:9 | sink | 0 | sockaddr | +| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | MyValue && | +| constructor_delegation.cpp:5:7:5:7 | MyValue | 0 | const MyValue & | +| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | MyValue && | +| constructor_delegation.cpp:5:7:5:7 | operator= | 0 | const MyValue & | +| constructor_delegation.cpp:8:2:8:8 | MyValue | 0 | int | +| constructor_delegation.cpp:9:2:9:8 | MyValue | 0 | int | +| constructor_delegation.cpp:9:2:9:8 | MyValue | 1 | bool | +| constructor_delegation.cpp:10:2:10:8 | MyValue | 0 | int | +| constructor_delegation.cpp:10:2:10:8 | MyValue | 1 | int | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 0 | int | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 1 | bool | +| constructor_delegation.cpp:11:2:11:8 | MyValue | 2 | bool | +| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | MyDerivedValue && | +| constructor_delegation.cpp:16:7:16:7 | MyDerivedValue | 0 | const MyDerivedValue & | +| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | MyDerivedValue && | +| constructor_delegation.cpp:16:7:16:7 | operator= | 0 | const MyDerivedValue & | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 0 | bool | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | 1 | int | +| copyableclass.cpp:8:2:8:16 | MyCopyableClass | 0 | int | +| copyableclass.cpp:9:2:9:16 | MyCopyableClass | 0 | const MyCopyableClass & | +| copyableclass.cpp:10:19:10:27 | operator= | 0 | const MyCopyableClass & | +| copyableclass_declonly.cpp:8:2:8:24 | MyCopyableClassDeclOnly | 0 | int | +| copyableclass_declonly.cpp:9:2:9:24 | MyCopyableClassDeclOnly | 0 | const MyCopyableClassDeclOnly & | +| copyableclass_declonly.cpp:10:27:10:35 | operator= | 0 | const MyCopyableClassDeclOnly & | +| file://:0:0:0:0 | operator delete | 0 | void * | +| file://:0:0:0:0 | operator new | 0 | unsigned long | +| file://:0:0:0:0 | operator= | 0 | __va_list_tag && | +| file://:0:0:0:0 | operator= | 0 | const __va_list_tag & | +| format.cpp:3:16:3:16 | operator= | 0 | FILE && | +| format.cpp:3:16:3:16 | operator= | 0 | const FILE & | +| format.cpp:5:5:5:12 | snprintf | 0 | char * | +| format.cpp:5:5:5:12 | snprintf | 1 | size_t | +| format.cpp:5:5:5:12 | snprintf | 2 | const char * | +| format.cpp:6:5:6:11 | sprintf | 0 | char * | +| format.cpp:6:5:6:11 | sprintf | 1 | const char * | +| format.cpp:7:5:7:12 | swprintf | 0 | wchar_t * | +| format.cpp:7:5:7:12 | swprintf | 1 | size_t | +| format.cpp:7:5:7:12 | swprintf | 2 | const wchar_t * | +| format.cpp:14:5:14:13 | vsnprintf | 0 | char * | +| format.cpp:14:5:14:13 | vsnprintf | 1 | size_t | +| format.cpp:14:5:14:13 | vsnprintf | 2 | const char * | +| format.cpp:14:5:14:13 | vsnprintf | 3 | va_list | +| format.cpp:16:5:16:13 | mysprintf | 0 | char * | +| format.cpp:16:5:16:13 | mysprintf | 1 | size_t | +| format.cpp:16:5:16:13 | mysprintf | 2 | const char * | +| format.cpp:28:5:28:10 | sscanf | 0 | const char * | +| format.cpp:28:5:28:10 | sscanf | 1 | const char * | +| format.cpp:142:8:142:13 | strlen | 0 | const char * | +| format.cpp:143:8:143:13 | wcslen | 0 | const wchar_t * | +| format.cpp:169:6:169:9 | test | 0 | format_string | +| map.cpp:8:6:8:9 | sink | 0 | char * | +| map.cpp:9:6:9:9 | sink | 0 | const char * | +| map.cpp:10:6:10:9 | sink | 0 | bool | +| map.cpp:11:6:11:9 | sink | 0 | pair | +| map.cpp:12:6:12:9 | sink | 0 | map, allocator>> | +| map.cpp:13:6:13:9 | sink | 0 | iterator | +| map.cpp:14:6:14:9 | sink | 0 | unordered_map, equal_to, allocator>> | +| map.cpp:15:6:15:9 | sink | 0 | iterator | +| map.cpp:16:6:16:9 | sink | 0 | unordered_map, hash, equal_to, allocator>>> | +| map.cpp:17:6:17:9 | sink | 0 | iterator | +| map.cpp:442:7:442:19 | indirect_sink | 0 | int * | +| movableclass.cpp:5:7:5:7 | MyMovableClass | 0 | const MyMovableClass & | +| movableclass.cpp:5:7:5:7 | operator= | 0 | const MyMovableClass & | +| movableclass.cpp:8:2:8:15 | MyMovableClass | 0 | int | +| movableclass.cpp:9:2:9:15 | MyMovableClass | 0 | MyMovableClass && | +| movableclass.cpp:13:18:13:26 | operator= | 0 | MyMovableClass && | +| set.cpp:8:6:8:9 | sink | 0 | char * | +| set.cpp:9:6:9:9 | sink | 0 | set, allocator> | +| set.cpp:10:6:10:9 | sink | 0 | iterator | +| set.cpp:11:6:11:9 | sink | 0 | unordered_set, equal_to, allocator> | +| set.cpp:12:6:12:9 | sink | 0 | iterator | +| smart_pointer.cpp:4:6:4:9 | sink | 0 | int | +| smart_pointer.cpp:5:6:5:9 | sink | 0 | int * | | smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & | | smart_pointer.cpp:7:27:7:30 | sink | 0 | shared_ptr & | | smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & | | smart_pointer.cpp:8:27:8:30 | sink | 0 | unique_ptr & | +| smart_pointer.cpp:60:8:60:8 | operator= | 0 | A && | +| smart_pointer.cpp:60:8:60:8 | operator= | 0 | const A & | +| smart_pointer.cpp:70:6:70:14 | getNumber | 0 | shared_ptr | +| smart_pointer.cpp:80:8:80:8 | operator= | 0 | B && | +| smart_pointer.cpp:80:8:80:8 | operator= | 0 | const B & | +| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 0 | unique_ptr | +| smart_pointer.cpp:86:6:86:24 | test_operator_arrow | 1 | unique_ptr | +| smart_pointer.cpp:97:6:97:12 | taint_x | 0 | A * | +| smart_pointer.cpp:107:8:107:8 | C | 0 | C && | +| smart_pointer.cpp:107:8:107:8 | C | 0 | const C & | +| smart_pointer.cpp:107:8:107:8 | operator= | 0 | C && | +| smart_pointer.cpp:107:8:107:8 | operator= | 0 | const C & | +| smart_pointer.cpp:112:6:112:19 | taint_x_shared | 0 | shared_ptr | +| smart_pointer.cpp:116:6:116:24 | taint_x_shared_cref | 0 | const shared_ptr & | +| smart_pointer.cpp:120:6:120:18 | getNumberCRef | 0 | const shared_ptr & | +| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 0 | shared_ptr | +| smart_pointer.cpp:124:5:124:27 | nested_shared_ptr_taint | 1 | unique_ptr> | +| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 0 | shared_ptr | +| smart_pointer.cpp:132:5:132:32 | nested_shared_ptr_taint_cref | 1 | unique_ptr> | +| standalone_iterators.cpp:5:6:5:9 | sink | 0 | int | +| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | const int_iterator_by_typedefs & | +| standalone_iterators.cpp:7:7:7:7 | operator= | 0 | int_iterator_by_typedefs && | +| standalone_iterators.cpp:16:30:16:39 | operator++ | 0 | int | +| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | const int_iterator_by_trait & | +| standalone_iterators.cpp:20:7:20:7 | operator= | 0 | int_iterator_by_trait && | +| standalone_iterators.cpp:23:27:23:36 | operator++ | 0 | int | +| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | const non_iterator & | +| standalone_iterators.cpp:36:7:36:7 | operator= | 0 | non_iterator && | +| standalone_iterators.cpp:39:18:39:27 | operator++ | 0 | int | +| standalone_iterators.cpp:43:6:43:18 | test_typedefs | 0 | int_iterator_by_typedefs | +| standalone_iterators.cpp:49:6:49:15 | test_trait | 0 | int_iterator_by_trait | +| standalone_iterators.cpp:55:6:55:22 | test_non_iterator | 0 | non_iterator | +| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | const insert_iterator_by_trait & | +| standalone_iterators.cpp:63:7:63:7 | operator= | 0 | insert_iterator_by_trait && | +| standalone_iterators.cpp:66:30:66:39 | operator++ | 0 | int | +| standalone_iterators.cpp:68:30:68:39 | operator-- | 0 | int | +| standalone_iterators.cpp:70:31:70:39 | operator= | 0 | int | +| standalone_iterators.cpp:82:7:82:7 | container | 0 | const container & | +| standalone_iterators.cpp:82:7:82:7 | container | 0 | container && | +| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | const container & | +| standalone_iterators.cpp:82:7:82:7 | operator= | 0 | container && | +| standalone_iterators.cpp:88:6:88:9 | sink | 0 | container | +| standalone_iterators.cpp:102:6:102:9 | sink | 0 | insert_iterator_by_trait | +| standalone_iterators.cpp:103:27:103:36 | operator+= | 0 | insert_iterator_by_trait & | +| standalone_iterators.cpp:103:27:103:36 | operator+= | 1 | int | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | | stl.h:29:34:29:40 | forward | 0 | remove_reference_t & | @@ -409,6 +828,16 @@ getParameterTypeName | stl.h:61:13:61:22 | operator+= | 0 | int | | stl.h:62:13:62:22 | operator-= | 0 | int | | stl.h:64:18:64:27 | operator[] | 0 | int | +| stl.h:67:9:67:9 | operator= | 0 | const input_iterator_tag & | +| stl.h:67:9:67:9 | operator= | 0 | input_iterator_tag && | +| stl.h:68:9:68:9 | operator= | 0 | const forward_iterator_tag & | +| stl.h:68:9:68:9 | operator= | 0 | forward_iterator_tag && | +| stl.h:69:9:69:9 | operator= | 0 | bidirectional_iterator_tag && | +| stl.h:69:9:69:9 | operator= | 0 | const bidirectional_iterator_tag & | +| stl.h:70:9:70:9 | operator= | 0 | const random_access_iterator_tag & | +| stl.h:70:9:70:9 | operator= | 0 | random_access_iterator_tag && | +| stl.h:72:9:72:9 | operator= | 0 | const output_iterator_tag & | +| stl.h:72:9:72:9 | operator= | 0 | output_iterator_tag && | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | | stl.h:86:22:86:41 | back_insert_iterator | 0 | class:0 & | | stl.h:88:25:88:33 | operator= | 0 | value_type && | @@ -733,12 +1162,262 @@ getParameterTypeName | stl.h:678:33:678:38 | format | 1 | func:0 && | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 0 | format_string | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | 1 | func:0 && | +| string.cpp:17:6:17:9 | sink | 0 | const char * | +| string.cpp:18:6:18:9 | sink | 0 | const string & | +| string.cpp:19:6:19:9 | sink | 0 | const char * | +| string.cpp:19:6:19:9 | sink | 1 | const char * | +| string.cpp:20:6:20:9 | sink | 0 | char | +| string.cpp:21:6:21:9 | sink | 0 | iterator | +| stringstream.cpp:13:6:13:9 | sink | 0 | int | +| stringstream.cpp:15:6:15:9 | sink | 0 | const string & | | stringstream.cpp:18:6:18:9 | sink | 0 | const basic_ostream> & | | stringstream.cpp:21:6:21:9 | sink | 0 | const basic_istream> & | | stringstream.cpp:24:6:24:9 | sink | 0 | const basic_iostream> & | +| stringstream.cpp:26:6:26:29 | test_stringstream_string | 0 | int | +| stringstream.cpp:70:6:70:26 | test_stringstream_int | 0 | int | +| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | StructLikeClass && | +| structlikeclass.cpp:5:7:5:7 | StructLikeClass | 0 | const StructLikeClass & | +| structlikeclass.cpp:5:7:5:7 | operator= | 0 | StructLikeClass && | +| structlikeclass.cpp:5:7:5:7 | operator= | 0 | const StructLikeClass & | +| structlikeclass.cpp:8:2:8:16 | StructLikeClass | 0 | int | | swap1.cpp:14:9:14:9 | move | 0 | func:0 & | +| swap1.cpp:24:9:24:13 | Class | 0 | Class && | +| swap1.cpp:25:9:25:13 | Class | 0 | const Class & | +| swap1.cpp:27:16:27:24 | operator= | 0 | const Class & | +| swap1.cpp:34:16:34:24 | operator= | 0 | Class && | +| swap1.cpp:40:16:40:26 | copy_assign | 0 | const Class & | +| swap1.cpp:47:16:47:26 | move_assign | 0 | Class && | +| swap1.cpp:53:14:53:17 | swap | 0 | Class & | +| swap1.cpp:61:10:61:13 | swap | 0 | Class & | +| swap1.cpp:61:10:61:13 | swap | 1 | Class & | | swap2.cpp:14:9:14:9 | move | 0 | func:0 & | +| swap2.cpp:24:9:24:13 | Class | 0 | Class && | +| swap2.cpp:25:9:25:13 | Class | 0 | const Class & | +| swap2.cpp:27:16:27:24 | operator= | 0 | const Class & | +| swap2.cpp:34:16:34:24 | operator= | 0 | Class && | +| swap2.cpp:40:16:40:26 | copy_assign | 0 | const Class & | +| swap2.cpp:47:16:47:26 | move_assign | 0 | Class && | +| swap2.cpp:53:14:53:17 | swap | 0 | Class & | +| swap2.cpp:61:10:61:13 | swap | 0 | Class & | +| swap2.cpp:61:10:61:13 | swap | 1 | Class & | | swap.h:4:20:4:23 | swap | 0 | func:0 & | | swap.h:4:20:4:23 | swap | 1 | func:0 & | +| taint.cpp:4:6:4:21 | arithAssignments | 0 | int | +| taint.cpp:4:6:4:21 | arithAssignments | 1 | int | +| taint.cpp:22:5:22:13 | increment | 0 | int | +| taint.cpp:23:5:23:8 | zero | 0 | int | +| taint.cpp:69:7:69:7 | MyClass | 0 | MyClass && | +| taint.cpp:69:7:69:7 | MyClass | 0 | const MyClass & | +| taint.cpp:69:7:69:7 | operator= | 0 | MyClass && | +| taint.cpp:69:7:69:7 | operator= | 0 | const MyClass & | +| taint.cpp:100:6:100:15 | array_test | 0 | int | +| taint.cpp:142:5:142:10 | select | 0 | int | +| taint.cpp:142:5:142:10 | select | 1 | int | +| taint.cpp:142:5:142:10 | select | 2 | int | +| taint.cpp:150:6:150:12 | fn_test | 0 | int | +| taint.cpp:156:7:156:12 | strcpy | 0 | char * | +| taint.cpp:156:7:156:12 | strcpy | 1 | const char * | +| taint.cpp:157:7:157:12 | strcat | 0 | char * | +| taint.cpp:157:7:157:12 | strcat | 1 | const char * | +| taint.cpp:180:7:180:12 | callee | 0 | int * | +| taint.cpp:190:7:190:12 | memcpy | 0 | void * | +| taint.cpp:190:7:190:12 | memcpy | 1 | void * | +| taint.cpp:190:7:190:12 | memcpy | 2 | int | +| taint.cpp:192:6:192:16 | test_memcpy | 0 | int * | +| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | const lambda [] type at line 233, col. 11 & | +| taint.cpp:228:11:228:11 | (unnamed constructor) | 0 | lambda [] type at line 233, col. 11 && | +| taint.cpp:228:11:228:11 | operator= | 0 | const lambda [] type at line 233, col. 11 & | +| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | const lambda [] type at line 240, col. 11 & | +| taint.cpp:235:11:235:11 | (unnamed constructor) | 0 | lambda [] type at line 240, col. 11 && | +| taint.cpp:235:11:235:11 | operator= | 0 | const lambda [] type at line 240, col. 11 & | +| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | const lambda [] type at line 248, col. 11 & | +| taint.cpp:243:11:243:11 | (unnamed constructor) | 0 | lambda [] type at line 248, col. 11 && | +| taint.cpp:243:11:243:11 | operator= | 0 | const lambda [] type at line 248, col. 11 & | +| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | const lambda [] type at line 254, col. 11 & | +| taint.cpp:249:11:249:11 | (unnamed constructor) | 0 | lambda [] type at line 254, col. 11 && | +| taint.cpp:249:11:249:11 | operator= | 0 | const lambda [] type at line 254, col. 11 & | +| taint.cpp:249:13:249:13 | _FUN | 0 | int | +| taint.cpp:249:13:249:13 | _FUN | 1 | int | +| taint.cpp:249:13:249:13 | operator() | 0 | int | +| taint.cpp:249:13:249:13 | operator() | 1 | int | +| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | const lambda [] type at line 260, col. 11 & | +| taint.cpp:255:11:255:11 | (unnamed constructor) | 0 | lambda [] type at line 260, col. 11 && | +| taint.cpp:255:11:255:11 | operator= | 0 | const lambda [] type at line 260, col. 11 & | +| taint.cpp:255:13:255:13 | _FUN | 0 | int & | +| taint.cpp:255:13:255:13 | _FUN | 1 | int & | +| taint.cpp:255:13:255:13 | _FUN | 2 | int & | +| taint.cpp:255:13:255:13 | operator() | 0 | int & | +| taint.cpp:255:13:255:13 | operator() | 1 | int & | +| taint.cpp:255:13:255:13 | operator() | 2 | int & | +| taint.cpp:266:5:266:6 | id | 0 | int | +| taint.cpp:297:6:297:14 | myAssign1 | 0 | int & | +| taint.cpp:297:6:297:14 | myAssign1 | 1 | int & | +| taint.cpp:302:6:302:14 | myAssign2 | 0 | int & | +| taint.cpp:302:6:302:14 | myAssign2 | 1 | int | +| taint.cpp:307:6:307:14 | myAssign3 | 0 | int * | +| taint.cpp:307:6:307:14 | myAssign3 | 1 | int | +| taint.cpp:312:6:312:14 | myAssign4 | 0 | int * | +| taint.cpp:312:6:312:14 | myAssign4 | 1 | int | +| taint.cpp:320:6:320:16 | myNotAssign | 0 | int & | +| taint.cpp:320:6:320:16 | myNotAssign | 1 | int & | +| taint.cpp:361:7:361:12 | strdup | 0 | const char * | +| taint.cpp:362:7:362:13 | strndup | 0 | const char * | +| taint.cpp:362:7:362:13 | strndup | 1 | size_t | +| taint.cpp:363:10:363:15 | wcsdup | 0 | const wchar_t * | +| taint.cpp:364:7:364:13 | strdupa | 0 | const char * | +| taint.cpp:365:7:365:14 | strndupa | 0 | const char * | +| taint.cpp:365:7:365:14 | strndupa | 1 | size_t | +| taint.cpp:367:6:367:16 | test_strdup | 0 | char * | +| taint.cpp:379:6:379:17 | test_strndup | 0 | int | +| taint.cpp:387:6:387:16 | test_wcsdup | 0 | wchar_t * | +| taint.cpp:397:6:397:17 | test_strdupa | 0 | char * | +| taint.cpp:409:6:409:18 | test_strndupa | 0 | int | +| taint.cpp:419:7:419:7 | MyClass2 | 0 | MyClass2 && | +| taint.cpp:419:7:419:7 | MyClass2 | 0 | const MyClass2 & | +| taint.cpp:419:7:419:7 | operator= | 0 | MyClass2 && | +| taint.cpp:419:7:419:7 | operator= | 0 | const MyClass2 & | +| taint.cpp:421:2:421:9 | MyClass2 | 0 | int | +| taint.cpp:422:7:422:15 | setMember | 0 | int | +| taint.cpp:428:7:428:7 | MyClass3 | 0 | MyClass3 && | +| taint.cpp:428:7:428:7 | MyClass3 | 0 | const MyClass3 & | +| taint.cpp:428:7:428:7 | operator= | 0 | MyClass3 && | +| taint.cpp:428:7:428:7 | operator= | 0 | const MyClass3 & | +| taint.cpp:430:2:430:9 | MyClass3 | 0 | const char * | +| taint.cpp:431:7:431:15 | setString | 0 | const char * | +| taint.cpp:474:6:474:9 | swop | 0 | int & | +| taint.cpp:474:6:474:9 | swop | 1 | int & | +| taint.cpp:500:5:500:12 | getdelim | 0 | char ** | +| taint.cpp:500:5:500:12 | getdelim | 1 | size_t * | +| taint.cpp:500:5:500:12 | getdelim | 2 | int | +| taint.cpp:500:5:500:12 | getdelim | 3 | FILE * | +| taint.cpp:502:6:502:18 | test_getdelim | 0 | FILE * | +| taint.cpp:512:7:512:12 | strtok | 0 | char * | +| taint.cpp:512:7:512:12 | strtok | 1 | const char * | +| taint.cpp:514:6:514:16 | test_strtok | 0 | char * | +| taint.cpp:523:7:523:13 | _strset | 0 | char * | +| taint.cpp:523:7:523:13 | _strset | 1 | int | +| taint.cpp:525:6:525:18 | test_strset_1 | 0 | char * | +| taint.cpp:525:6:525:18 | test_strset_1 | 1 | char | +| taint.cpp:531:6:531:18 | test_strset_2 | 0 | char * | +| taint.cpp:538:7:538:13 | mempcpy | 0 | void * | +| taint.cpp:538:7:538:13 | mempcpy | 1 | const void * | +| taint.cpp:538:7:538:13 | mempcpy | 2 | size_t | +| taint.cpp:540:6:540:17 | test_mempcpy | 0 | int * | +| taint.cpp:548:7:548:13 | memccpy | 0 | void * | +| taint.cpp:548:7:548:13 | memccpy | 1 | const void * | +| taint.cpp:548:7:548:13 | memccpy | 2 | int | +| taint.cpp:548:7:548:13 | memccpy | 3 | size_t | +| taint.cpp:550:6:550:17 | test_memccpy | 0 | int * | +| taint.cpp:558:7:558:12 | strcat | 0 | char * | +| taint.cpp:558:7:558:12 | strcat | 1 | const char * | +| taint.cpp:560:6:560:16 | test_strcat | 0 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 1 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 2 | char * | +| taint.cpp:560:6:560:16 | test_strcat | 3 | char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 0 | unsigned char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 1 | const unsigned char * | +| taint.cpp:570:16:570:25 | _mbsncat_l | 2 | int | +| taint.cpp:570:16:570:25 | _mbsncat_l | 3 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 0 | unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 1 | const unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 2 | unsigned char * | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 3 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 4 | _locale_t | +| taint.cpp:572:6:572:20 | test__mbsncat_l | 5 | int | +| taint.cpp:589:7:589:12 | strsep | 0 | char ** | +| taint.cpp:589:7:589:12 | strsep | 1 | const char * | +| taint.cpp:591:6:591:16 | test_strsep | 0 | char * | +| taint.cpp:602:7:602:13 | _strinc | 0 | const char * | +| taint.cpp:602:7:602:13 | _strinc | 1 | _locale_t | +| taint.cpp:603:16:603:22 | _mbsinc | 0 | const unsigned char * | +| taint.cpp:604:16:604:22 | _strdec | 0 | const unsigned char * | +| taint.cpp:604:16:604:22 | _strdec | 1 | const unsigned char * | +| taint.cpp:606:6:606:17 | test__strinc | 0 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 1 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 2 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 3 | char * | +| taint.cpp:606:6:606:17 | test__strinc | 4 | _locale_t | +| taint.cpp:616:6:616:17 | test__mbsinc | 0 | unsigned char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 1 | char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 2 | unsigned char * | +| taint.cpp:616:6:616:17 | test__mbsinc | 3 | char * | +| taint.cpp:626:6:626:17 | test__strdec | 0 | const unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 1 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 2 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 3 | unsigned char * | +| taint.cpp:626:6:626:17 | test__strdec | 4 | unsigned char * | +| taint.cpp:645:14:645:22 | _strnextc | 0 | const char * | +| taint.cpp:647:6:647:19 | test__strnextc | 0 | const char * | +| taint.cpp:659:7:659:7 | operator= | 0 | C_no_const_member_function && | +| taint.cpp:659:7:659:7 | operator= | 0 | const C_no_const_member_function & | +| taint.cpp:665:6:665:25 | test_no_const_member | 0 | char * | +| taint.cpp:671:7:671:7 | operator= | 0 | C_const_member_function && | +| taint.cpp:671:7:671:7 | operator= | 0 | const C_const_member_function & | +| taint.cpp:677:6:677:27 | test_with_const_member | 0 | char * | +| taint.cpp:683:6:683:20 | argument_source | 0 | void * | +| taint.cpp:685:8:685:8 | operator= | 0 | const two_members & | +| taint.cpp:685:8:685:8 | operator= | 0 | two_members && | +| taint.cpp:707:8:707:14 | strncpy | 0 | char * | +| taint.cpp:707:8:707:14 | strncpy | 1 | const char * | +| taint.cpp:707:8:707:14 | strncpy | 2 | unsigned long | +| taint.cpp:709:6:709:17 | test_strncpy | 0 | char * | +| taint.cpp:709:6:709:17 | test_strncpy | 1 | char * | +| taint.cpp:725:10:725:15 | strtol | 0 | const char * | +| taint.cpp:725:10:725:15 | strtol | 1 | char ** | +| taint.cpp:725:10:725:15 | strtol | 2 | int | +| taint.cpp:727:6:727:16 | test_strtol | 0 | char * | +| taint.cpp:735:7:735:12 | malloc | 0 | size_t | +| taint.cpp:736:7:736:13 | realloc | 0 | void * | +| taint.cpp:736:7:736:13 | realloc | 1 | size_t | +| taint.cpp:744:6:744:32 | test_realloc_2_indirections | 0 | int ** | +| taint.cpp:751:9:751:9 | operator= | 0 | A && | +| taint.cpp:751:9:751:9 | operator= | 0 | const A & | +| taint.cpp:758:5:758:11 | sprintf | 0 | char * | +| taint.cpp:758:5:758:11 | sprintf | 1 | const char * | +| taint.cpp:760:6:760:23 | call_sprintf_twice | 0 | char * | +| taint.cpp:760:6:760:23 | call_sprintf_twice | 1 | char * | +| taint.cpp:771:8:771:8 | operator= | 0 | TaintInheritingContentObject && | +| taint.cpp:771:8:771:8 | operator= | 0 | const TaintInheritingContentObject & | +| taint.cpp:775:30:775:35 | source | 0 | bool | +| taint.cpp:782:7:782:11 | fopen | 0 | const char * | +| taint.cpp:782:7:782:11 | fopen | 1 | const char * | +| taint.cpp:783:5:783:11 | fopen_s | 0 | FILE ** | +| taint.cpp:783:5:783:11 | fopen_s | 1 | const char * | +| taint.cpp:783:5:783:11 | fopen_s | 2 | const char * | +| taint.cpp:785:6:785:15 | fopen_test | 0 | char * | +| vector.cpp:13:6:13:9 | sink | 0 | int | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | | vector.cpp:14:27:14:30 | sink | 0 | vector> & | +| vector.cpp:16:6:16:37 | test_range_based_for_loop_vector | 0 | int | +| vector.cpp:37:6:37:23 | test_element_taint | 0 | int | +| vector.cpp:145:8:145:8 | operator= | 0 | MyPair && | +| vector.cpp:145:8:145:8 | operator= | 0 | const MyPair & | +| vector.cpp:150:8:150:8 | MyVectorContainer | 0 | const MyVectorContainer & | +| vector.cpp:150:8:150:8 | operator= | 0 | MyVectorContainer && | +| vector.cpp:150:8:150:8 | operator= | 0 | const MyVectorContainer & | +| vector.cpp:216:6:216:9 | sink | 0 | iterator & | +| vector.cpp:231:6:231:9 | sink | 0 | vector> & | +| vector.cpp:232:6:232:9 | sink | 0 | vector> & | +| vector.cpp:279:6:279:9 | sink | 0 | int * | +| vector.cpp:295:6:295:9 | sink | 0 | iterator | +| vector.cpp:329:6:329:33 | taint_vector_output_iterator | 0 | iterator | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 0 | iterator | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | 1 | int | +| vector.cpp:337:6:337:32 | test_vector_output_iterator | 0 | int | +| vector.cpp:417:6:417:25 | test_vector_inserter | 0 | char * | +| vector.cpp:454:7:454:12 | memcpy | 0 | void * | +| vector.cpp:454:7:454:12 | memcpy | 1 | const void * | +| vector.cpp:454:7:454:12 | memcpy | 2 | size_t | +| vector.cpp:461:6:461:9 | sink | 0 | vector> & | +| vector.cpp:462:6:462:9 | sink | 0 | string & | +| zmq.cpp:9:8:9:8 | operator= | 0 | const zmq_msg_t & | +| zmq.cpp:9:8:9:8 | operator= | 0 | zmq_msg_t && | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 0 | zmq_msg_t * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 1 | void * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 2 | size_t | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 3 | zmq_free_fn * | +| zmq.cpp:14:5:14:21 | zmq_msg_init_data | 4 | void * | +| zmq.cpp:15:7:15:18 | zmq_msg_data | 0 | zmq_msg_t * | +| zmq.cpp:17:6:17:13 | test_zmc | 0 | void * | +| zmq.cpp:17:6:17:13 | test_zmc | 1 | char * | +| zmq.cpp:17:6:17:13 | test_zmc | 2 | size_t |