From fb75f549517b6c4c93c912974c64dfc3c3285e3f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:06:40 +0000 Subject: [PATCH 01/16] C++: Add another typedef. --- .../dataflow/taint-tests/atl.cpp | 1 + .../dataflow/taint-tests/localTaint.expected | 1592 ++++++++--------- .../taint-tests/test_mad-signatures.expected | 454 ++--- 3 files changed, 1024 insertions(+), 1023 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 0e70a101620f..4b7d293b117e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -11,6 +11,7 @@ typedef void* PVOID; typedef bool BOOL; typedef char* PSTR, *LPSTR; typedef const char* LPCTSTR; +typedef const wchar_t* LPCWSTR; typedef unsigned short WORD; typedef unsigned long DWORD; typedef void* HANDLE; diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index d3ee7b7c0895..5d2a8075a8b6 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -140,812 +140,812 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | arrayassignment.cpp:145:12:145:12 | 5 | arrayassignment.cpp:145:7:145:13 | access to array | TAINT | | arrayassignment.cpp:146:7:146:10 | arr3 | arrayassignment.cpp:146:7:146:13 | access to array | | | arrayassignment.cpp:146:12:146:12 | 5 | arrayassignment.cpp:146:7:146:13 | access to array | TAINT | -| atl.cpp:33:30:33:30 | 1 | atl.cpp:33:29:33:30 | - ... | TAINT | -| atl.cpp:77:14:77:25 | call to source | atl.cpp:78:21:78:21 | x | | -| atl.cpp:78:21:78:21 | x | atl.cpp:78:21:78:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:78:21:78:22 | call to _U_STRINGorID | atl.cpp:79:10:79:10 | u | | -| atl.cpp:83:17:83:43 | call to indirect_source | atl.cpp:84:21:84:21 | y | | -| atl.cpp:84:21:84:21 | y | atl.cpp:84:21:84:22 | call to _U_STRINGorID | TAINT | -| atl.cpp:84:21:84:22 | call to _U_STRINGorID | atl.cpp:85:10:85:10 | u | | -| atl.cpp:104:15:104:35 | call to indirect_source | atl.cpp:105:19:105:19 | x | | -| atl.cpp:105:19:105:19 | x | atl.cpp:105:19:105:20 | call to CA2AEX | TAINT | -| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:106:29:106:29 | a | | -| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:107:10:107:10 | a | | -| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | | -| atl.cpp:105:19:105:20 | call to CA2AEX | atl.cpp:109:3:109:3 | a | | -| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:107:10:107:10 | a | | -| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:108:10:108:10 | a | | -| atl.cpp:106:29:106:29 | ref arg a | atl.cpp:109:3:109:3 | a | | -| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:108:10:108:10 | a | | -| atl.cpp:107:10:107:10 | a [post update] | atl.cpp:109:3:109:3 | a | | -| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:3:109:3 | a | | -| atl.cpp:112:15:112:35 | call to indirect_source | atl.cpp:113:19:113:19 | x | | -| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:114:29:114:29 | a | | -| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:115:10:115:10 | a | | -| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | | -| atl.cpp:113:19:113:23 | call to CA2AEX | atl.cpp:117:3:117:3 | a | | -| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:115:10:115:10 | a | | -| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:116:10:116:10 | a | | -| atl.cpp:114:29:114:29 | ref arg a | atl.cpp:117:3:117:3 | a | | -| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:116:10:116:10 | a | | -| atl.cpp:115:10:115:10 | a [post update] | atl.cpp:117:3:117:3 | a | | -| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:3:117:3 | a | | -| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:132:20:132:20 | x | | -| atl.cpp:130:14:130:34 | call to indirect_source | atl.cpp:138:20:138:20 | x | | -| atl.cpp:132:20:132:20 | x | atl.cpp:132:20:132:21 | call to CA2CAEX | TAINT | -| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:133:30:133:30 | a | | -| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:134:10:134:10 | a | | -| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | | -| atl.cpp:132:20:132:21 | call to CA2CAEX | atl.cpp:136:3:136:3 | a | | -| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:139:30:139:30 | a | | -| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:140:10:140:10 | a | | -| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | | -| atl.cpp:138:20:138:24 | call to CA2CAEX | atl.cpp:142:3:142:3 | a | | -| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:158:19:158:19 | x | | -| atl.cpp:156:14:156:34 | call to indirect_source | atl.cpp:164:19:164:19 | x | | -| atl.cpp:158:19:158:19 | x | atl.cpp:158:19:158:20 | call to CA2WEX | TAINT | -| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:159:30:159:30 | a | | -| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:160:10:160:10 | a | | -| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | | -| atl.cpp:158:19:158:20 | call to CA2WEX | atl.cpp:162:3:162:3 | a | | -| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:160:10:160:10 | a | | -| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:161:10:161:10 | a | | -| atl.cpp:159:30:159:30 | ref arg a | atl.cpp:162:3:162:3 | a | | -| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:161:10:161:10 | a | | -| atl.cpp:160:10:160:10 | a [post update] | atl.cpp:162:3:162:3 | a | | -| atl.cpp:160:12:160:16 | ref arg m_psz | atl.cpp:161:12:161:16 | m_psz | | -| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:3:162:3 | a | | -| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:165:30:165:30 | a | | -| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:166:10:166:10 | a | | -| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | | -| atl.cpp:164:19:164:23 | call to CA2WEX | atl.cpp:168:3:168:3 | a | | -| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:166:10:166:10 | a | | -| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:167:10:167:10 | a | | -| atl.cpp:165:30:165:30 | ref arg a | atl.cpp:168:3:168:3 | a | | -| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:167:10:167:10 | a | | -| atl.cpp:166:10:166:10 | a [post update] | atl.cpp:168:3:168:3 | a | | -| atl.cpp:166:12:166:16 | ref arg m_psz | atl.cpp:167:12:167:16 | m_psz | | -| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:3:168:3 | a | | -| atl.cpp:216:11:216:21 | call to source | atl.cpp:220:11:220:11 | x | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:220:5:220:5 | a | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:221:10:221:10 | a | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:222:5:222:5 | a | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:223:10:223:10 | a | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:227:15:227:15 | a | | -| atl.cpp:219:20:219:20 | call to CAtlArray | atl.cpp:242:3:242:3 | a | | -| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:221:10:221:10 | a | | -| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:222:5:222:5 | a | | -| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:223:10:223:10 | a | | -| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:227:15:227:15 | a | | -| atl.cpp:220:5:220:5 | ref arg a | atl.cpp:242:3:242:3 | a | | -| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:222:5:222:5 | a | | -| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:223:10:223:10 | a | | -| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:227:15:227:15 | a | | -| atl.cpp:221:10:221:10 | ref arg a | atl.cpp:242:3:242:3 | a | | -| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:223:10:223:10 | a | | -| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:227:15:227:15 | a | | -| atl.cpp:222:5:222:5 | ref arg a | atl.cpp:242:3:242:3 | a | | -| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:227:15:227:15 | a | | -| atl.cpp:223:10:223:10 | ref arg a | atl.cpp:242:3:242:3 | a | | -| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:226:10:226:11 | a2 | | -| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:227:5:227:6 | a2 | | -| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:228:10:228:11 | a2 | | -| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:232:13:232:14 | a2 | | -| atl.cpp:225:20:225:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a2 | | -| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:227:5:227:6 | a2 | | -| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | -| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | -| atl.cpp:226:10:226:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | -| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:228:10:228:11 | a2 | | -| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | -| atl.cpp:227:5:227:6 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | -| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:232:13:232:14 | a2 | | -| atl.cpp:228:10:228:11 | ref arg a2 | atl.cpp:242:3:242:3 | a2 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:231:10:231:11 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:232:5:232:6 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:233:10:233:11 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:235:10:235:11 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:236:11:236:12 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:230:20:230:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:232:5:232:6 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:231:10:231:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:233:10:233:11 | a3 | | -| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | -| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | -| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:232:5:232:6 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:235:10:235:11 | a3 | | -| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | -| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:233:10:233:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:236:11:236:12 | a3 | | -| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:235:10:235:11 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:240:26:240:27 | a3 | | -| atl.cpp:236:11:236:12 | ref arg a3 | atl.cpp:242:3:242:3 | a3 | | -| atl.cpp:236:14:236:20 | call to GetData | atl.cpp:236:10:236:22 | * ... | TAINT | -| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:239:10:239:11 | a4 | | -| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:240:5:240:6 | a4 | | -| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:241:10:241:11 | a4 | | -| atl.cpp:238:20:238:21 | call to CAtlArray | atl.cpp:242:3:242:3 | a4 | | -| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:240:5:240:6 | a4 | | -| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | -| atl.cpp:239:10:239:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | -| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:241:10:241:11 | a4 | | -| atl.cpp:240:5:240:6 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | -| atl.cpp:240:26:240:27 | a3 | atl.cpp:240:25:240:27 | & ... | | -| atl.cpp:241:10:241:11 | ref arg a4 | atl.cpp:242:3:242:3 | a4 | | -| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:245:5:245:6 | a5 | | -| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:246:10:246:11 | a5 | | -| atl.cpp:244:20:244:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a5 | | -| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:246:10:246:11 | a5 | | -| atl.cpp:245:5:245:6 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | -| atl.cpp:246:10:246:11 | ref arg a5 | atl.cpp:251:3:251:3 | a5 | | -| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:249:5:249:6 | a6 | | -| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:250:10:250:11 | a6 | | -| atl.cpp:248:20:248:21 | call to CAtlArray | atl.cpp:251:3:251:3 | a6 | | -| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:250:10:250:11 | a6 | | -| atl.cpp:249:5:249:6 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | -| atl.cpp:250:10:250:11 | ref arg a6 | atl.cpp:251:3:251:3 | a6 | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:300:18:300:18 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:308:19:308:19 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:317:29:317:29 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:323:21:323:21 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:331:30:331:30 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:338:31:338:31 | x | | -| atl.cpp:296:11:296:21 | call to source | atl.cpp:343:44:343:44 | x | | -| atl.cpp:298:24:298:25 | 10 | atl.cpp:298:24:298:26 | call to CAtlList | TAINT | -| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:299:10:299:13 | list | | -| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:300:5:300:8 | list | | -| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:301:10:301:13 | list | | -| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:304:24:304:27 | list | | -| atl.cpp:298:24:298:26 | call to CAtlList | atl.cpp:346:3:346:3 | list | | -| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:300:5:300:8 | list | | -| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:301:10:301:13 | list | | -| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:304:24:304:27 | list | | -| atl.cpp:299:10:299:13 | ref arg list | atl.cpp:346:3:346:3 | list | | -| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:301:10:301:13 | list | | -| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:304:24:304:27 | list | | -| atl.cpp:300:5:300:8 | ref arg list | atl.cpp:346:3:346:3 | list | | -| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:304:24:304:27 | list | | -| atl.cpp:301:10:301:13 | ref arg list | atl.cpp:346:3:346:3 | list | | -| atl.cpp:303:25:303:26 | 10 | atl.cpp:303:25:303:27 | call to CAtlList | TAINT | -| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:304:5:304:9 | list2 | | -| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:305:10:305:14 | list2 | | -| atl.cpp:303:25:303:27 | call to CAtlList | atl.cpp:346:3:346:3 | list2 | | -| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:305:10:305:14 | list2 | | -| atl.cpp:304:5:304:9 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | -| atl.cpp:304:24:304:27 | list | atl.cpp:304:23:304:27 | & ... | | -| atl.cpp:305:10:305:14 | ref arg list2 | atl.cpp:346:3:346:3 | list2 | | -| atl.cpp:307:25:307:26 | 10 | atl.cpp:307:25:307:27 | call to CAtlList | TAINT | -| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:308:5:308:9 | list3 | | -| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:309:10:309:14 | list3 | | -| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:312:24:312:28 | list3 | | -| atl.cpp:307:25:307:27 | call to CAtlList | atl.cpp:346:3:346:3 | list3 | | -| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:309:10:309:14 | list3 | | -| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | -| atl.cpp:308:5:308:9 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | -| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:312:24:312:28 | list3 | | -| atl.cpp:309:10:309:14 | ref arg list3 | atl.cpp:346:3:346:3 | list3 | | -| atl.cpp:311:25:311:26 | 10 | atl.cpp:311:25:311:27 | call to CAtlList | TAINT | -| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:312:5:312:9 | list4 | | -| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:313:10:313:14 | list4 | | -| atl.cpp:311:25:311:27 | call to CAtlList | atl.cpp:346:3:346:3 | list4 | | -| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:313:10:313:14 | list4 | | -| atl.cpp:312:5:312:9 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | -| atl.cpp:312:24:312:28 | list3 | atl.cpp:312:23:312:28 | & ... | | -| atl.cpp:313:10:313:14 | ref arg list4 | atl.cpp:346:3:346:3 | list4 | | -| atl.cpp:316:27:316:28 | 10 | atl.cpp:316:27:316:29 | call to CAtlList | TAINT | -| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:18:317:22 | list5 | | -| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:317:32:317:36 | list5 | | -| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:318:12:318:16 | list5 | | -| atl.cpp:316:27:316:29 | call to CAtlList | atl.cpp:319:5:319:5 | list5 | | -| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | -| atl.cpp:317:18:317:22 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | -| atl.cpp:317:24:317:27 | call to Find | atl.cpp:318:24:318:26 | pos | | -| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:317:18:317:22 | list5 | | -| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:318:12:318:16 | list5 | | -| atl.cpp:317:32:317:36 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | -| atl.cpp:318:12:318:16 | ref arg list5 | atl.cpp:319:5:319:5 | list5 | | -| atl.cpp:322:27:322:28 | 10 | atl.cpp:322:27:322:29 | call to CAtlList | TAINT | -| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:323:7:323:11 | list6 | | -| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:324:18:324:22 | list6 | | -| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:325:12:325:16 | list6 | | -| atl.cpp:322:27:322:29 | call to CAtlList | atl.cpp:326:5:326:5 | list6 | | -| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:324:18:324:22 | list6 | | -| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | -| atl.cpp:323:7:323:11 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | -| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:325:12:325:16 | list6 | | -| atl.cpp:324:18:324:22 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | -| atl.cpp:324:24:324:32 | call to FindIndex | atl.cpp:325:24:325:26 | pos | | -| atl.cpp:325:12:325:16 | ref arg list6 | atl.cpp:326:5:326:5 | list6 | | -| atl.cpp:329:27:329:28 | 10 | atl.cpp:329:27:329:29 | call to CAtlList | TAINT | -| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:330:18:330:22 | list7 | | -| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:331:7:331:11 | list7 | | -| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:332:12:332:16 | list7 | | -| atl.cpp:329:27:329:29 | call to CAtlList | atl.cpp:333:5:333:5 | list7 | | -| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:331:7:331:11 | list7 | | -| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | -| atl.cpp:330:18:330:22 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | -| atl.cpp:330:24:330:38 | call to GetTailPosition | atl.cpp:331:25:331:27 | pos | | -| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:332:12:332:16 | list7 | | -| atl.cpp:331:7:331:11 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | -| atl.cpp:332:12:332:16 | ref arg list7 | atl.cpp:333:5:333:5 | list7 | | -| atl.cpp:336:27:336:28 | 10 | atl.cpp:336:27:336:29 | call to CAtlList | TAINT | -| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:337:18:337:22 | list8 | | -| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:338:7:338:11 | list8 | | -| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:339:12:339:16 | list8 | | -| atl.cpp:336:27:336:29 | call to CAtlList | atl.cpp:340:5:340:5 | list8 | | -| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:338:7:338:11 | list8 | | -| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | -| atl.cpp:337:18:337:22 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | -| atl.cpp:337:24:337:38 | call to GetTailPosition | atl.cpp:338:26:338:28 | pos | | -| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:339:12:339:16 | list8 | | -| atl.cpp:338:7:338:11 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | -| atl.cpp:339:12:339:16 | ref arg list8 | atl.cpp:340:5:340:5 | list8 | | -| atl.cpp:342:27:342:28 | 10 | atl.cpp:342:27:342:29 | call to CAtlList | TAINT | -| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:7:343:11 | list9 | | -| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:343:19:343:23 | list9 | | -| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:344:12:344:16 | list9 | | -| atl.cpp:342:27:342:29 | call to CAtlList | atl.cpp:345:5:345:5 | list9 | | -| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | -| atl.cpp:343:7:343:11 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | -| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:343:7:343:11 | list9 | | -| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:344:12:344:16 | list9 | | -| atl.cpp:343:19:343:23 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | -| atl.cpp:344:12:344:16 | ref arg list9 | atl.cpp:345:5:345:5 | list9 | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:352:18:352:18 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:360:19:360:19 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:369:29:369:29 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:375:21:375:21 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:383:30:383:30 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:390:31:390:31 | p | | -| atl.cpp:348:12:348:31 | call to indirect_source | atl.cpp:395:44:395:44 | p | | -| atl.cpp:350:25:350:26 | 10 | atl.cpp:350:25:350:27 | call to CAtlList | TAINT | -| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:351:10:351:13 | list | | -| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:352:5:352:8 | list | | -| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:353:10:353:13 | list | | -| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:356:24:356:27 | list | | -| atl.cpp:350:25:350:27 | call to CAtlList | atl.cpp:398:3:398:3 | list | | -| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:352:5:352:8 | list | | -| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:353:10:353:13 | list | | -| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:356:24:356:27 | list | | -| atl.cpp:351:10:351:13 | ref arg list | atl.cpp:398:3:398:3 | list | | -| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:353:10:353:13 | list | | -| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:356:24:356:27 | list | | -| atl.cpp:352:5:352:8 | ref arg list | atl.cpp:398:3:398:3 | list | | -| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:356:24:356:27 | list | | -| atl.cpp:353:10:353:13 | ref arg list | atl.cpp:398:3:398:3 | list | | -| atl.cpp:355:26:355:27 | 10 | atl.cpp:355:26:355:28 | call to CAtlList | TAINT | -| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:356:5:356:9 | list2 | | -| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:357:10:357:14 | list2 | | -| atl.cpp:355:26:355:28 | call to CAtlList | atl.cpp:398:3:398:3 | list2 | | -| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:357:10:357:14 | list2 | | -| atl.cpp:356:5:356:9 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | -| atl.cpp:356:24:356:27 | list | atl.cpp:356:23:356:27 | & ... | | -| atl.cpp:357:10:357:14 | ref arg list2 | atl.cpp:398:3:398:3 | list2 | | -| atl.cpp:359:26:359:27 | 10 | atl.cpp:359:26:359:28 | call to CAtlList | TAINT | -| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:360:5:360:9 | list3 | | -| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:361:10:361:14 | list3 | | -| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:364:24:364:28 | list3 | | -| atl.cpp:359:26:359:28 | call to CAtlList | atl.cpp:398:3:398:3 | list3 | | -| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:361:10:361:14 | list3 | | -| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | -| atl.cpp:360:5:360:9 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | -| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:364:24:364:28 | list3 | | -| atl.cpp:361:10:361:14 | ref arg list3 | atl.cpp:398:3:398:3 | list3 | | -| atl.cpp:363:26:363:27 | 10 | atl.cpp:363:26:363:28 | call to CAtlList | TAINT | -| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:364:5:364:9 | list4 | | -| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:365:10:365:14 | list4 | | -| atl.cpp:363:26:363:28 | call to CAtlList | atl.cpp:398:3:398:3 | list4 | | -| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:365:10:365:14 | list4 | | -| atl.cpp:364:5:364:9 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | -| atl.cpp:364:24:364:28 | list3 | atl.cpp:364:23:364:28 | & ... | | -| atl.cpp:365:10:365:14 | ref arg list4 | atl.cpp:398:3:398:3 | list4 | | -| atl.cpp:368:28:368:29 | 10 | atl.cpp:368:28:368:30 | call to CAtlList | TAINT | -| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:18:369:22 | list5 | | -| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:369:32:369:36 | list5 | | -| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:370:12:370:16 | list5 | | -| atl.cpp:368:28:368:30 | call to CAtlList | atl.cpp:371:5:371:5 | list5 | | -| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | -| atl.cpp:369:18:369:22 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | -| atl.cpp:369:24:369:27 | call to Find | atl.cpp:370:24:370:26 | pos | | -| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:369:18:369:22 | list5 | | -| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:370:12:370:16 | list5 | | -| atl.cpp:369:32:369:36 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | -| atl.cpp:370:12:370:16 | ref arg list5 | atl.cpp:371:5:371:5 | list5 | | -| atl.cpp:374:28:374:29 | 10 | atl.cpp:374:28:374:30 | call to CAtlList | TAINT | -| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:375:7:375:11 | list6 | | -| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:376:18:376:22 | list6 | | -| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:377:12:377:16 | list6 | | -| atl.cpp:374:28:374:30 | call to CAtlList | atl.cpp:378:5:378:5 | list6 | | -| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:376:18:376:22 | list6 | | -| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | -| atl.cpp:375:7:375:11 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | -| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:377:12:377:16 | list6 | | -| atl.cpp:376:18:376:22 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | -| atl.cpp:376:24:376:32 | call to FindIndex | atl.cpp:377:24:377:26 | pos | | -| atl.cpp:377:12:377:16 | ref arg list6 | atl.cpp:378:5:378:5 | list6 | | -| atl.cpp:381:28:381:29 | 10 | atl.cpp:381:28:381:30 | call to CAtlList | TAINT | -| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:382:18:382:22 | list7 | | -| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:383:7:383:11 | list7 | | -| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:384:12:384:16 | list7 | | -| atl.cpp:381:28:381:30 | call to CAtlList | atl.cpp:385:5:385:5 | list7 | | -| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:383:7:383:11 | list7 | | -| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | -| atl.cpp:382:18:382:22 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | -| atl.cpp:382:24:382:38 | call to GetTailPosition | atl.cpp:383:25:383:27 | pos | | -| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:384:12:384:16 | list7 | | -| atl.cpp:383:7:383:11 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | -| atl.cpp:384:12:384:16 | ref arg list7 | atl.cpp:385:5:385:5 | list7 | | -| atl.cpp:388:28:388:29 | 10 | atl.cpp:388:28:388:30 | call to CAtlList | TAINT | -| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:389:18:389:22 | list8 | | -| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:390:7:390:11 | list8 | | -| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:391:12:391:16 | list8 | | -| atl.cpp:388:28:388:30 | call to CAtlList | atl.cpp:392:5:392:5 | list8 | | -| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:390:7:390:11 | list8 | | -| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | -| atl.cpp:389:18:389:22 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | -| atl.cpp:389:24:389:38 | call to GetTailPosition | atl.cpp:390:26:390:28 | pos | | -| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:391:12:391:16 | list8 | | -| atl.cpp:390:7:390:11 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | -| atl.cpp:391:12:391:16 | ref arg list8 | atl.cpp:392:5:392:5 | list8 | | -| atl.cpp:394:28:394:29 | 10 | atl.cpp:394:28:394:30 | call to CAtlList | TAINT | -| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:7:395:11 | list9 | | -| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:395:19:395:23 | list9 | | -| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:396:12:396:16 | list9 | | -| atl.cpp:394:28:394:30 | call to CAtlList | atl.cpp:397:5:397:5 | list9 | | -| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | -| atl.cpp:395:7:395:11 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | -| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:395:7:395:11 | list9 | | -| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:396:12:396:16 | list9 | | -| atl.cpp:395:19:395:23 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | -| atl.cpp:396:12:396:16 | ref arg list9 | atl.cpp:397:5:397:5 | list9 | | -| atl.cpp:454:21:454:33 | new | atl.cpp:455:3:455:6 | safe | | -| atl.cpp:454:21:454:33 | new | atl.cpp:456:10:456:13 | safe | | -| atl.cpp:455:3:455:6 | safe [post update] | atl.cpp:456:10:456:13 | safe | | -| atl.cpp:455:3:455:40 | ... = ... | atl.cpp:455:9:455:14 | pvData [post update] | | -| atl.cpp:455:18:455:38 | call to indirect_source | atl.cpp:455:3:455:40 | ... = ... | | -| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:462:16:462:16 | x | | -| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:469:20:469:20 | x | | -| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:473:16:473:16 | x | | -| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:481:11:481:11 | x | | -| atl.cpp:460:13:460:33 | call to indirect_source | atl.cpp:495:20:495:20 | x | | -| atl.cpp:462:16:462:16 | x | atl.cpp:462:16:462:17 | call to CComBSTR | TAINT | -| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:463:10:463:10 | b | | -| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:465:17:465:17 | b | | -| atl.cpp:462:16:462:17 | call to CComBSTR | atl.cpp:467:3:467:3 | b | | -| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:465:17:465:17 | b | | -| atl.cpp:463:10:463:10 | b [post update] | atl.cpp:467:3:467:3 | b | | -| atl.cpp:463:12:463:16 | ref arg m_str | atl.cpp:466:13:466:17 | m_str | | -| atl.cpp:465:17:465:17 | b | atl.cpp:465:17:465:18 | call to CComBSTR | | -| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:466:10:466:11 | b2 | | -| atl.cpp:465:17:465:18 | call to CComBSTR | atl.cpp:467:3:467:3 | b2 | | -| atl.cpp:466:10:466:11 | b2 [post update] | atl.cpp:467:3:467:3 | b2 | | -| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:470:10:470:10 | b | | -| atl.cpp:469:16:469:21 | call to CComBSTR | atl.cpp:471:3:471:3 | b | | -| atl.cpp:470:10:470:10 | b [post update] | atl.cpp:471:3:471:3 | b | | -| atl.cpp:473:16:473:16 | x | atl.cpp:473:16:473:17 | call to CComBSTR | TAINT | -| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:477:11:477:11 | b | | -| atl.cpp:473:16:473:17 | call to CComBSTR | atl.cpp:513:3:513:3 | b | | -| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:476:10:476:11 | b2 | | -| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:477:5:477:6 | b2 | | -| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:478:10:478:11 | b2 | | -| atl.cpp:475:14:475:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b2 | | -| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:477:5:477:6 | b2 | | -| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:478:10:478:11 | b2 | | -| atl.cpp:476:10:476:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | -| atl.cpp:476:13:476:17 | ref arg m_str | atl.cpp:478:13:478:17 | m_str | | -| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:478:10:478:11 | b2 | | -| atl.cpp:477:5:477:6 | ref arg b2 | atl.cpp:513:3:513:3 | b2 | | -| atl.cpp:478:10:478:11 | b2 [post update] | atl.cpp:513:3:513:3 | b2 | | -| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:481:5:481:6 | b3 | | -| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:482:10:482:11 | b3 | | -| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:483:28:483:29 | b3 | | -| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:484:13:484:14 | b3 | | -| atl.cpp:480:14:480:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b3 | | -| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:482:10:482:11 | b3 | | -| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:483:28:483:29 | b3 | | -| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | -| atl.cpp:481:5:481:6 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | -| atl.cpp:481:11:481:11 | x | atl.cpp:481:11:481:11 | call to CComBSTR | TAINT | -| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:483:28:483:29 | b3 | | -| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:484:13:484:14 | b3 | | -| atl.cpp:482:10:482:11 | b3 [post update] | atl.cpp:513:3:513:3 | b3 | | -| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:484:13:484:14 | b3 | | -| atl.cpp:483:28:483:29 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | -| atl.cpp:484:11:484:14 | * ... | atl.cpp:484:10:484:14 | * ... | TAINT | -| atl.cpp:484:12:484:12 | call to operator& | atl.cpp:484:11:484:14 | * ... | TAINT | -| atl.cpp:484:13:484:14 | ref arg b3 | atl.cpp:513:3:513:3 | b3 | | -| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:487:5:487:6 | b4 | | -| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:488:10:488:11 | b4 | | -| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:491:19:491:20 | b4 | | -| atl.cpp:486:14:486:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b4 | | -| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:488:10:488:11 | b4 | | -| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:491:19:491:20 | b4 | | -| atl.cpp:487:5:487:6 | ref arg b4 | atl.cpp:513:3:513:3 | b4 | | -| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:491:19:491:20 | b4 | | -| atl.cpp:488:10:488:11 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | -| atl.cpp:488:13:488:17 | ref arg m_str | atl.cpp:491:22:491:26 | m_str | | -| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:491:5:491:6 | b5 | | -| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:492:10:492:11 | b5 | | -| atl.cpp:490:14:490:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b5 | | -| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:492:10:492:11 | b5 | | -| atl.cpp:491:5:491:6 | ref arg b5 | atl.cpp:513:3:513:3 | b5 | | -| atl.cpp:491:19:491:20 | b4 [post update] | atl.cpp:513:3:513:3 | b4 | | -| atl.cpp:492:10:492:11 | b5 [post update] | atl.cpp:513:3:513:3 | b5 | | -| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:495:5:495:6 | b6 | | -| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:496:10:496:11 | b6 | | -| atl.cpp:494:14:494:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b6 | | -| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:496:10:496:11 | b6 | | -| atl.cpp:495:5:495:6 | ref arg b6 | atl.cpp:513:3:513:3 | b6 | | -| atl.cpp:496:10:496:11 | b6 [post update] | atl.cpp:513:3:513:3 | b6 | | -| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:499:5:499:6 | b7 | | -| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:500:10:500:11 | b7 | | -| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:503:19:503:20 | b7 | | -| atl.cpp:498:14:498:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b7 | | -| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:500:10:500:11 | b7 | | -| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:503:19:503:20 | b7 | | -| atl.cpp:499:5:499:6 | ref arg b7 | atl.cpp:513:3:513:3 | b7 | | -| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:503:19:503:20 | b7 | | -| atl.cpp:500:10:500:11 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | -| atl.cpp:500:13:500:17 | ref arg m_str | atl.cpp:503:22:503:26 | m_str | | -| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:503:5:503:6 | b8 | | -| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:504:10:504:11 | b8 | | -| atl.cpp:502:14:502:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b8 | | -| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:504:10:504:11 | b8 | | -| atl.cpp:503:5:503:6 | ref arg b8 | atl.cpp:513:3:513:3 | b8 | | -| atl.cpp:503:19:503:20 | b7 [post update] | atl.cpp:513:3:513:3 | b7 | | -| atl.cpp:504:10:504:11 | b8 [post update] | atl.cpp:513:3:513:3 | b8 | | -| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:508:5:508:6 | b9 | | -| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | -| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:512:10:512:11 | b9 | | -| atl.cpp:506:14:506:15 | call to CComBSTR | atl.cpp:513:3:513:3 | b9 | | -| atl.cpp:507:17:507:20 | safe | atl.cpp:509:21:509:24 | safe | | -| atl.cpp:507:17:507:20 | safe | atl.cpp:510:10:510:13 | safe | | -| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:509:5:509:6 | b9 | | -| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | -| atl.cpp:508:5:508:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | -| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:512:10:512:11 | b9 | | -| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | -| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:509:21:509:24 | safe [inner post update] | | -| atl.cpp:509:20:509:24 | ref arg & ... | atl.cpp:510:10:510:13 | safe | | -| atl.cpp:509:21:509:24 | safe | atl.cpp:509:20:509:24 | & ... | | -| atl.cpp:512:10:512:11 | ref arg b9 | atl.cpp:513:3:513:3 | b9 | | -| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:517:16:517:16 | w | | -| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:521:15:521:15 | w | | -| atl.cpp:515:16:515:39 | call to indirect_source | atl.cpp:525:20:525:20 | w | | -| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:521:15:521:15 | w | | -| atl.cpp:517:16:517:16 | ref arg w | atl.cpp:525:20:525:20 | w | | -| atl.cpp:517:16:517:16 | w | atl.cpp:517:16:517:17 | call to CComBSTR | TAINT | -| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:518:10:518:10 | b | | -| atl.cpp:517:16:517:17 | call to CComBSTR | atl.cpp:523:3:523:3 | b | | -| atl.cpp:518:10:518:10 | b [post update] | atl.cpp:523:3:523:3 | b | | -| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:521:5:521:6 | b2 | | -| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:522:10:522:11 | b2 | | -| atl.cpp:520:14:520:15 | call to CComBSTR | atl.cpp:523:3:523:3 | b2 | | -| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:522:10:522:11 | b2 | | -| atl.cpp:521:5:521:6 | ref arg b2 | atl.cpp:523:3:523:3 | b2 | | -| atl.cpp:521:15:521:15 | ref arg w | atl.cpp:525:20:525:20 | w | | -| atl.cpp:522:10:522:11 | b2 [post update] | atl.cpp:523:3:523:3 | b2 | | -| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:526:10:526:10 | b | | -| atl.cpp:525:16:525:21 | call to CComBSTR | atl.cpp:527:3:527:3 | b | | -| atl.cpp:526:10:526:10 | b [post update] | atl.cpp:527:3:527:3 | b | | -| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:573:8:573:11 | safe | | -| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:575:24:575:27 | safe | | -| atl.cpp:572:22:572:33 | call to getSafeArray | atl.cpp:586:11:586:14 | safe | | -| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:575:24:575:27 | safe | | -| atl.cpp:573:8:573:11 | safe [post update] | atl.cpp:586:11:586:14 | safe | | -| atl.cpp:575:24:575:27 | safe | atl.cpp:575:24:575:28 | call to CComSafeArray | TAINT | -| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:576:8:576:8 | c | | -| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | -| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | -| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | | -| atl.cpp:575:24:575:28 | call to CComSafeArray | atl.cpp:580:3:580:3 | c | | -| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:577:8:577:8 | c | | -| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:578:8:578:8 | c | | -| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:579:8:579:8 | c | | -| atl.cpp:576:8:576:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:34:30:34:30 | 1 | atl.cpp:34:29:34:30 | - ... | TAINT | +| atl.cpp:78:14:78:25 | call to source | atl.cpp:79:21:79:21 | x | | +| atl.cpp:79:21:79:21 | x | atl.cpp:79:21:79:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:79:21:79:22 | call to _U_STRINGorID | atl.cpp:80:10:80:10 | u | | +| atl.cpp:84:17:84:43 | call to indirect_source | atl.cpp:85:21:85:21 | y | | +| atl.cpp:85:21:85:21 | y | atl.cpp:85:21:85:22 | call to _U_STRINGorID | TAINT | +| atl.cpp:85:21:85:22 | call to _U_STRINGorID | atl.cpp:86:10:86:10 | u | | +| atl.cpp:105:15:105:35 | call to indirect_source | atl.cpp:106:19:106:19 | x | | +| atl.cpp:106:19:106:19 | x | atl.cpp:106:19:106:20 | call to CA2AEX | TAINT | +| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:107:29:107:29 | a | | +| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:108:10:108:10 | a | | +| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:109:10:109:10 | a | | +| atl.cpp:106:19:106:20 | call to CA2AEX | atl.cpp:110:3:110:3 | a | | +| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:108:10:108:10 | a | | +| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:109:10:109:10 | a | | +| atl.cpp:107:29:107:29 | ref arg a | atl.cpp:110:3:110:3 | a | | +| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:109:10:109:10 | a | | +| atl.cpp:108:10:108:10 | a [post update] | atl.cpp:110:3:110:3 | a | | +| atl.cpp:109:10:109:10 | a [post update] | atl.cpp:110:3:110:3 | a | | +| atl.cpp:113:15:113:35 | call to indirect_source | atl.cpp:114:19:114:19 | x | | +| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:115:29:115:29 | a | | +| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:116:10:116:10 | a | | +| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:117:10:117:10 | a | | +| atl.cpp:114:19:114:23 | call to CA2AEX | atl.cpp:118:3:118:3 | a | | +| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:116:10:116:10 | a | | +| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:117:10:117:10 | a | | +| atl.cpp:115:29:115:29 | ref arg a | atl.cpp:118:3:118:3 | a | | +| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:117:10:117:10 | a | | +| atl.cpp:116:10:116:10 | a [post update] | atl.cpp:118:3:118:3 | a | | +| atl.cpp:117:10:117:10 | a [post update] | atl.cpp:118:3:118:3 | a | | +| atl.cpp:131:14:131:34 | call to indirect_source | atl.cpp:133:20:133:20 | x | | +| atl.cpp:131:14:131:34 | call to indirect_source | atl.cpp:139:20:139:20 | x | | +| atl.cpp:133:20:133:20 | x | atl.cpp:133:20:133:21 | call to CA2CAEX | TAINT | +| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:134:30:134:30 | a | | +| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:135:10:135:10 | a | | +| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:136:10:136:10 | a | | +| atl.cpp:133:20:133:21 | call to CA2CAEX | atl.cpp:137:3:137:3 | a | | +| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:140:30:140:30 | a | | +| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:141:10:141:10 | a | | +| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:142:10:142:10 | a | | +| atl.cpp:139:20:139:24 | call to CA2CAEX | atl.cpp:143:3:143:3 | a | | +| atl.cpp:157:14:157:34 | call to indirect_source | atl.cpp:159:19:159:19 | x | | +| atl.cpp:157:14:157:34 | call to indirect_source | atl.cpp:165:19:165:19 | x | | +| atl.cpp:159:19:159:19 | x | atl.cpp:159:19:159:20 | call to CA2WEX | TAINT | +| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:160:30:160:30 | a | | +| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:161:10:161:10 | a | | +| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:162:10:162:10 | a | | +| atl.cpp:159:19:159:20 | call to CA2WEX | atl.cpp:163:3:163:3 | a | | +| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:161:10:161:10 | a | | +| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:162:10:162:10 | a | | +| atl.cpp:160:30:160:30 | ref arg a | atl.cpp:163:3:163:3 | a | | +| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:162:10:162:10 | a | | +| atl.cpp:161:10:161:10 | a [post update] | atl.cpp:163:3:163:3 | a | | +| atl.cpp:161:12:161:16 | ref arg m_psz | atl.cpp:162:12:162:16 | m_psz | | +| atl.cpp:162:10:162:10 | a [post update] | atl.cpp:163:3:163:3 | a | | +| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:166:30:166:30 | a | | +| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:167:10:167:10 | a | | +| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:168:10:168:10 | a | | +| atl.cpp:165:19:165:23 | call to CA2WEX | atl.cpp:169:3:169:3 | a | | +| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:167:10:167:10 | a | | +| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:168:10:168:10 | a | | +| atl.cpp:166:30:166:30 | ref arg a | atl.cpp:169:3:169:3 | a | | +| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:168:10:168:10 | a | | +| atl.cpp:167:10:167:10 | a [post update] | atl.cpp:169:3:169:3 | a | | +| atl.cpp:167:12:167:16 | ref arg m_psz | atl.cpp:168:12:168:16 | m_psz | | +| atl.cpp:168:10:168:10 | a [post update] | atl.cpp:169:3:169:3 | a | | +| atl.cpp:217:11:217:21 | call to source | atl.cpp:221:11:221:11 | x | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:221:5:221:5 | a | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:222:10:222:10 | a | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:223:5:223:5 | a | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:224:10:224:10 | a | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:228:15:228:15 | a | | +| atl.cpp:220:20:220:20 | call to CAtlArray | atl.cpp:243:3:243:3 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:222:10:222:10 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:223:5:223:5 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:224:10:224:10 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:228:15:228:15 | a | | +| atl.cpp:221:5:221:5 | ref arg a | atl.cpp:243:3:243:3 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:223:5:223:5 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:224:10:224:10 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:228:15:228:15 | a | | +| atl.cpp:222:10:222:10 | ref arg a | atl.cpp:243:3:243:3 | a | | +| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:224:10:224:10 | a | | +| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:228:15:228:15 | a | | +| atl.cpp:223:5:223:5 | ref arg a | atl.cpp:243:3:243:3 | a | | +| atl.cpp:224:10:224:10 | ref arg a | atl.cpp:228:15:228:15 | a | | +| atl.cpp:224:10:224:10 | ref arg a | atl.cpp:243:3:243:3 | a | | +| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:227:10:227:11 | a2 | | +| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:228:5:228:6 | a2 | | +| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:229:10:229:11 | a2 | | +| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:233:13:233:14 | a2 | | +| atl.cpp:226:20:226:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:228:5:228:6 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:229:10:229:11 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | +| atl.cpp:227:10:227:11 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | +| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:229:10:229:11 | a2 | | +| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | +| atl.cpp:228:5:228:6 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | +| atl.cpp:229:10:229:11 | ref arg a2 | atl.cpp:233:13:233:14 | a2 | | +| atl.cpp:229:10:229:11 | ref arg a2 | atl.cpp:243:3:243:3 | a2 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:232:10:232:11 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:233:5:233:6 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:236:10:236:11 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:237:11:237:12 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:231:20:231:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:233:5:233:6 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:232:10:232:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:234:10:234:11 | a3 | | +| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | +| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | +| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:233:5:233:6 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:236:10:236:11 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:234:10:234:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:237:11:237:12 | a3 | | +| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:236:10:236:11 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:237:11:237:12 | ref arg a3 | atl.cpp:241:26:241:27 | a3 | | +| atl.cpp:237:11:237:12 | ref arg a3 | atl.cpp:243:3:243:3 | a3 | | +| atl.cpp:237:14:237:20 | call to GetData | atl.cpp:237:10:237:22 | * ... | TAINT | +| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:240:10:240:11 | a4 | | +| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:241:5:241:6 | a4 | | +| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:242:10:242:11 | a4 | | +| atl.cpp:239:20:239:21 | call to CAtlArray | atl.cpp:243:3:243:3 | a4 | | +| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:241:5:241:6 | a4 | | +| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:242:10:242:11 | a4 | | +| atl.cpp:240:10:240:11 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | +| atl.cpp:241:5:241:6 | ref arg a4 | atl.cpp:242:10:242:11 | a4 | | +| atl.cpp:241:5:241:6 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | +| atl.cpp:241:26:241:27 | a3 | atl.cpp:241:25:241:27 | & ... | | +| atl.cpp:242:10:242:11 | ref arg a4 | atl.cpp:243:3:243:3 | a4 | | +| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:246:5:246:6 | a5 | | +| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:247:10:247:11 | a5 | | +| atl.cpp:245:20:245:21 | call to CAtlArray | atl.cpp:252:3:252:3 | a5 | | +| atl.cpp:246:5:246:6 | ref arg a5 | atl.cpp:247:10:247:11 | a5 | | +| atl.cpp:246:5:246:6 | ref arg a5 | atl.cpp:252:3:252:3 | a5 | | +| atl.cpp:247:10:247:11 | ref arg a5 | atl.cpp:252:3:252:3 | a5 | | +| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:250:5:250:6 | a6 | | +| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:251:10:251:11 | a6 | | +| atl.cpp:249:20:249:21 | call to CAtlArray | atl.cpp:252:3:252:3 | a6 | | +| atl.cpp:250:5:250:6 | ref arg a6 | atl.cpp:251:10:251:11 | a6 | | +| atl.cpp:250:5:250:6 | ref arg a6 | atl.cpp:252:3:252:3 | a6 | | +| atl.cpp:251:10:251:11 | ref arg a6 | atl.cpp:252:3:252:3 | a6 | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:301:18:301:18 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:309:19:309:19 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:318:29:318:29 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:324:21:324:21 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:332:30:332:30 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:339:31:339:31 | x | | +| atl.cpp:297:11:297:21 | call to source | atl.cpp:344:44:344:44 | x | | +| atl.cpp:299:24:299:25 | 10 | atl.cpp:299:24:299:26 | call to CAtlList | TAINT | +| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:300:10:300:13 | list | | +| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:301:5:301:8 | list | | +| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:302:10:302:13 | list | | +| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:305:24:305:27 | list | | +| atl.cpp:299:24:299:26 | call to CAtlList | atl.cpp:347:3:347:3 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:301:5:301:8 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:302:10:302:13 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:305:24:305:27 | list | | +| atl.cpp:300:10:300:13 | ref arg list | atl.cpp:347:3:347:3 | list | | +| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:302:10:302:13 | list | | +| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:305:24:305:27 | list | | +| atl.cpp:301:5:301:8 | ref arg list | atl.cpp:347:3:347:3 | list | | +| atl.cpp:302:10:302:13 | ref arg list | atl.cpp:305:24:305:27 | list | | +| atl.cpp:302:10:302:13 | ref arg list | atl.cpp:347:3:347:3 | list | | +| atl.cpp:304:25:304:26 | 10 | atl.cpp:304:25:304:27 | call to CAtlList | TAINT | +| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:305:5:305:9 | list2 | | +| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:306:10:306:14 | list2 | | +| atl.cpp:304:25:304:27 | call to CAtlList | atl.cpp:347:3:347:3 | list2 | | +| atl.cpp:305:5:305:9 | ref arg list2 | atl.cpp:306:10:306:14 | list2 | | +| atl.cpp:305:5:305:9 | ref arg list2 | atl.cpp:347:3:347:3 | list2 | | +| atl.cpp:305:24:305:27 | list | atl.cpp:305:23:305:27 | & ... | | +| atl.cpp:306:10:306:14 | ref arg list2 | atl.cpp:347:3:347:3 | list2 | | +| atl.cpp:308:25:308:26 | 10 | atl.cpp:308:25:308:27 | call to CAtlList | TAINT | +| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:309:5:309:9 | list3 | | +| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:310:10:310:14 | list3 | | +| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:313:24:313:28 | list3 | | +| atl.cpp:308:25:308:27 | call to CAtlList | atl.cpp:347:3:347:3 | list3 | | +| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:310:10:310:14 | list3 | | +| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:313:24:313:28 | list3 | | +| atl.cpp:309:5:309:9 | ref arg list3 | atl.cpp:347:3:347:3 | list3 | | +| atl.cpp:310:10:310:14 | ref arg list3 | atl.cpp:313:24:313:28 | list3 | | +| atl.cpp:310:10:310:14 | ref arg list3 | atl.cpp:347:3:347:3 | list3 | | +| atl.cpp:312:25:312:26 | 10 | atl.cpp:312:25:312:27 | call to CAtlList | TAINT | +| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:313:5:313:9 | list4 | | +| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:314:10:314:14 | list4 | | +| atl.cpp:312:25:312:27 | call to CAtlList | atl.cpp:347:3:347:3 | list4 | | +| atl.cpp:313:5:313:9 | ref arg list4 | atl.cpp:314:10:314:14 | list4 | | +| atl.cpp:313:5:313:9 | ref arg list4 | atl.cpp:347:3:347:3 | list4 | | +| atl.cpp:313:24:313:28 | list3 | atl.cpp:313:23:313:28 | & ... | | +| atl.cpp:314:10:314:14 | ref arg list4 | atl.cpp:347:3:347:3 | list4 | | +| atl.cpp:317:27:317:28 | 10 | atl.cpp:317:27:317:29 | call to CAtlList | TAINT | +| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:318:18:318:22 | list5 | | +| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:318:32:318:36 | list5 | | +| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:319:12:319:16 | list5 | | +| atl.cpp:317:27:317:29 | call to CAtlList | atl.cpp:320:5:320:5 | list5 | | +| atl.cpp:318:18:318:22 | ref arg list5 | atl.cpp:319:12:319:16 | list5 | | +| atl.cpp:318:18:318:22 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | +| atl.cpp:318:24:318:27 | call to Find | atl.cpp:319:24:319:26 | pos | | +| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:318:18:318:22 | list5 | | +| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:319:12:319:16 | list5 | | +| atl.cpp:318:32:318:36 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | +| atl.cpp:319:12:319:16 | ref arg list5 | atl.cpp:320:5:320:5 | list5 | | +| atl.cpp:323:27:323:28 | 10 | atl.cpp:323:27:323:29 | call to CAtlList | TAINT | +| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:324:7:324:11 | list6 | | +| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:325:18:325:22 | list6 | | +| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:326:12:326:16 | list6 | | +| atl.cpp:323:27:323:29 | call to CAtlList | atl.cpp:327:5:327:5 | list6 | | +| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:325:18:325:22 | list6 | | +| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:326:12:326:16 | list6 | | +| atl.cpp:324:7:324:11 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | +| atl.cpp:325:18:325:22 | ref arg list6 | atl.cpp:326:12:326:16 | list6 | | +| atl.cpp:325:18:325:22 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | +| atl.cpp:325:24:325:32 | call to FindIndex | atl.cpp:326:24:326:26 | pos | | +| atl.cpp:326:12:326:16 | ref arg list6 | atl.cpp:327:5:327:5 | list6 | | +| atl.cpp:330:27:330:28 | 10 | atl.cpp:330:27:330:29 | call to CAtlList | TAINT | +| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:331:18:331:22 | list7 | | +| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:332:7:332:11 | list7 | | +| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:333:12:333:16 | list7 | | +| atl.cpp:330:27:330:29 | call to CAtlList | atl.cpp:334:5:334:5 | list7 | | +| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:332:7:332:11 | list7 | | +| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:333:12:333:16 | list7 | | +| atl.cpp:331:18:331:22 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | +| atl.cpp:331:24:331:38 | call to GetTailPosition | atl.cpp:332:25:332:27 | pos | | +| atl.cpp:332:7:332:11 | ref arg list7 | atl.cpp:333:12:333:16 | list7 | | +| atl.cpp:332:7:332:11 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | +| atl.cpp:333:12:333:16 | ref arg list7 | atl.cpp:334:5:334:5 | list7 | | +| atl.cpp:337:27:337:28 | 10 | atl.cpp:337:27:337:29 | call to CAtlList | TAINT | +| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:338:18:338:22 | list8 | | +| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:339:7:339:11 | list8 | | +| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:340:12:340:16 | list8 | | +| atl.cpp:337:27:337:29 | call to CAtlList | atl.cpp:341:5:341:5 | list8 | | +| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:339:7:339:11 | list8 | | +| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:340:12:340:16 | list8 | | +| atl.cpp:338:18:338:22 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | +| atl.cpp:338:24:338:38 | call to GetTailPosition | atl.cpp:339:26:339:28 | pos | | +| atl.cpp:339:7:339:11 | ref arg list8 | atl.cpp:340:12:340:16 | list8 | | +| atl.cpp:339:7:339:11 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | +| atl.cpp:340:12:340:16 | ref arg list8 | atl.cpp:341:5:341:5 | list8 | | +| atl.cpp:343:27:343:28 | 10 | atl.cpp:343:27:343:29 | call to CAtlList | TAINT | +| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:344:7:344:11 | list9 | | +| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:344:19:344:23 | list9 | | +| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:345:12:345:16 | list9 | | +| atl.cpp:343:27:343:29 | call to CAtlList | atl.cpp:346:5:346:5 | list9 | | +| atl.cpp:344:7:344:11 | ref arg list9 | atl.cpp:345:12:345:16 | list9 | | +| atl.cpp:344:7:344:11 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | +| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:344:7:344:11 | list9 | | +| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:345:12:345:16 | list9 | | +| atl.cpp:344:19:344:23 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | +| atl.cpp:345:12:345:16 | ref arg list9 | atl.cpp:346:5:346:5 | list9 | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:353:18:353:18 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:361:19:361:19 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:370:29:370:29 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:376:21:376:21 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:384:30:384:30 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:391:31:391:31 | p | | +| atl.cpp:349:12:349:31 | call to indirect_source | atl.cpp:396:44:396:44 | p | | +| atl.cpp:351:25:351:26 | 10 | atl.cpp:351:25:351:27 | call to CAtlList | TAINT | +| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:352:10:352:13 | list | | +| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:353:5:353:8 | list | | +| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:354:10:354:13 | list | | +| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:357:24:357:27 | list | | +| atl.cpp:351:25:351:27 | call to CAtlList | atl.cpp:399:3:399:3 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:353:5:353:8 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:354:10:354:13 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:357:24:357:27 | list | | +| atl.cpp:352:10:352:13 | ref arg list | atl.cpp:399:3:399:3 | list | | +| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:354:10:354:13 | list | | +| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:357:24:357:27 | list | | +| atl.cpp:353:5:353:8 | ref arg list | atl.cpp:399:3:399:3 | list | | +| atl.cpp:354:10:354:13 | ref arg list | atl.cpp:357:24:357:27 | list | | +| atl.cpp:354:10:354:13 | ref arg list | atl.cpp:399:3:399:3 | list | | +| atl.cpp:356:26:356:27 | 10 | atl.cpp:356:26:356:28 | call to CAtlList | TAINT | +| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:357:5:357:9 | list2 | | +| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:358:10:358:14 | list2 | | +| atl.cpp:356:26:356:28 | call to CAtlList | atl.cpp:399:3:399:3 | list2 | | +| atl.cpp:357:5:357:9 | ref arg list2 | atl.cpp:358:10:358:14 | list2 | | +| atl.cpp:357:5:357:9 | ref arg list2 | atl.cpp:399:3:399:3 | list2 | | +| atl.cpp:357:24:357:27 | list | atl.cpp:357:23:357:27 | & ... | | +| atl.cpp:358:10:358:14 | ref arg list2 | atl.cpp:399:3:399:3 | list2 | | +| atl.cpp:360:26:360:27 | 10 | atl.cpp:360:26:360:28 | call to CAtlList | TAINT | +| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:361:5:361:9 | list3 | | +| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:362:10:362:14 | list3 | | +| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:365:24:365:28 | list3 | | +| atl.cpp:360:26:360:28 | call to CAtlList | atl.cpp:399:3:399:3 | list3 | | +| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:362:10:362:14 | list3 | | +| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:365:24:365:28 | list3 | | +| atl.cpp:361:5:361:9 | ref arg list3 | atl.cpp:399:3:399:3 | list3 | | +| atl.cpp:362:10:362:14 | ref arg list3 | atl.cpp:365:24:365:28 | list3 | | +| atl.cpp:362:10:362:14 | ref arg list3 | atl.cpp:399:3:399:3 | list3 | | +| atl.cpp:364:26:364:27 | 10 | atl.cpp:364:26:364:28 | call to CAtlList | TAINT | +| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:365:5:365:9 | list4 | | +| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:366:10:366:14 | list4 | | +| atl.cpp:364:26:364:28 | call to CAtlList | atl.cpp:399:3:399:3 | list4 | | +| atl.cpp:365:5:365:9 | ref arg list4 | atl.cpp:366:10:366:14 | list4 | | +| atl.cpp:365:5:365:9 | ref arg list4 | atl.cpp:399:3:399:3 | list4 | | +| atl.cpp:365:24:365:28 | list3 | atl.cpp:365:23:365:28 | & ... | | +| atl.cpp:366:10:366:14 | ref arg list4 | atl.cpp:399:3:399:3 | list4 | | +| atl.cpp:369:28:369:29 | 10 | atl.cpp:369:28:369:30 | call to CAtlList | TAINT | +| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:370:18:370:22 | list5 | | +| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:370:32:370:36 | list5 | | +| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:371:12:371:16 | list5 | | +| atl.cpp:369:28:369:30 | call to CAtlList | atl.cpp:372:5:372:5 | list5 | | +| atl.cpp:370:18:370:22 | ref arg list5 | atl.cpp:371:12:371:16 | list5 | | +| atl.cpp:370:18:370:22 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | +| atl.cpp:370:24:370:27 | call to Find | atl.cpp:371:24:371:26 | pos | | +| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:370:18:370:22 | list5 | | +| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:371:12:371:16 | list5 | | +| atl.cpp:370:32:370:36 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | +| atl.cpp:371:12:371:16 | ref arg list5 | atl.cpp:372:5:372:5 | list5 | | +| atl.cpp:375:28:375:29 | 10 | atl.cpp:375:28:375:30 | call to CAtlList | TAINT | +| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:376:7:376:11 | list6 | | +| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:377:18:377:22 | list6 | | +| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:378:12:378:16 | list6 | | +| atl.cpp:375:28:375:30 | call to CAtlList | atl.cpp:379:5:379:5 | list6 | | +| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:377:18:377:22 | list6 | | +| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:378:12:378:16 | list6 | | +| atl.cpp:376:7:376:11 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | +| atl.cpp:377:18:377:22 | ref arg list6 | atl.cpp:378:12:378:16 | list6 | | +| atl.cpp:377:18:377:22 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | +| atl.cpp:377:24:377:32 | call to FindIndex | atl.cpp:378:24:378:26 | pos | | +| atl.cpp:378:12:378:16 | ref arg list6 | atl.cpp:379:5:379:5 | list6 | | +| atl.cpp:382:28:382:29 | 10 | atl.cpp:382:28:382:30 | call to CAtlList | TAINT | +| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:383:18:383:22 | list7 | | +| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:384:7:384:11 | list7 | | +| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:385:12:385:16 | list7 | | +| atl.cpp:382:28:382:30 | call to CAtlList | atl.cpp:386:5:386:5 | list7 | | +| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:384:7:384:11 | list7 | | +| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:385:12:385:16 | list7 | | +| atl.cpp:383:18:383:22 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | +| atl.cpp:383:24:383:38 | call to GetTailPosition | atl.cpp:384:25:384:27 | pos | | +| atl.cpp:384:7:384:11 | ref arg list7 | atl.cpp:385:12:385:16 | list7 | | +| atl.cpp:384:7:384:11 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | +| atl.cpp:385:12:385:16 | ref arg list7 | atl.cpp:386:5:386:5 | list7 | | +| atl.cpp:389:28:389:29 | 10 | atl.cpp:389:28:389:30 | call to CAtlList | TAINT | +| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:390:18:390:22 | list8 | | +| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:391:7:391:11 | list8 | | +| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:392:12:392:16 | list8 | | +| atl.cpp:389:28:389:30 | call to CAtlList | atl.cpp:393:5:393:5 | list8 | | +| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:391:7:391:11 | list8 | | +| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:392:12:392:16 | list8 | | +| atl.cpp:390:18:390:22 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | +| atl.cpp:390:24:390:38 | call to GetTailPosition | atl.cpp:391:26:391:28 | pos | | +| atl.cpp:391:7:391:11 | ref arg list8 | atl.cpp:392:12:392:16 | list8 | | +| atl.cpp:391:7:391:11 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | +| atl.cpp:392:12:392:16 | ref arg list8 | atl.cpp:393:5:393:5 | list8 | | +| atl.cpp:395:28:395:29 | 10 | atl.cpp:395:28:395:30 | call to CAtlList | TAINT | +| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:396:7:396:11 | list9 | | +| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:396:19:396:23 | list9 | | +| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:397:12:397:16 | list9 | | +| atl.cpp:395:28:395:30 | call to CAtlList | atl.cpp:398:5:398:5 | list9 | | +| atl.cpp:396:7:396:11 | ref arg list9 | atl.cpp:397:12:397:16 | list9 | | +| atl.cpp:396:7:396:11 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | +| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:396:7:396:11 | list9 | | +| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:397:12:397:16 | list9 | | +| atl.cpp:396:19:396:23 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | +| atl.cpp:397:12:397:16 | ref arg list9 | atl.cpp:398:5:398:5 | list9 | | +| atl.cpp:455:21:455:33 | new | atl.cpp:456:3:456:6 | safe | | +| atl.cpp:455:21:455:33 | new | atl.cpp:457:10:457:13 | safe | | +| atl.cpp:456:3:456:6 | safe [post update] | atl.cpp:457:10:457:13 | safe | | +| atl.cpp:456:3:456:40 | ... = ... | atl.cpp:456:9:456:14 | pvData [post update] | | +| atl.cpp:456:18:456:38 | call to indirect_source | atl.cpp:456:3:456:40 | ... = ... | | +| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:463:16:463:16 | x | | +| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:470:20:470:20 | x | | +| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:474:16:474:16 | x | | +| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:482:11:482:11 | x | | +| atl.cpp:461:13:461:33 | call to indirect_source | atl.cpp:496:20:496:20 | x | | +| atl.cpp:463:16:463:16 | x | atl.cpp:463:16:463:17 | call to CComBSTR | TAINT | +| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:464:10:464:10 | b | | +| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:466:17:466:17 | b | | +| atl.cpp:463:16:463:17 | call to CComBSTR | atl.cpp:468:3:468:3 | b | | +| atl.cpp:464:10:464:10 | b [post update] | atl.cpp:466:17:466:17 | b | | +| atl.cpp:464:10:464:10 | b [post update] | atl.cpp:468:3:468:3 | b | | +| atl.cpp:464:12:464:16 | ref arg m_str | atl.cpp:467:13:467:17 | m_str | | +| atl.cpp:466:17:466:17 | b | atl.cpp:466:17:466:18 | call to CComBSTR | | +| atl.cpp:466:17:466:18 | call to CComBSTR | atl.cpp:467:10:467:11 | b2 | | +| atl.cpp:466:17:466:18 | call to CComBSTR | atl.cpp:468:3:468:3 | b2 | | +| atl.cpp:467:10:467:11 | b2 [post update] | atl.cpp:468:3:468:3 | b2 | | +| atl.cpp:470:16:470:21 | call to CComBSTR | atl.cpp:471:10:471:10 | b | | +| atl.cpp:470:16:470:21 | call to CComBSTR | atl.cpp:472:3:472:3 | b | | +| atl.cpp:471:10:471:10 | b [post update] | atl.cpp:472:3:472:3 | b | | +| atl.cpp:474:16:474:16 | x | atl.cpp:474:16:474:17 | call to CComBSTR | TAINT | +| atl.cpp:474:16:474:17 | call to CComBSTR | atl.cpp:478:11:478:11 | b | | +| atl.cpp:474:16:474:17 | call to CComBSTR | atl.cpp:514:3:514:3 | b | | +| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:477:10:477:11 | b2 | | +| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:478:5:478:6 | b2 | | +| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:479:10:479:11 | b2 | | +| atl.cpp:476:14:476:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b2 | | +| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:478:5:478:6 | b2 | | +| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:479:10:479:11 | b2 | | +| atl.cpp:477:10:477:11 | b2 [post update] | atl.cpp:514:3:514:3 | b2 | | +| atl.cpp:477:13:477:17 | ref arg m_str | atl.cpp:479:13:479:17 | m_str | | +| atl.cpp:478:5:478:6 | ref arg b2 | atl.cpp:479:10:479:11 | b2 | | +| atl.cpp:478:5:478:6 | ref arg b2 | atl.cpp:514:3:514:3 | b2 | | +| atl.cpp:479:10:479:11 | b2 [post update] | atl.cpp:514:3:514:3 | b2 | | +| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:482:5:482:6 | b3 | | +| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:483:10:483:11 | b3 | | +| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:484:28:484:29 | b3 | | +| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:485:13:485:14 | b3 | | +| atl.cpp:481:14:481:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b3 | | +| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:483:10:483:11 | b3 | | +| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:484:28:484:29 | b3 | | +| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:485:13:485:14 | b3 | | +| atl.cpp:482:5:482:6 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | +| atl.cpp:482:11:482:11 | x | atl.cpp:482:11:482:11 | call to CComBSTR | TAINT | +| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:484:28:484:29 | b3 | | +| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:485:13:485:14 | b3 | | +| atl.cpp:483:10:483:11 | b3 [post update] | atl.cpp:514:3:514:3 | b3 | | +| atl.cpp:484:28:484:29 | ref arg b3 | atl.cpp:485:13:485:14 | b3 | | +| atl.cpp:484:28:484:29 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | +| atl.cpp:485:11:485:14 | * ... | atl.cpp:485:10:485:14 | * ... | TAINT | +| atl.cpp:485:12:485:12 | call to operator& | atl.cpp:485:11:485:14 | * ... | TAINT | +| atl.cpp:485:13:485:14 | ref arg b3 | atl.cpp:514:3:514:3 | b3 | | +| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:488:5:488:6 | b4 | | +| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:489:10:489:11 | b4 | | +| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:492:19:492:20 | b4 | | +| atl.cpp:487:14:487:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b4 | | +| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:489:10:489:11 | b4 | | +| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:492:19:492:20 | b4 | | +| atl.cpp:488:5:488:6 | ref arg b4 | atl.cpp:514:3:514:3 | b4 | | +| atl.cpp:489:10:489:11 | b4 [post update] | atl.cpp:492:19:492:20 | b4 | | +| atl.cpp:489:10:489:11 | b4 [post update] | atl.cpp:514:3:514:3 | b4 | | +| atl.cpp:489:13:489:17 | ref arg m_str | atl.cpp:492:22:492:26 | m_str | | +| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:492:5:492:6 | b5 | | +| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:493:10:493:11 | b5 | | +| atl.cpp:491:14:491:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b5 | | +| atl.cpp:492:5:492:6 | ref arg b5 | atl.cpp:493:10:493:11 | b5 | | +| atl.cpp:492:5:492:6 | ref arg b5 | atl.cpp:514:3:514:3 | b5 | | +| atl.cpp:492:19:492:20 | b4 [post update] | atl.cpp:514:3:514:3 | b4 | | +| atl.cpp:493:10:493:11 | b5 [post update] | atl.cpp:514:3:514:3 | b5 | | +| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:496:5:496:6 | b6 | | +| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:497:10:497:11 | b6 | | +| atl.cpp:495:14:495:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b6 | | +| atl.cpp:496:5:496:6 | ref arg b6 | atl.cpp:497:10:497:11 | b6 | | +| atl.cpp:496:5:496:6 | ref arg b6 | atl.cpp:514:3:514:3 | b6 | | +| atl.cpp:497:10:497:11 | b6 [post update] | atl.cpp:514:3:514:3 | b6 | | +| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:500:5:500:6 | b7 | | +| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:501:10:501:11 | b7 | | +| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:504:19:504:20 | b7 | | +| atl.cpp:499:14:499:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b7 | | +| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:501:10:501:11 | b7 | | +| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:504:19:504:20 | b7 | | +| atl.cpp:500:5:500:6 | ref arg b7 | atl.cpp:514:3:514:3 | b7 | | +| atl.cpp:501:10:501:11 | b7 [post update] | atl.cpp:504:19:504:20 | b7 | | +| atl.cpp:501:10:501:11 | b7 [post update] | atl.cpp:514:3:514:3 | b7 | | +| atl.cpp:501:13:501:17 | ref arg m_str | atl.cpp:504:22:504:26 | m_str | | +| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:504:5:504:6 | b8 | | +| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:505:10:505:11 | b8 | | +| atl.cpp:503:14:503:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b8 | | +| atl.cpp:504:5:504:6 | ref arg b8 | atl.cpp:505:10:505:11 | b8 | | +| atl.cpp:504:5:504:6 | ref arg b8 | atl.cpp:514:3:514:3 | b8 | | +| atl.cpp:504:19:504:20 | b7 [post update] | atl.cpp:514:3:514:3 | b7 | | +| atl.cpp:505:10:505:11 | b8 [post update] | atl.cpp:514:3:514:3 | b8 | | +| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:509:5:509:6 | b9 | | +| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:510:5:510:6 | b9 | | +| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:513:10:513:11 | b9 | | +| atl.cpp:507:14:507:15 | call to CComBSTR | atl.cpp:514:3:514:3 | b9 | | +| atl.cpp:508:17:508:20 | safe | atl.cpp:510:21:510:24 | safe | | +| atl.cpp:508:17:508:20 | safe | atl.cpp:511:10:511:13 | safe | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:510:5:510:6 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:513:10:513:11 | b9 | | +| atl.cpp:509:5:509:6 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | +| atl.cpp:510:5:510:6 | ref arg b9 | atl.cpp:513:10:513:11 | b9 | | +| atl.cpp:510:5:510:6 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | +| atl.cpp:510:20:510:24 | ref arg & ... | atl.cpp:510:21:510:24 | safe [inner post update] | | +| atl.cpp:510:20:510:24 | ref arg & ... | atl.cpp:511:10:511:13 | safe | | +| atl.cpp:510:21:510:24 | safe | atl.cpp:510:20:510:24 | & ... | | +| atl.cpp:513:10:513:11 | ref arg b9 | atl.cpp:514:3:514:3 | b9 | | +| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:518:16:518:16 | w | | +| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:522:15:522:15 | w | | +| atl.cpp:516:16:516:39 | call to indirect_source | atl.cpp:526:20:526:20 | w | | +| atl.cpp:518:16:518:16 | ref arg w | atl.cpp:522:15:522:15 | w | | +| atl.cpp:518:16:518:16 | ref arg w | atl.cpp:526:20:526:20 | w | | +| atl.cpp:518:16:518:16 | w | atl.cpp:518:16:518:17 | call to CComBSTR | TAINT | +| atl.cpp:518:16:518:17 | call to CComBSTR | atl.cpp:519:10:519:10 | b | | +| atl.cpp:518:16:518:17 | call to CComBSTR | atl.cpp:524:3:524:3 | b | | +| atl.cpp:519:10:519:10 | b [post update] | atl.cpp:524:3:524:3 | b | | +| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:522:5:522:6 | b2 | | +| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:523:10:523:11 | b2 | | +| atl.cpp:521:14:521:15 | call to CComBSTR | atl.cpp:524:3:524:3 | b2 | | +| atl.cpp:522:5:522:6 | ref arg b2 | atl.cpp:523:10:523:11 | b2 | | +| atl.cpp:522:5:522:6 | ref arg b2 | atl.cpp:524:3:524:3 | b2 | | +| atl.cpp:522:15:522:15 | ref arg w | atl.cpp:526:20:526:20 | w | | +| atl.cpp:523:10:523:11 | b2 [post update] | atl.cpp:524:3:524:3 | b2 | | +| atl.cpp:526:16:526:21 | call to CComBSTR | atl.cpp:527:10:527:10 | b | | +| atl.cpp:526:16:526:21 | call to CComBSTR | atl.cpp:528:3:528:3 | b | | +| atl.cpp:527:10:527:10 | b [post update] | atl.cpp:528:3:528:3 | b | | +| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:574:8:574:11 | safe | | +| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:576:24:576:27 | safe | | +| atl.cpp:573:22:573:33 | call to getSafeArray | atl.cpp:587:11:587:14 | safe | | +| atl.cpp:574:8:574:11 | safe [post update] | atl.cpp:576:24:576:27 | safe | | +| atl.cpp:574:8:574:11 | safe [post update] | atl.cpp:587:11:587:14 | safe | | +| atl.cpp:576:24:576:27 | safe | atl.cpp:576:24:576:28 | call to CComSafeArray | TAINT | +| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:577:8:577:8 | c | | +| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:578:8:578:8 | c | | +| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:579:8:579:8 | c | | +| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:580:8:580:8 | c | | +| atl.cpp:576:24:576:28 | call to CComSafeArray | atl.cpp:581:3:581:3 | c | | | atl.cpp:577:8:577:8 | ref arg c | atl.cpp:578:8:578:8 | c | | | atl.cpp:577:8:577:8 | ref arg c | atl.cpp:579:8:579:8 | c | | -| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:3:580:3 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:580:8:580:8 | c | | +| atl.cpp:577:8:577:8 | ref arg c | atl.cpp:581:3:581:3 | c | | | atl.cpp:578:8:578:8 | ref arg c | atl.cpp:579:8:579:8 | c | | -| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:3:580:3 | c | | -| atl.cpp:579:8:579:8 | c [post update] | atl.cpp:580:3:580:3 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:583:10:583:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:586:5:586:5 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:587:10:587:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:590:35:590:35 | c | | -| atl.cpp:582:24:582:24 | call to CComSafeArray | atl.cpp:591:3:591:3 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:584:10:584:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:586:5:586:5 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:587:10:587:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:583:10:583:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:580:8:580:8 | c | | +| atl.cpp:578:8:578:8 | ref arg c | atl.cpp:581:3:581:3 | c | | +| atl.cpp:579:8:579:8 | ref arg c | atl.cpp:580:8:580:8 | c | | +| atl.cpp:579:8:579:8 | ref arg c | atl.cpp:581:3:581:3 | c | | +| atl.cpp:580:8:580:8 | c [post update] | atl.cpp:581:3:581:3 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:584:10:584:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:585:10:585:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:586:10:586:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:587:5:587:5 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:588:10:588:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:589:10:589:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:590:10:590:10 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:591:35:591:35 | c | | +| atl.cpp:583:24:583:24 | call to CComSafeArray | atl.cpp:592:3:592:3 | c | | | atl.cpp:584:10:584:10 | ref arg c | atl.cpp:585:10:585:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:5:586:5 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:587:5:587:5 | c | | | atl.cpp:584:10:584:10 | ref arg c | atl.cpp:588:10:588:10 | c | | | atl.cpp:584:10:584:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:5:586:5 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:10:587:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:584:10:584:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:586:10:586:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:587:5:587:5 | c | | | atl.cpp:585:10:585:10 | ref arg c | atl.cpp:588:10:588:10 | c | | | atl.cpp:585:10:585:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:587:10:587:10 | c | | -| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:586:5:586:5 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:588:10:588:10 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:587:10:587:10 | ref arg c | atl.cpp:591:3:591:3 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:585:10:585:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:587:5:587:5 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:586:10:586:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:588:10:588:10 | c | | +| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:589:10:589:10 | c | | +| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:587:5:587:5 | ref arg c | atl.cpp:592:3:592:3 | c | | | atl.cpp:588:10:588:10 | ref arg c | atl.cpp:589:10:589:10 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:35:590:35 | c | | -| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:590:35:590:35 | ref arg c | atl.cpp:591:3:591:3 | c | | -| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:594:5:594:5 | c | | -| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:595:10:595:10 | c | | -| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | -| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | | -| atl.cpp:593:24:593:24 | call to CComSafeArray | atl.cpp:598:3:598:3 | c | | -| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:595:10:595:10 | c | | -| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:597:10:597:10 | c | | -| atl.cpp:594:5:594:5 | ref arg c | atl.cpp:598:3:598:3 | c | | -| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:596:10:596:10 | c | | -| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:597:10:597:10 | c | | -| atl.cpp:595:10:595:10 | ref arg c | atl.cpp:598:3:598:3 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:588:10:588:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:590:10:590:10 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:589:10:589:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:590:10:590:10 | ref arg c | atl.cpp:591:35:591:35 | c | | +| atl.cpp:590:10:590:10 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:591:35:591:35 | ref arg c | atl.cpp:592:3:592:3 | c | | +| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:595:5:595:5 | c | | +| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:596:10:596:10 | c | | +| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:597:10:597:10 | c | | +| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:598:10:598:10 | c | | +| atl.cpp:594:24:594:24 | call to CComSafeArray | atl.cpp:599:3:599:3 | c | | +| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:596:10:596:10 | c | | +| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:597:10:597:10 | c | | +| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:598:10:598:10 | c | | +| atl.cpp:595:5:595:5 | ref arg c | atl.cpp:599:3:599:3 | c | | | atl.cpp:596:10:596:10 | ref arg c | atl.cpp:597:10:597:10 | c | | -| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:3:598:3 | c | | -| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:3:598:3 | c | | -| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:601:5:601:5 | c | | -| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:602:10:602:10 | c | | -| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | | -| atl.cpp:600:24:600:24 | call to CComSafeArray | atl.cpp:604:3:604:3 | c | | -| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:602:10:602:10 | c | | -| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:603:10:603:10 | c | | -| atl.cpp:601:5:601:5 | ref arg c | atl.cpp:604:3:604:3 | c | | -| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:603:10:603:10 | c | | -| atl.cpp:602:10:602:10 | ref arg c | atl.cpp:604:3:604:3 | c | | -| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:3:604:3 | c | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:666:11:666:11 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:675:20:675:20 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:680:14:680:14 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:688:11:688:11 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:694:15:694:15 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:699:24:699:24 | x | | -| atl.cpp:665:13:665:33 | call to indirect_source | atl.cpp:705:30:705:30 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:675:20:675:20 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:680:14:680:14 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:688:11:688:11 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:694:15:694:15 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:699:24:699:24 | x | | -| atl.cpp:666:11:666:11 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:666:11:666:11 | x | atl.cpp:666:11:666:12 | call to CPathT | TAINT | -| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:667:27:667:27 | p | | -| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:668:8:668:8 | p | | -| atl.cpp:666:11:666:12 | call to CPathT | atl.cpp:670:12:670:12 | p | | -| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:668:8:668:8 | p | | -| atl.cpp:667:27:667:27 | ref arg p | atl.cpp:670:12:670:12 | p | | -| atl.cpp:668:8:668:8 | p [post update] | atl.cpp:670:12:670:12 | p | | -| atl.cpp:668:10:668:18 | ref arg m_strPath | atl.cpp:671:11:671:19 | m_strPath | | -| atl.cpp:670:12:670:12 | p | atl.cpp:670:12:670:13 | call to CPathT | | -| atl.cpp:670:12:670:13 | call to CPathT | atl.cpp:671:8:671:9 | p2 | | -| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:675:5:675:5 | p | | -| atl.cpp:674:11:674:11 | call to CPathT | atl.cpp:676:10:676:10 | p | | -| atl.cpp:675:5:675:5 | ref arg p | atl.cpp:676:10:676:10 | p | | -| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:680:14:680:14 | x | | -| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:688:11:688:11 | x | | -| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:694:15:694:15 | x | | -| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:699:24:699:24 | x | | -| atl.cpp:675:20:675:20 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:680:5:680:5 | p | | -| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:681:10:681:10 | p | | -| atl.cpp:679:11:679:11 | call to CPathT | atl.cpp:684:11:684:11 | p | | -| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:681:10:681:10 | p | | -| atl.cpp:680:5:680:5 | ref arg p | atl.cpp:684:11:684:11 | p | | -| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:688:11:688:11 | x | | -| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:694:15:694:15 | x | | -| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:699:24:699:24 | x | | -| atl.cpp:680:14:680:14 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:681:10:681:10 | p [post update] | atl.cpp:684:11:684:11 | p | | -| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:684:5:684:6 | p2 | | -| atl.cpp:683:11:683:12 | call to CPathT | atl.cpp:685:10:685:11 | p2 | | -| atl.cpp:684:5:684:6 | ref arg p2 | atl.cpp:685:10:685:11 | p2 | | -| atl.cpp:684:11:684:11 | call to operator char *& | atl.cpp:684:8:684:8 | call to operator+= | TAINT | -| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:688:5:688:6 | p3 | | -| atl.cpp:687:11:687:12 | call to CPathT | atl.cpp:689:10:689:11 | p3 | | -| atl.cpp:688:5:688:6 | ref arg p3 | atl.cpp:689:10:689:11 | p3 | | -| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:694:15:694:15 | x | | -| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:699:24:699:24 | x | | -| atl.cpp:688:11:688:11 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:688:11:688:11 | x | atl.cpp:688:8:688:8 | call to operator+= | TAINT | -| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:694:5:694:5 | p | | -| atl.cpp:693:11:693:11 | call to CPathT | atl.cpp:695:10:695:10 | p | | -| atl.cpp:694:5:694:5 | ref arg p | atl.cpp:695:10:695:10 | p | | -| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:699:24:699:24 | x | | -| atl.cpp:694:15:694:15 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:699:5:699:5 | p | | -| atl.cpp:698:11:698:11 | call to CPathT | atl.cpp:700:10:700:10 | p | | -| atl.cpp:699:5:699:5 | ref arg p | atl.cpp:700:10:700:10 | p | | -| atl.cpp:699:24:699:24 | ref arg x | atl.cpp:705:30:705:30 | x | | -| atl.cpp:704:11:704:11 | call to CPathT | atl.cpp:705:15:705:15 | p | | -| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:706:10:706:11 | p2 | | -| atl.cpp:705:17:705:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | | -| atl.cpp:706:10:706:11 | p2 [post update] | atl.cpp:707:10:707:11 | p2 | | -| atl.cpp:734:11:734:21 | call to source | atl.cpp:737:11:737:11 | x | | -| atl.cpp:734:11:734:21 | call to source | atl.cpp:749:11:749:11 | x | | -| atl.cpp:734:11:734:21 | call to source | atl.cpp:753:23:753:23 | x | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:737:5:737:5 | a | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:738:10:738:10 | a | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:739:5:739:5 | a | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:740:10:740:10 | a | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:744:10:744:10 | a | | -| atl.cpp:736:23:736:23 | call to CSimpleArray | atl.cpp:746:3:746:3 | a | | -| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:738:10:738:10 | a | | -| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:739:5:739:5 | a | | -| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:740:10:740:10 | a | | -| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:744:10:744:10 | a | | -| atl.cpp:737:5:737:5 | ref arg a | atl.cpp:746:3:746:3 | a | | -| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:739:5:739:5 | a | | -| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:740:10:740:10 | a | | -| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:744:10:744:10 | a | | -| atl.cpp:738:10:738:10 | ref arg a | atl.cpp:746:3:746:3 | a | | -| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:740:10:740:10 | a | | -| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:744:10:744:10 | a | | -| atl.cpp:739:5:739:5 | ref arg a | atl.cpp:746:3:746:3 | a | | -| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:744:10:744:10 | a | | -| atl.cpp:740:10:740:10 | ref arg a | atl.cpp:746:3:746:3 | a | | -| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:743:10:743:11 | a2 | | -| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:744:5:744:6 | a2 | | -| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:745:10:745:11 | a2 | | -| atl.cpp:742:23:742:24 | call to CSimpleArray | atl.cpp:746:3:746:3 | a2 | | -| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:744:5:744:6 | a2 | | -| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | -| atl.cpp:743:10:743:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | -| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:745:10:745:11 | a2 | | -| atl.cpp:744:5:744:6 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | -| atl.cpp:744:10:744:10 | a | atl.cpp:744:5:744:6 | ref arg a2 | TAINT | -| atl.cpp:744:10:744:10 | a | atl.cpp:744:8:744:8 | call to operator= | TAINT | -| atl.cpp:745:10:745:11 | ref arg a2 | atl.cpp:746:3:746:3 | a2 | | -| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:749:5:749:5 | a | | -| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:750:10:750:10 | a | | -| atl.cpp:748:23:748:23 | call to CSimpleArray | atl.cpp:755:3:755:3 | a | | -| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:750:10:750:10 | a | | -| atl.cpp:749:5:749:5 | ref arg a | atl.cpp:755:3:755:3 | a | | -| atl.cpp:750:10:750:10 | ref arg a | atl.cpp:755:3:755:3 | a | | -| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:753:15:753:16 | a2 | | -| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:754:10:754:11 | a2 | | -| atl.cpp:752:23:752:24 | call to CSimpleArray | atl.cpp:755:3:755:3 | a2 | | -| atl.cpp:753:18:753:21 | call to Find | atl.cpp:754:13:754:15 | pos | | -| atl.cpp:754:10:754:11 | ref arg a2 | atl.cpp:755:3:755:3 | a2 | | -| atl.cpp:779:16:779:31 | call to source | atl.cpp:782:20:782:20 | x | | -| atl.cpp:779:16:779:31 | call to source | atl.cpp:792:26:792:26 | x | | -| atl.cpp:779:16:779:31 | call to source | atl.cpp:797:32:797:32 | x | | -| atl.cpp:779:16:779:31 | call to source | atl.cpp:803:22:803:22 | x | | -| atl.cpp:779:16:779:31 | call to source | atl.cpp:808:30:808:30 | x | | -| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:782:5:782:5 | a | | -| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:783:10:783:10 | a | | -| atl.cpp:781:33:781:33 | call to CSimpleMap | atl.cpp:784:3:784:3 | a | | -| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:783:10:783:10 | a | | -| atl.cpp:782:5:782:5 | ref arg a | atl.cpp:784:3:784:3 | a | | -| atl.cpp:783:10:783:10 | ref arg a | atl.cpp:784:3:784:3 | a | | -| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:787:16:787:16 | a | | -| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:788:10:788:10 | a | | -| atl.cpp:786:33:786:33 | call to CSimpleMap | atl.cpp:789:3:789:3 | a | | -| atl.cpp:787:18:787:24 | call to FindKey | atl.cpp:788:23:788:25 | pos | | -| atl.cpp:788:10:788:10 | ref arg a | atl.cpp:789:3:789:3 | a | | -| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:792:16:792:16 | a | | -| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:793:10:793:10 | a | | -| atl.cpp:791:33:791:33 | call to CSimpleMap | atl.cpp:794:3:794:3 | a | | -| atl.cpp:792:18:792:24 | call to FindVal | atl.cpp:793:23:793:25 | pos | | -| atl.cpp:793:10:793:10 | ref arg a | atl.cpp:794:3:794:3 | a | | -| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:797:16:797:16 | a | | -| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:799:10:799:10 | a | | -| atl.cpp:796:33:796:33 | call to CSimpleMap | atl.cpp:800:3:800:3 | a | | -| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:799:10:799:10 | a | | -| atl.cpp:797:16:797:16 | ref arg a | atl.cpp:800:3:800:3 | a | | -| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:798:10:798:12 | key | | -| atl.cpp:797:18:797:30 | call to ReverseLookup | atl.cpp:799:19:799:21 | key | | -| atl.cpp:798:10:798:12 | ref arg key | atl.cpp:799:19:799:21 | key | | -| atl.cpp:799:10:799:10 | ref arg a | atl.cpp:800:3:800:3 | a | | -| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:803:5:803:5 | a | | -| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:804:10:804:10 | a | | -| atl.cpp:802:33:802:33 | call to CSimpleMap | atl.cpp:805:3:805:3 | a | | -| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:804:10:804:10 | a | | -| atl.cpp:803:5:803:5 | ref arg a | atl.cpp:805:3:805:3 | a | | -| atl.cpp:804:10:804:10 | ref arg a | atl.cpp:805:3:805:3 | a | | -| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:808:5:808:5 | a | | -| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:809:10:809:10 | a | | -| atl.cpp:807:33:807:33 | call to CSimpleMap | atl.cpp:810:3:810:3 | a | | -| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:809:10:809:10 | a | | -| atl.cpp:808:5:808:5 | ref arg a | atl.cpp:810:3:810:3 | a | | -| atl.cpp:809:10:809:10 | ref arg a | atl.cpp:810:3:810:3 | a | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:853:16:853:16 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:866:19:866:19 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:872:23:872:23 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:877:22:877:22 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:882:22:882:22 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:887:24:887:24 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:892:21:892:21 | x | | -| atl.cpp:851:13:851:33 | call to indirect_source | atl.cpp:897:22:897:22 | x | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:853:3:853:5 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:854:8:854:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:860:8:860:10 | url | | -| atl.cpp:852:8:852:10 | call to CUrl | atl.cpp:900:1:900:1 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:854:8:854:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:855:8:855:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:856:8:856:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:857:8:857:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:858:8:858:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:859:8:859:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:860:8:860:10 | url | | -| atl.cpp:853:3:853:5 | ref arg url | atl.cpp:900:1:900:1 | url | | -| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:866:5:866:8 | url2 | | -| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | | -| atl.cpp:863:10:863:13 | call to CUrl | atl.cpp:869:3:869:3 | url2 | | -| atl.cpp:864:11:864:13 | len | atl.cpp:867:29:867:31 | len | | -| atl.cpp:865:10:865:15 | buffer | atl.cpp:867:20:867:25 | buffer | | -| atl.cpp:865:10:865:15 | buffer | atl.cpp:868:10:868:15 | buffer | | -| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:867:5:867:8 | url2 | | -| atl.cpp:866:5:866:8 | ref arg url2 | atl.cpp:869:3:869:3 | url2 | | -| atl.cpp:867:20:867:25 | ref arg buffer | atl.cpp:868:10:868:15 | buffer | | -| atl.cpp:867:28:867:31 | ref arg & ... | atl.cpp:867:29:867:31 | len [inner post update] | | -| atl.cpp:867:29:867:31 | len | atl.cpp:867:28:867:31 | & ... | | -| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:872:5:872:8 | url2 | | -| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:873:10:873:13 | url2 | | -| atl.cpp:871:10:871:13 | call to CUrl | atl.cpp:874:3:874:3 | url2 | | -| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:873:10:873:13 | url2 | | -| atl.cpp:872:5:872:8 | ref arg url2 | atl.cpp:874:3:874:3 | url2 | | -| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:877:5:877:8 | url2 | | -| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:878:10:878:13 | url2 | | -| atl.cpp:876:10:876:13 | call to CUrl | atl.cpp:879:3:879:3 | url2 | | -| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:878:10:878:13 | url2 | | -| atl.cpp:877:5:877:8 | ref arg url2 | atl.cpp:879:3:879:3 | url2 | | -| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:882:5:882:8 | url2 | | -| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:883:10:883:13 | url2 | | -| atl.cpp:881:10:881:13 | call to CUrl | atl.cpp:884:3:884:3 | url2 | | -| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:883:10:883:13 | url2 | | -| atl.cpp:882:5:882:8 | ref arg url2 | atl.cpp:884:3:884:3 | url2 | | -| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:887:5:887:8 | url2 | | -| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:888:10:888:13 | url2 | | -| atl.cpp:886:10:886:13 | call to CUrl | atl.cpp:889:3:889:3 | url2 | | -| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:888:10:888:13 | url2 | | -| atl.cpp:887:5:887:8 | ref arg url2 | atl.cpp:889:3:889:3 | url2 | | -| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:892:5:892:8 | url2 | | -| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:893:10:893:13 | url2 | | -| atl.cpp:891:10:891:13 | call to CUrl | atl.cpp:894:3:894:3 | url2 | | -| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:893:10:893:13 | url2 | | -| atl.cpp:892:5:892:8 | ref arg url2 | atl.cpp:894:3:894:3 | url2 | | -| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:897:5:897:8 | url2 | | -| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:898:10:898:13 | url2 | | -| atl.cpp:896:10:896:13 | call to CUrl | atl.cpp:899:3:899:3 | url2 | | -| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:898:10:898:13 | url2 | | -| atl.cpp:897:5:897:8 | ref arg url2 | atl.cpp:899:3:899:3 | url2 | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:598:10:598:10 | c | | +| atl.cpp:596:10:596:10 | ref arg c | atl.cpp:599:3:599:3 | c | | +| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:598:10:598:10 | c | | +| atl.cpp:597:10:597:10 | ref arg c | atl.cpp:599:3:599:3 | c | | +| atl.cpp:598:10:598:10 | ref arg c | atl.cpp:599:3:599:3 | c | | +| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:602:5:602:5 | c | | +| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:603:10:603:10 | c | | +| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:604:10:604:10 | c | | +| atl.cpp:601:24:601:24 | call to CComSafeArray | atl.cpp:605:3:605:3 | c | | +| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:603:10:603:10 | c | | +| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:604:10:604:10 | c | | +| atl.cpp:602:5:602:5 | ref arg c | atl.cpp:605:3:605:3 | c | | +| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:604:10:604:10 | c | | +| atl.cpp:603:10:603:10 | ref arg c | atl.cpp:605:3:605:3 | c | | +| atl.cpp:604:10:604:10 | ref arg c | atl.cpp:605:3:605:3 | c | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:667:11:667:11 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:676:20:676:20 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:681:14:681:14 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:689:11:689:11 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:695:15:695:15 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:700:24:700:24 | x | | +| atl.cpp:666:13:666:33 | call to indirect_source | atl.cpp:706:30:706:30 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:676:20:676:20 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:681:14:681:14 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:689:11:689:11 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:695:15:695:15 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:700:24:700:24 | x | | +| atl.cpp:667:11:667:11 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:667:11:667:11 | x | atl.cpp:667:11:667:12 | call to CPathT | TAINT | +| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:668:27:668:27 | p | | +| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:669:8:669:8 | p | | +| atl.cpp:667:11:667:12 | call to CPathT | atl.cpp:671:12:671:12 | p | | +| atl.cpp:668:27:668:27 | ref arg p | atl.cpp:669:8:669:8 | p | | +| atl.cpp:668:27:668:27 | ref arg p | atl.cpp:671:12:671:12 | p | | +| atl.cpp:669:8:669:8 | p [post update] | atl.cpp:671:12:671:12 | p | | +| atl.cpp:669:10:669:18 | ref arg m_strPath | atl.cpp:672:11:672:19 | m_strPath | | +| atl.cpp:671:12:671:12 | p | atl.cpp:671:12:671:13 | call to CPathT | | +| atl.cpp:671:12:671:13 | call to CPathT | atl.cpp:672:8:672:9 | p2 | | +| atl.cpp:675:11:675:11 | call to CPathT | atl.cpp:676:5:676:5 | p | | +| atl.cpp:675:11:675:11 | call to CPathT | atl.cpp:677:10:677:10 | p | | +| atl.cpp:676:5:676:5 | ref arg p | atl.cpp:677:10:677:10 | p | | +| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:681:14:681:14 | x | | +| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:689:11:689:11 | x | | +| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:695:15:695:15 | x | | +| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:700:24:700:24 | x | | +| atl.cpp:676:20:676:20 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:681:5:681:5 | p | | +| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:682:10:682:10 | p | | +| atl.cpp:680:11:680:11 | call to CPathT | atl.cpp:685:11:685:11 | p | | +| atl.cpp:681:5:681:5 | ref arg p | atl.cpp:682:10:682:10 | p | | +| atl.cpp:681:5:681:5 | ref arg p | atl.cpp:685:11:685:11 | p | | +| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:689:11:689:11 | x | | +| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:695:15:695:15 | x | | +| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:700:24:700:24 | x | | +| atl.cpp:681:14:681:14 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:682:10:682:10 | p [post update] | atl.cpp:685:11:685:11 | p | | +| atl.cpp:684:11:684:12 | call to CPathT | atl.cpp:685:5:685:6 | p2 | | +| atl.cpp:684:11:684:12 | call to CPathT | atl.cpp:686:10:686:11 | p2 | | +| atl.cpp:685:5:685:6 | ref arg p2 | atl.cpp:686:10:686:11 | p2 | | +| atl.cpp:685:11:685:11 | call to operator char *& | atl.cpp:685:8:685:8 | call to operator+= | TAINT | +| atl.cpp:688:11:688:12 | call to CPathT | atl.cpp:689:5:689:6 | p3 | | +| atl.cpp:688:11:688:12 | call to CPathT | atl.cpp:690:10:690:11 | p3 | | +| atl.cpp:689:5:689:6 | ref arg p3 | atl.cpp:690:10:690:11 | p3 | | +| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:695:15:695:15 | x | | +| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:700:24:700:24 | x | | +| atl.cpp:689:11:689:11 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:689:11:689:11 | x | atl.cpp:689:8:689:8 | call to operator+= | TAINT | +| atl.cpp:694:11:694:11 | call to CPathT | atl.cpp:695:5:695:5 | p | | +| atl.cpp:694:11:694:11 | call to CPathT | atl.cpp:696:10:696:10 | p | | +| atl.cpp:695:5:695:5 | ref arg p | atl.cpp:696:10:696:10 | p | | +| atl.cpp:695:15:695:15 | ref arg x | atl.cpp:700:24:700:24 | x | | +| atl.cpp:695:15:695:15 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:699:11:699:11 | call to CPathT | atl.cpp:700:5:700:5 | p | | +| atl.cpp:699:11:699:11 | call to CPathT | atl.cpp:701:10:701:10 | p | | +| atl.cpp:700:5:700:5 | ref arg p | atl.cpp:701:10:701:10 | p | | +| atl.cpp:700:24:700:24 | ref arg x | atl.cpp:706:30:706:30 | x | | +| atl.cpp:705:11:705:11 | call to CPathT | atl.cpp:706:15:706:15 | p | | +| atl.cpp:706:17:706:28 | call to CommonPrefix | atl.cpp:707:10:707:11 | p2 | | +| atl.cpp:706:17:706:28 | call to CommonPrefix | atl.cpp:708:10:708:11 | p2 | | +| atl.cpp:707:10:707:11 | p2 [post update] | atl.cpp:708:10:708:11 | p2 | | +| atl.cpp:735:11:735:21 | call to source | atl.cpp:738:11:738:11 | x | | +| atl.cpp:735:11:735:21 | call to source | atl.cpp:750:11:750:11 | x | | +| atl.cpp:735:11:735:21 | call to source | atl.cpp:754:23:754:23 | x | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:738:5:738:5 | a | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:739:10:739:10 | a | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:740:5:740:5 | a | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:741:10:741:10 | a | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:745:10:745:10 | a | | +| atl.cpp:737:23:737:23 | call to CSimpleArray | atl.cpp:747:3:747:3 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:739:10:739:10 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:740:5:740:5 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:741:10:741:10 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:745:10:745:10 | a | | +| atl.cpp:738:5:738:5 | ref arg a | atl.cpp:747:3:747:3 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:740:5:740:5 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:741:10:741:10 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:745:10:745:10 | a | | +| atl.cpp:739:10:739:10 | ref arg a | atl.cpp:747:3:747:3 | a | | +| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:741:10:741:10 | a | | +| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:745:10:745:10 | a | | +| atl.cpp:740:5:740:5 | ref arg a | atl.cpp:747:3:747:3 | a | | +| atl.cpp:741:10:741:10 | ref arg a | atl.cpp:745:10:745:10 | a | | +| atl.cpp:741:10:741:10 | ref arg a | atl.cpp:747:3:747:3 | a | | +| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:744:10:744:11 | a2 | | +| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:745:5:745:6 | a2 | | +| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:746:10:746:11 | a2 | | +| atl.cpp:743:23:743:24 | call to CSimpleArray | atl.cpp:747:3:747:3 | a2 | | +| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:745:5:745:6 | a2 | | +| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:746:10:746:11 | a2 | | +| atl.cpp:744:10:744:11 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | +| atl.cpp:745:5:745:6 | ref arg a2 | atl.cpp:746:10:746:11 | a2 | | +| atl.cpp:745:5:745:6 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | +| atl.cpp:745:10:745:10 | a | atl.cpp:745:5:745:6 | ref arg a2 | TAINT | +| atl.cpp:745:10:745:10 | a | atl.cpp:745:8:745:8 | call to operator= | TAINT | +| atl.cpp:746:10:746:11 | ref arg a2 | atl.cpp:747:3:747:3 | a2 | | +| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:750:5:750:5 | a | | +| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:751:10:751:10 | a | | +| atl.cpp:749:23:749:23 | call to CSimpleArray | atl.cpp:756:3:756:3 | a | | +| atl.cpp:750:5:750:5 | ref arg a | atl.cpp:751:10:751:10 | a | | +| atl.cpp:750:5:750:5 | ref arg a | atl.cpp:756:3:756:3 | a | | +| atl.cpp:751:10:751:10 | ref arg a | atl.cpp:756:3:756:3 | a | | +| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:754:15:754:16 | a2 | | +| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:755:10:755:11 | a2 | | +| atl.cpp:753:23:753:24 | call to CSimpleArray | atl.cpp:756:3:756:3 | a2 | | +| atl.cpp:754:18:754:21 | call to Find | atl.cpp:755:13:755:15 | pos | | +| atl.cpp:755:10:755:11 | ref arg a2 | atl.cpp:756:3:756:3 | a2 | | +| atl.cpp:780:16:780:31 | call to source | atl.cpp:783:20:783:20 | x | | +| atl.cpp:780:16:780:31 | call to source | atl.cpp:793:26:793:26 | x | | +| atl.cpp:780:16:780:31 | call to source | atl.cpp:798:32:798:32 | x | | +| atl.cpp:780:16:780:31 | call to source | atl.cpp:804:22:804:22 | x | | +| atl.cpp:780:16:780:31 | call to source | atl.cpp:809:30:809:30 | x | | +| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:783:5:783:5 | a | | +| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:784:10:784:10 | a | | +| atl.cpp:782:33:782:33 | call to CSimpleMap | atl.cpp:785:3:785:3 | a | | +| atl.cpp:783:5:783:5 | ref arg a | atl.cpp:784:10:784:10 | a | | +| atl.cpp:783:5:783:5 | ref arg a | atl.cpp:785:3:785:3 | a | | +| atl.cpp:784:10:784:10 | ref arg a | atl.cpp:785:3:785:3 | a | | +| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:788:16:788:16 | a | | +| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:789:10:789:10 | a | | +| atl.cpp:787:33:787:33 | call to CSimpleMap | atl.cpp:790:3:790:3 | a | | +| atl.cpp:788:18:788:24 | call to FindKey | atl.cpp:789:23:789:25 | pos | | +| atl.cpp:789:10:789:10 | ref arg a | atl.cpp:790:3:790:3 | a | | +| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:793:16:793:16 | a | | +| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:794:10:794:10 | a | | +| atl.cpp:792:33:792:33 | call to CSimpleMap | atl.cpp:795:3:795:3 | a | | +| atl.cpp:793:18:793:24 | call to FindVal | atl.cpp:794:23:794:25 | pos | | +| atl.cpp:794:10:794:10 | ref arg a | atl.cpp:795:3:795:3 | a | | +| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:798:16:798:16 | a | | +| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:800:10:800:10 | a | | +| atl.cpp:797:33:797:33 | call to CSimpleMap | atl.cpp:801:3:801:3 | a | | +| atl.cpp:798:16:798:16 | ref arg a | atl.cpp:800:10:800:10 | a | | +| atl.cpp:798:16:798:16 | ref arg a | atl.cpp:801:3:801:3 | a | | +| atl.cpp:798:18:798:30 | call to ReverseLookup | atl.cpp:799:10:799:12 | key | | +| atl.cpp:798:18:798:30 | call to ReverseLookup | atl.cpp:800:19:800:21 | key | | +| atl.cpp:799:10:799:12 | ref arg key | atl.cpp:800:19:800:21 | key | | +| atl.cpp:800:10:800:10 | ref arg a | atl.cpp:801:3:801:3 | a | | +| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:804:5:804:5 | a | | +| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:805:10:805:10 | a | | +| atl.cpp:803:33:803:33 | call to CSimpleMap | atl.cpp:806:3:806:3 | a | | +| atl.cpp:804:5:804:5 | ref arg a | atl.cpp:805:10:805:10 | a | | +| atl.cpp:804:5:804:5 | ref arg a | atl.cpp:806:3:806:3 | a | | +| atl.cpp:805:10:805:10 | ref arg a | atl.cpp:806:3:806:3 | a | | +| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:809:5:809:5 | a | | +| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:810:10:810:10 | a | | +| atl.cpp:808:33:808:33 | call to CSimpleMap | atl.cpp:811:3:811:3 | a | | +| atl.cpp:809:5:809:5 | ref arg a | atl.cpp:810:10:810:10 | a | | +| atl.cpp:809:5:809:5 | ref arg a | atl.cpp:811:3:811:3 | a | | +| atl.cpp:810:10:810:10 | ref arg a | atl.cpp:811:3:811:3 | a | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:854:16:854:16 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:867:19:867:19 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:873:23:873:23 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:878:22:878:22 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:883:22:883:22 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:888:24:888:24 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:893:21:893:21 | x | | +| atl.cpp:852:13:852:33 | call to indirect_source | atl.cpp:898:22:898:22 | x | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:854:3:854:5 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:855:8:855:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:856:8:856:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:857:8:857:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:858:8:858:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:859:8:859:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:860:8:860:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:861:8:861:10 | url | | +| atl.cpp:853:8:853:10 | call to CUrl | atl.cpp:901:1:901:1 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:855:8:855:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:856:8:856:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:857:8:857:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:858:8:858:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:859:8:859:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:860:8:860:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:861:8:861:10 | url | | +| atl.cpp:854:3:854:5 | ref arg url | atl.cpp:901:1:901:1 | url | | +| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:867:5:867:8 | url2 | | +| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:868:5:868:8 | url2 | | +| atl.cpp:864:10:864:13 | call to CUrl | atl.cpp:870:3:870:3 | url2 | | +| atl.cpp:865:11:865:13 | len | atl.cpp:868:29:868:31 | len | | +| atl.cpp:866:10:866:15 | buffer | atl.cpp:868:20:868:25 | buffer | | +| atl.cpp:866:10:866:15 | buffer | atl.cpp:869:10:869:15 | buffer | | +| atl.cpp:867:5:867:8 | ref arg url2 | atl.cpp:868:5:868:8 | url2 | | +| atl.cpp:867:5:867:8 | ref arg url2 | atl.cpp:870:3:870:3 | url2 | | +| atl.cpp:868:20:868:25 | ref arg buffer | atl.cpp:869:10:869:15 | buffer | | +| atl.cpp:868:28:868:31 | ref arg & ... | atl.cpp:868:29:868:31 | len [inner post update] | | +| atl.cpp:868:29:868:31 | len | atl.cpp:868:28:868:31 | & ... | | +| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:873:5:873:8 | url2 | | +| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:874:10:874:13 | url2 | | +| atl.cpp:872:10:872:13 | call to CUrl | atl.cpp:875:3:875:3 | url2 | | +| atl.cpp:873:5:873:8 | ref arg url2 | atl.cpp:874:10:874:13 | url2 | | +| atl.cpp:873:5:873:8 | ref arg url2 | atl.cpp:875:3:875:3 | url2 | | +| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:878:5:878:8 | url2 | | +| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:879:10:879:13 | url2 | | +| atl.cpp:877:10:877:13 | call to CUrl | atl.cpp:880:3:880:3 | url2 | | +| atl.cpp:878:5:878:8 | ref arg url2 | atl.cpp:879:10:879:13 | url2 | | +| atl.cpp:878:5:878:8 | ref arg url2 | atl.cpp:880:3:880:3 | url2 | | +| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:883:5:883:8 | url2 | | +| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:884:10:884:13 | url2 | | +| atl.cpp:882:10:882:13 | call to CUrl | atl.cpp:885:3:885:3 | url2 | | +| atl.cpp:883:5:883:8 | ref arg url2 | atl.cpp:884:10:884:13 | url2 | | +| atl.cpp:883:5:883:8 | ref arg url2 | atl.cpp:885:3:885:3 | url2 | | +| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:888:5:888:8 | url2 | | +| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:889:10:889:13 | url2 | | +| atl.cpp:887:10:887:13 | call to CUrl | atl.cpp:890:3:890:3 | url2 | | +| atl.cpp:888:5:888:8 | ref arg url2 | atl.cpp:889:10:889:13 | url2 | | +| atl.cpp:888:5:888:8 | ref arg url2 | atl.cpp:890:3:890:3 | url2 | | +| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:893:5:893:8 | url2 | | +| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:894:10:894:13 | url2 | | +| atl.cpp:892:10:892:13 | call to CUrl | atl.cpp:895:3:895:3 | url2 | | +| atl.cpp:893:5:893:8 | ref arg url2 | atl.cpp:894:10:894:13 | url2 | | +| atl.cpp:893:5:893:8 | ref arg url2 | atl.cpp:895:3:895:3 | url2 | | +| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:898:5:898:8 | url2 | | +| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:899:10:899:13 | url2 | | +| atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:900:3:900:3 | url2 | | +| atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:899:10:899:13 | url2 | | +| atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:900:3:900:3 | url2 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 2d69f088fef3..f2c86c8c8465 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1,88 +1,88 @@ signatureMatches -| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:69:3:69:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:70:3:70:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:257:3:257:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:257:3:257:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:407:8:407:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:409:3:409:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:411:3:411:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | -| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:413:3:413:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:414:3:414:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:415:3:415:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | -| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:418:11:418:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:419:11:419:16 | Append | (wchar_t) | CComBSTR | Append | 0 | -| atl.cpp:420:11:420:16 | Append | (char) | CComBSTR | Append | 0 | -| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:421:11:421:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | -| atl.cpp:422:11:422:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | -| atl.cpp:423:11:423:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:425:11:425:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | -| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:426:11:426:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:438:8:438:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | -| atl.cpp:439:8:439:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:439:8:439:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | -| atl.cpp:447:13:447:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | -| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | -| atl.cpp:448:13:448:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | -| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:538:3:538:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | -| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | -| atl.cpp:542:11:542:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | -| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | -| atl.cpp:544:11:544:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | -| atl.cpp:763:8:763:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:763:8:763:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:763:8:763:10 | Add | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:763:8:763:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:763:8:763:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:763:8:763:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:763:8:763:10 | Add | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:763:8:763:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:774:8:774:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | -| atl.cpp:774:8:774:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:774:8:774:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | -| atl.cpp:774:8:774:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | -| atl.cpp:774:8:774:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | -| atl.cpp:774:8:774:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:774:8:774:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | -| atl.cpp:774:8:774:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | -| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | -| atl.cpp:775:8:775:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | -| atl.cpp:840:15:840:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:841:15:841:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:842:15:842:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:845:15:845:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:846:15:846:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | -| atl.cpp:847:15:847:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:70:3:70:15 | _U_STRINGorID | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:70:3:70:15 | _U_STRINGorID | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:71:3:71:15 | _U_STRINGorID | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:258:3:258:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:258:3:258:10 | CAtlList | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:258:3:258:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:258:3:258:10 | CAtlList | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:408:8:408:8 | operator= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:408:8:408:8 | operator= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:410:3:410:10 | CComBSTR | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:410:3:410:10 | CComBSTR | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:412:3:412:10 | CComBSTR | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:413:3:413:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:413:3:413:10 | CComBSTR | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:414:3:414:10 | CComBSTR | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:415:3:415:10 | CComBSTR | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:415:3:415:10 | CComBSTR | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:416:3:416:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | +| atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:420:11:420:16 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | +| atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | +| atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:426:11:426:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:439:8:439:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:439:8:439:17 | LoadString | (HINSTANCE,UINT) | CComBSTR | LoadString | 1 | +| atl.cpp:440:8:440:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:440:8:440:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:448:13:448:22 | operator+= | (const CComBSTR &) | CComBSTR | Append | 0 | +| atl.cpp:448:13:448:22 | operator+= | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:449:13:449:22 | operator+= | (LPCOLESTR) | CComBSTR | Append | 0 | +| atl.cpp:449:13:449:22 | operator+= | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | +| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:539:3:539:15 | CComSafeArray | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | Add | 0 | +| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | +| atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | +| atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | +| atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:764:8:764:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:764:8:764:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:764:8:764:10 | Add | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:764:8:764:10 | Add | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:764:8:764:10 | Add | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:764:8:764:10 | Add | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:764:8:764:10 | Add | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:764:8:764:10 | Add | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:12 | SetAt | (const deque &,const Allocator &) | deque | deque | 1 | +| atl.cpp:775:8:775:12 | SetAt | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:775:8:775:12 | SetAt | (const list &,const Allocator &) | list | list | 1 | +| atl.cpp:775:8:775:12 | SetAt | (const vector &,const Allocator &) | vector | vector | 1 | +| atl.cpp:775:8:775:12 | SetAt | (deque &&,const Allocator &) | deque | deque | 1 | +| atl.cpp:775:8:775:12 | SetAt | (forward_list &&,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:775:8:775:12 | SetAt | (list &&,const Allocator &) | list | list | 1 | +| atl.cpp:775:8:775:12 | SetAt | (vector &&,const Allocator &) | vector | vector | 1 | +| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | deque | deque | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | list | list | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (InputIterator,InputIterator,const Allocator &) | vector | vector | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 1 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | deque | deque | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 1 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | forward_list | forward_list | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 1 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | list | list | 2 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 1 | +| atl.cpp:776:8:776:17 | SetAtIndex | (size_type,const T &,const Allocator &) | vector | vector | 2 | +| atl.cpp:841:15:841:26 | SetExtraInfo | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:842:15:842:25 | SetHostName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:843:15:843:25 | SetPassword | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:846:15:846:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:847:15:847:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:848:15:848:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | @@ -525,151 +525,151 @@ getParameterTypeName | arrayassignment.cpp:88:7:88:9 | get | 0 | int | | arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int | | arrayassignment.cpp:124:6:124:9 | sink | 0 | int * | -| atl.cpp:28:8:28:8 | operator= | 0 | __POSITION && | -| atl.cpp:28:8:28:8 | operator= | 0 | const __POSITION & | -| atl.cpp:50:16:50:16 | operator= | 0 | const tagSAFEARRAYBOUND & | -| atl.cpp:50:16:50:16 | operator= | 0 | tagSAFEARRAYBOUND && | -| atl.cpp:55:16:55:16 | operator= | 0 | const tagVARIANT & | -| atl.cpp:55:16:55:16 | operator= | 0 | tagVARIANT && | -| atl.cpp:59:16:59:16 | operator= | 0 | const tagSAFEARRAY & | -| atl.cpp:59:16:59:16 | operator= | 0 | tagSAFEARRAY && | -| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | _U_STRINGorID && | -| atl.cpp:68:8:68:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | -| atl.cpp:68:8:68:8 | operator= | 0 | _U_STRINGorID && | -| atl.cpp:68:8:68:8 | operator= | 0 | const _U_STRINGorID & | -| atl.cpp:69:3:69:15 | _U_STRINGorID | 0 | UINT | -| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | LPCTSTR | -| atl.cpp:194:10:194:12 | Add | 0 | INARGTYPclass:0 | -| atl.cpp:196:10:196:15 | Append | 0 | const CAtlArray & | -| atl.cpp:197:8:197:11 | Copy | 0 | const CAtlArray & | -| atl.cpp:199:6:199:10 | GetAt | 0 | size_t | -| atl.cpp:203:8:203:20 | InsertArrayAt | 0 | size_t | -| atl.cpp:203:8:203:20 | InsertArrayAt | 1 | const CAtlArray * | -| atl.cpp:204:8:204:15 | InsertAt | 0 | size_t | -| atl.cpp:204:8:204:15 | InsertAt | 1 | INARGTYPclass:0 | -| atl.cpp:204:8:204:15 | InsertAt | 2 | size_t | -| atl.cpp:209:8:209:16 | SetAtGrow | 0 | size_t | -| atl.cpp:209:8:209:16 | SetAtGrow | 1 | INARGTYPclass:0 | -| atl.cpp:211:6:211:15 | operator[] | 0 | size_t | -| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | -| atl.cpp:257:3:257:10 | CAtlList | 0 | UINT | -| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | -| atl.cpp:260:12:260:18 | AddHead | 0 | INARGTYPclass:0 | -| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:261:8:261:18 | AddHeadList | 0 | const CAtlList * | -| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | -| atl.cpp:263:12:263:18 | AddTail | 0 | INARGTYPclass:0 | -| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:264:8:264:18 | AddTailList | 0 | const CAtlList * | -| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | -| atl.cpp:265:12:265:15 | Find | 0 | INARGTYPclass:0 | -| atl.cpp:265:12:265:15 | Find | 1 | POSITION | -| atl.cpp:265:12:265:15 | Find | 1 | POSITION | -| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | -| atl.cpp:266:12:266:20 | FindIndex | 0 | size_t | -| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | -| atl.cpp:267:6:267:10 | GetAt | 0 | POSITION | -| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | -| atl.cpp:280:12:280:22 | InsertAfter | 0 | POSITION | -| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | -| atl.cpp:280:12:280:22 | InsertAfter | 1 | INARGTYPclass:0 | -| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | -| atl.cpp:281:12:281:23 | InsertBefore | 0 | POSITION | -| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | -| atl.cpp:281:12:281:23 | InsertBefore | 1 | INARGTYPclass:0 | -| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | -| atl.cpp:291:8:291:12 | SetAt | 0 | POSITION | -| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | -| atl.cpp:291:8:291:12 | SetAt | 1 | INARGTYPclass:0 | -| atl.cpp:401:8:401:8 | operator= | 0 | IUnknown && | -| atl.cpp:401:8:401:8 | operator= | 0 | const IUnknown & | -| atl.cpp:403:8:403:8 | operator= | 0 | ISequentialStream && | -| atl.cpp:403:8:403:8 | operator= | 0 | const ISequentialStream & | -| atl.cpp:405:8:405:8 | operator= | 0 | IStream && | -| atl.cpp:405:8:405:8 | operator= | 0 | const IStream & | -| atl.cpp:407:8:407:8 | operator= | 0 | const CComBSTR & | -| atl.cpp:409:3:409:10 | CComBSTR | 0 | const CComBSTR & | -| atl.cpp:410:3:410:10 | CComBSTR | 0 | int | +| atl.cpp:29:8:29:8 | operator= | 0 | __POSITION && | +| atl.cpp:29:8:29:8 | operator= | 0 | const __POSITION & | +| atl.cpp:51:16:51:16 | operator= | 0 | const tagSAFEARRAYBOUND & | +| atl.cpp:51:16:51:16 | operator= | 0 | tagSAFEARRAYBOUND && | +| atl.cpp:56:16:56:16 | operator= | 0 | const tagVARIANT & | +| atl.cpp:56:16:56:16 | operator= | 0 | tagVARIANT && | +| atl.cpp:60:16:60:16 | operator= | 0 | const tagSAFEARRAY & | +| atl.cpp:60:16:60:16 | operator= | 0 | tagSAFEARRAY && | +| atl.cpp:69:8:69:8 | _U_STRINGorID | 0 | _U_STRINGorID && | +| atl.cpp:69:8:69:8 | _U_STRINGorID | 0 | const _U_STRINGorID & | +| atl.cpp:69:8:69:8 | operator= | 0 | _U_STRINGorID && | +| atl.cpp:69:8:69:8 | operator= | 0 | const _U_STRINGorID & | +| atl.cpp:70:3:70:15 | _U_STRINGorID | 0 | UINT | +| atl.cpp:71:3:71:15 | _U_STRINGorID | 0 | LPCTSTR | +| atl.cpp:195:10:195:12 | Add | 0 | INARGTYPclass:0 | +| atl.cpp:197:10:197:15 | Append | 0 | const CAtlArray & | +| atl.cpp:198:8:198:11 | Copy | 0 | const CAtlArray & | +| atl.cpp:200:6:200:10 | GetAt | 0 | size_t | +| atl.cpp:204:8:204:20 | InsertArrayAt | 0 | size_t | +| atl.cpp:204:8:204:20 | InsertArrayAt | 1 | const CAtlArray * | +| atl.cpp:205:8:205:15 | InsertAt | 0 | size_t | +| atl.cpp:205:8:205:15 | InsertAt | 1 | INARGTYPclass:0 | +| atl.cpp:205:8:205:15 | InsertAt | 2 | size_t | +| atl.cpp:210:8:210:16 | SetAtGrow | 0 | size_t | +| atl.cpp:210:8:210:16 | SetAtGrow | 1 | INARGTYPclass:0 | +| atl.cpp:212:6:212:15 | operator[] | 0 | size_t | +| atl.cpp:258:3:258:10 | CAtlList | 0 | UINT | +| atl.cpp:258:3:258:10 | CAtlList | 0 | UINT | +| atl.cpp:261:12:261:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:261:12:261:18 | AddHead | 0 | INARGTYPclass:0 | +| atl.cpp:262:8:262:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:262:8:262:18 | AddHeadList | 0 | const CAtlList * | +| atl.cpp:264:12:264:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:264:12:264:18 | AddTail | 0 | INARGTYPclass:0 | +| atl.cpp:265:8:265:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:265:8:265:18 | AddTailList | 0 | const CAtlList * | +| atl.cpp:266:12:266:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:266:12:266:15 | Find | 0 | INARGTYPclass:0 | +| atl.cpp:266:12:266:15 | Find | 1 | POSITION | +| atl.cpp:266:12:266:15 | Find | 1 | POSITION | +| atl.cpp:267:12:267:20 | FindIndex | 0 | size_t | +| atl.cpp:267:12:267:20 | FindIndex | 0 | size_t | +| atl.cpp:268:6:268:10 | GetAt | 0 | POSITION | +| atl.cpp:268:6:268:10 | GetAt | 0 | POSITION | +| atl.cpp:281:12:281:22 | InsertAfter | 0 | POSITION | +| atl.cpp:281:12:281:22 | InsertAfter | 0 | POSITION | +| atl.cpp:281:12:281:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:281:12:281:22 | InsertAfter | 1 | INARGTYPclass:0 | +| atl.cpp:282:12:282:23 | InsertBefore | 0 | POSITION | +| atl.cpp:282:12:282:23 | InsertBefore | 0 | POSITION | +| atl.cpp:282:12:282:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:282:12:282:23 | InsertBefore | 1 | INARGTYPclass:0 | +| atl.cpp:292:8:292:12 | SetAt | 0 | POSITION | +| atl.cpp:292:8:292:12 | SetAt | 0 | POSITION | +| atl.cpp:292:8:292:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:292:8:292:12 | SetAt | 1 | INARGTYPclass:0 | +| atl.cpp:402:8:402:8 | operator= | 0 | IUnknown && | +| atl.cpp:402:8:402:8 | operator= | 0 | const IUnknown & | +| atl.cpp:404:8:404:8 | operator= | 0 | ISequentialStream && | +| atl.cpp:404:8:404:8 | operator= | 0 | const ISequentialStream & | +| atl.cpp:406:8:406:8 | operator= | 0 | IStream && | +| atl.cpp:406:8:406:8 | operator= | 0 | const IStream & | +| atl.cpp:408:8:408:8 | operator= | 0 | const CComBSTR & | +| atl.cpp:410:3:410:10 | CComBSTR | 0 | const CComBSTR & | | atl.cpp:411:3:411:10 | CComBSTR | 0 | int | -| atl.cpp:411:3:411:10 | CComBSTR | 1 | LPCOLESTR | | atl.cpp:412:3:412:10 | CComBSTR | 0 | int | -| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCSTR | -| atl.cpp:413:3:413:10 | CComBSTR | 0 | LPCOLESTR | -| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCSTR | -| atl.cpp:415:3:415:10 | CComBSTR | 0 | CComBSTR && | -| atl.cpp:418:11:418:16 | Append | 0 | const CComBSTR & | -| atl.cpp:419:11:419:16 | Append | 0 | wchar_t | -| atl.cpp:420:11:420:16 | Append | 0 | char | -| atl.cpp:421:11:421:16 | Append | 0 | LPCOLESTR | -| atl.cpp:422:11:422:16 | Append | 0 | LPCSTR | -| atl.cpp:423:11:423:16 | Append | 0 | LPCOLESTR | -| atl.cpp:423:11:423:16 | Append | 1 | int | -| atl.cpp:424:11:424:20 | AppendBSTR | 0 | BSTR | -| atl.cpp:425:11:425:21 | AppendBytes | 0 | const char * | -| atl.cpp:425:11:425:21 | AppendBytes | 1 | int | -| atl.cpp:426:11:426:21 | ArrayToBSTR | 0 | const SAFEARRAY * | -| atl.cpp:427:11:427:20 | AssignBSTR | 0 | const BSTR | -| atl.cpp:428:8:428:13 | Attach | 0 | BSTR | -| atl.cpp:429:11:429:21 | BSTRToArray | 0 | LPSAFEARRAY * | -| atl.cpp:432:11:432:16 | CopyTo | 0 | BSTR * | -| atl.cpp:434:11:434:16 | CopyTo | 0 | VARIANT * | -| atl.cpp:438:8:438:17 | LoadString | 0 | HINSTANCE | -| atl.cpp:438:8:438:17 | LoadString | 1 | UINT | -| atl.cpp:439:8:439:17 | LoadString | 0 | UINT | -| atl.cpp:440:11:440:24 | ReadFromStream | 0 | IStream * | -| atl.cpp:442:11:442:23 | WriteToStream | 0 | IStream * | -| atl.cpp:447:13:447:22 | operator+= | 0 | const CComBSTR & | -| atl.cpp:448:13:448:22 | operator+= | 0 | LPCOLESTR | -| atl.cpp:538:3:538:15 | CComSafeArray | 0 | const SAFEARRAY * | -| atl.cpp:542:11:542:13 | Add | 0 | const SAFEARRAY * | -| atl.cpp:544:11:544:13 | Add | 0 | const class:0 & | -| atl.cpp:544:11:544:13 | Add | 1 | BOOL | -| atl.cpp:552:6:552:10 | GetAt | 0 | LONG | -| atl.cpp:563:11:563:15 | SetAt | 0 | LONG | -| atl.cpp:563:11:563:15 | SetAt | 1 | const class:0 & | -| atl.cpp:563:11:563:15 | SetAt | 2 | BOOL | -| atl.cpp:565:6:565:15 | operator[] | 0 | long | -| atl.cpp:566:6:566:15 | operator[] | 0 | int | -| atl.cpp:610:3:610:8 | CPathT | 0 | PCXSTR | -| atl.cpp:611:3:611:8 | CPathT | 0 | const CPathT & | -| atl.cpp:615:8:615:19 | AddExtension | 0 | PCXSTR | -| atl.cpp:616:8:616:13 | Append | 0 | PCXSTR | -| atl.cpp:619:8:619:14 | Combine | 0 | PCXSTR | -| atl.cpp:619:8:619:14 | Combine | 1 | PCXSTR | -| atl.cpp:620:22:620:33 | CommonPrefix | 0 | PCXSTR | -| atl.cpp:657:23:657:32 | operator+= | 0 | PCXSTR | -| atl.cpp:717:8:717:10 | Add | 0 | const class:0 & | -| atl.cpp:718:7:718:10 | Find | 0 | const class:0 & | -| atl.cpp:729:6:729:15 | operator[] | 0 | int | -| atl.cpp:730:21:730:29 | operator= | 0 | const CSimpleArray & | -| atl.cpp:763:8:763:10 | Add | 0 | const class:0 & | -| atl.cpp:763:8:763:10 | Add | 1 | const class:1 & | -| atl.cpp:764:7:764:13 | FindKey | 0 | const class:0 & | -| atl.cpp:765:7:765:13 | FindVal | 0 | const class:1 & | -| atl.cpp:768:9:768:18 | GetValueAt | 0 | int | -| atl.cpp:769:8:769:13 | Lookup | 0 | const class:0 & | -| atl.cpp:773:8:773:20 | ReverseLookup | 0 | const class:1 & | -| atl.cpp:774:8:774:12 | SetAt | 0 | const class:0 & | -| atl.cpp:774:8:774:12 | SetAt | 1 | const class:1 & | -| atl.cpp:775:8:775:17 | SetAtIndex | 0 | int | -| atl.cpp:775:8:775:17 | SetAtIndex | 1 | const class:0 & | -| atl.cpp:775:8:775:17 | SetAtIndex | 2 | const class:1 & | -| atl.cpp:814:9:814:17 | operator= | 0 | const CUrl & | -| atl.cpp:816:3:816:6 | CUrl | 0 | const CUrl & | -| atl.cpp:819:15:819:26 | Canonicalize | 0 | DWORD | -| atl.cpp:822:8:822:15 | CrackUrl | 0 | LPCTSTR | -| atl.cpp:822:8:822:15 | CrackUrl | 1 | DWORD | -| atl.cpp:823:15:823:23 | CreateUrl | 0 | LPTSTR | -| atl.cpp:823:15:823:23 | CreateUrl | 1 | DWORD * | -| atl.cpp:823:15:823:23 | CreateUrl | 2 | DWORD | -| atl.cpp:840:15:840:26 | SetExtraInfo | 0 | LPCTSTR | -| atl.cpp:841:15:841:25 | SetHostName | 0 | LPCTSTR | -| atl.cpp:842:15:842:25 | SetPassword | 0 | LPCTSTR | -| atl.cpp:843:15:843:27 | SetPortNumber | 0 | ATL_URL_PORT | -| atl.cpp:844:15:844:23 | SetScheme | 0 | ATL_URL_SCHEME | -| atl.cpp:845:15:845:27 | SetSchemeName | 0 | LPCTSTR | -| atl.cpp:846:15:846:24 | SetUrlPath | 0 | LPCTSTR | -| atl.cpp:847:15:847:25 | SetUserName | 0 | LPCTSTR | +| atl.cpp:412:3:412:10 | CComBSTR | 1 | LPCOLESTR | +| atl.cpp:413:3:413:10 | CComBSTR | 0 | int | +| atl.cpp:413:3:413:10 | CComBSTR | 1 | LPCSTR | +| atl.cpp:414:3:414:10 | CComBSTR | 0 | LPCOLESTR | +| atl.cpp:415:3:415:10 | CComBSTR | 0 | LPCSTR | +| atl.cpp:416:3:416:10 | CComBSTR | 0 | CComBSTR && | +| atl.cpp:419:11:419:16 | Append | 0 | const CComBSTR & | +| atl.cpp:420:11:420:16 | Append | 0 | wchar_t | +| atl.cpp:421:11:421:16 | Append | 0 | char | +| atl.cpp:422:11:422:16 | Append | 0 | LPCOLESTR | +| atl.cpp:423:11:423:16 | Append | 0 | LPCSTR | +| atl.cpp:424:11:424:16 | Append | 0 | LPCOLESTR | +| atl.cpp:424:11:424:16 | Append | 1 | int | +| atl.cpp:425:11:425:20 | AppendBSTR | 0 | BSTR | +| atl.cpp:426:11:426:21 | AppendBytes | 0 | const char * | +| atl.cpp:426:11:426:21 | AppendBytes | 1 | int | +| atl.cpp:427:11:427:21 | ArrayToBSTR | 0 | const SAFEARRAY * | +| atl.cpp:428:11:428:20 | AssignBSTR | 0 | const BSTR | +| atl.cpp:429:8:429:13 | Attach | 0 | BSTR | +| atl.cpp:430:11:430:21 | BSTRToArray | 0 | LPSAFEARRAY * | +| atl.cpp:433:11:433:16 | CopyTo | 0 | BSTR * | +| atl.cpp:435:11:435:16 | CopyTo | 0 | VARIANT * | +| atl.cpp:439:8:439:17 | LoadString | 0 | HINSTANCE | +| atl.cpp:439:8:439:17 | LoadString | 1 | UINT | +| atl.cpp:440:8:440:17 | LoadString | 0 | UINT | +| atl.cpp:441:11:441:24 | ReadFromStream | 0 | IStream * | +| atl.cpp:443:11:443:23 | WriteToStream | 0 | IStream * | +| atl.cpp:448:13:448:22 | operator+= | 0 | const CComBSTR & | +| atl.cpp:449:13:449:22 | operator+= | 0 | LPCOLESTR | +| atl.cpp:539:3:539:15 | CComSafeArray | 0 | const SAFEARRAY * | +| atl.cpp:543:11:543:13 | Add | 0 | const SAFEARRAY * | +| atl.cpp:545:11:545:13 | Add | 0 | const class:0 & | +| atl.cpp:545:11:545:13 | Add | 1 | BOOL | +| atl.cpp:553:6:553:10 | GetAt | 0 | LONG | +| atl.cpp:564:11:564:15 | SetAt | 0 | LONG | +| atl.cpp:564:11:564:15 | SetAt | 1 | const class:0 & | +| atl.cpp:564:11:564:15 | SetAt | 2 | BOOL | +| atl.cpp:566:6:566:15 | operator[] | 0 | long | +| atl.cpp:567:6:567:15 | operator[] | 0 | int | +| atl.cpp:611:3:611:8 | CPathT | 0 | PCXSTR | +| atl.cpp:612:3:612:8 | CPathT | 0 | const CPathT & | +| atl.cpp:616:8:616:19 | AddExtension | 0 | PCXSTR | +| atl.cpp:617:8:617:13 | Append | 0 | PCXSTR | +| atl.cpp:620:8:620:14 | Combine | 0 | PCXSTR | +| atl.cpp:620:8:620:14 | Combine | 1 | PCXSTR | +| atl.cpp:621:22:621:33 | CommonPrefix | 0 | PCXSTR | +| atl.cpp:658:23:658:32 | operator+= | 0 | PCXSTR | +| atl.cpp:718:8:718:10 | Add | 0 | const class:0 & | +| atl.cpp:719:7:719:10 | Find | 0 | const class:0 & | +| atl.cpp:730:6:730:15 | operator[] | 0 | int | +| atl.cpp:731:21:731:29 | operator= | 0 | const CSimpleArray & | +| atl.cpp:764:8:764:10 | Add | 0 | const class:0 & | +| atl.cpp:764:8:764:10 | Add | 1 | const class:1 & | +| atl.cpp:765:7:765:13 | FindKey | 0 | const class:0 & | +| atl.cpp:766:7:766:13 | FindVal | 0 | const class:1 & | +| atl.cpp:769:9:769:18 | GetValueAt | 0 | int | +| atl.cpp:770:8:770:13 | Lookup | 0 | const class:0 & | +| atl.cpp:774:8:774:20 | ReverseLookup | 0 | const class:1 & | +| atl.cpp:775:8:775:12 | SetAt | 0 | const class:0 & | +| atl.cpp:775:8:775:12 | SetAt | 1 | const class:1 & | +| atl.cpp:776:8:776:17 | SetAtIndex | 0 | int | +| atl.cpp:776:8:776:17 | SetAtIndex | 1 | const class:0 & | +| atl.cpp:776:8:776:17 | SetAtIndex | 2 | const class:1 & | +| atl.cpp:815:9:815:17 | operator= | 0 | const CUrl & | +| atl.cpp:817:3:817:6 | CUrl | 0 | const CUrl & | +| atl.cpp:820:15:820:26 | Canonicalize | 0 | DWORD | +| atl.cpp:823:8:823:15 | CrackUrl | 0 | LPCTSTR | +| atl.cpp:823:8:823:15 | CrackUrl | 1 | DWORD | +| atl.cpp:824:15:824:23 | CreateUrl | 0 | LPTSTR | +| atl.cpp:824:15:824:23 | CreateUrl | 1 | DWORD * | +| atl.cpp:824:15:824:23 | CreateUrl | 2 | DWORD | +| atl.cpp:841:15:841:26 | SetExtraInfo | 0 | LPCTSTR | +| atl.cpp:842:15:842:25 | SetHostName | 0 | LPCTSTR | +| atl.cpp:843:15:843:25 | SetPassword | 0 | LPCTSTR | +| atl.cpp:844:15:844:27 | SetPortNumber | 0 | ATL_URL_PORT | +| atl.cpp:845:15:845:23 | SetScheme | 0 | ATL_URL_SCHEME | +| atl.cpp:846:15:846:27 | SetSchemeName | 0 | LPCTSTR | +| atl.cpp:847:15:847:24 | SetUrlPath | 0 | LPCTSTR | +| atl.cpp:848:15:848:25 | SetUserName | 0 | LPCTSTR | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | From b42bffc55cf9083da1b1f976bef10fc45cdb5358 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:09:45 +0000 Subject: [PATCH 02/16] C++: Add CSimpleStringT tests. --- .../dataflow/taint-tests/atl.cpp | 112 +++++++++++++++++- .../dataflow/taint-tests/localTaint.expected | 76 ++++++++++++ .../taint-tests/test_mad-signatures.expected | 33 ++++++ 3 files changed, 220 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 4b7d293b117e..699666c09b57 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -898,4 +898,114 @@ void test_CUrl() { url2.SetUserName(x); sink(url2); // $ ir } -} \ No newline at end of file +} + +struct IAtlStringMgr {}; // simplified + +using XCHAR = char; +using YCHAR = wchar_t; + +template +struct CSimpleStringT { + using PCXSTR = const BaseType*; // simplified + using PXSTR = BaseType*; // simplified + + CSimpleStringT() throw(); + CSimpleStringT(const XCHAR* pchSrc, int nLength, IAtlStringMgr* pStringMgr); + CSimpleStringT(PCXSTR pszSrc, IAtlStringMgr* pStringMgr); + CSimpleStringT(const CSimpleStringT& strSrc); + + ~CSimpleStringT() throw(); + + void Append(const CSimpleStringT& strSrc); + void Append(PCXSTR pszSrc, int nLength); + void Append(PCXSTR pszSrc); + + void AppendChar(XCHAR ch); + + static void CopyChars(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); + static void CopyChars(XCHAR* pchDest, size_t nDestLen, const XCHAR* pchSrc, int nChars) throw(); + static void CopyCharsOverlapped(XCHAR* pchDest, const XCHAR* pchSrc, int nChars) throw(); + + XCHAR GetAt(int iChar) const; + PXSTR GetBuffer(int nMinBufferLength); + PXSTR GetBuffer(); + PXSTR GetBufferSetLength(int nLength); + + PCXSTR GetString() const throw(); + PXSTR LockBuffer(); + void SetAt(int iChar, XCHAR ch); + void SetString(PCXSTR pszSrc, int nLength); + void SetString(PCXSTR pszSrc); + operator PCXSTR() const throw(); + XCHAR operator[](int iChar) const; + + CSimpleStringT& operator+=(PCXSTR pszSrc); + CSimpleStringT& operator+=(const CSimpleStringT& strSrc); + CSimpleStringT& operator+=(char ch); + CSimpleStringT& operator+=(unsigned char ch); + CSimpleStringT& operator+=(wchar_t ch); + + CSimpleStringT& operator=(PCXSTR pszSrc); + CSimpleStringT& operator=(const CSimpleStringT& strSrc); +}; + +void test_CSimpleStringT() { + char* x = indirect_source(); + + CSimpleStringT s1(x, 10, nullptr); + sink(s1.GetString()); // $ MISSING: ir + + CSimpleStringT s2(x, nullptr); + sink(s2.GetString()); // $ MISSING: ir + + CSimpleStringT s3(s2); + sink(s3.GetString()); // $ MISSING: ir + + CSimpleStringT s4; + s4.Append(indirect_source()); + sink(s4.GetString()); // $ MISSING: ir + + CSimpleStringT s5; + s5.Append(s4); + sink(s5.GetString()); // $ MISSING: ir + + CSimpleStringT s6; + s6.Append(indirect_source(), 42); + sink(s6.GetString()); // $ MISSING: ir + + char buffer1[128]; + CSimpleStringT::CopyChars(buffer1, x, 10); + sink(buffer1); // $ ast MISSING: ir + + char buffer2[128]; + CSimpleStringT::CopyChars(buffer2, 128, x, 10); + sink(buffer2); // $ ast MISSING: ir + + char buffer3[128]; + CSimpleStringT::CopyCharsOverlapped(buffer3, x, 10); + sink(buffer3); // $ ast MISSING: ir + + sink(s4.GetAt(0)); // $ MISSING: ir + sink(s4.GetBuffer(10)); // $ MISSING: ir + sink(s4.GetBuffer()); // $ MISSING: ir + sink(s4.GetBufferSetLength(10)); // $ MISSING: ir + + sink(s4.LockBuffer()); + + CSimpleStringT s7; + s7.SetAt(0, source()); + sink(s7.GetAt(0)); // $ MISSING: ir + + CSimpleStringT s8; + s8.SetString(indirect_source()); + sink(s8.GetAt(0)); // $ MISSING: ir + + CSimpleStringT s9; + s9.SetString(indirect_source(), 1024); + sink(s9.GetAt(0)); // $ MISSING: ir + + sink(static_cast::PCXSTR>(s1)); // $ MISSING: ir + + sink(s1[0]); // $ MISSING: ir +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 5d2a8075a8b6..12f9044de8b3 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -946,6 +946,82 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:897:10:897:13 | call to CUrl | atl.cpp:900:3:900:3 | url2 | | | atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:899:10:899:13 | url2 | | | atl.cpp:898:5:898:8 | ref arg url2 | atl.cpp:900:3:900:3 | url2 | | +| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:956:27:956:27 | x | | +| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:959:27:959:27 | x | | +| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:978:44:978:44 | x | | +| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:982:49:982:49 | x | | +| atl.cpp:954:13:954:33 | call to indirect_source | atl.cpp:986:54:986:54 | x | | +| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:957:8:957:9 | s1 | | +| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1008:50:1008:51 | s1 | | +| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1010:8:1010:9 | s1 | | +| atl.cpp:956:27:956:41 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s1 | | +| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:960:8:960:9 | s2 | | +| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:962:27:962:28 | s2 | | +| atl.cpp:959:27:959:37 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s2 | | +| atl.cpp:962:27:962:28 | s2 | atl.cpp:962:27:962:29 | call to CSimpleStringT | | +| atl.cpp:962:27:962:29 | call to CSimpleStringT | atl.cpp:963:8:963:9 | s3 | | +| atl.cpp:962:27:962:29 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s3 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:966:3:966:4 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:967:8:967:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:970:13:970:14 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:989:8:989:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:990:8:990:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:991:8:991:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:992:8:992:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:994:8:994:9 | s4 | | +| atl.cpp:965:24:965:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:967:8:967:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:970:13:970:14 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:989:8:989:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:990:8:990:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:991:8:991:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | +| atl.cpp:966:3:966:4 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:970:3:970:4 | s5 | | +| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:971:8:971:9 | s5 | | +| atl.cpp:969:24:969:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s5 | | +| atl.cpp:970:3:970:4 | ref arg s5 | atl.cpp:971:8:971:9 | s5 | | +| atl.cpp:970:3:970:4 | ref arg s5 | atl.cpp:1011:1:1011:1 | s5 | | +| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:974:3:974:4 | s6 | | +| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:975:8:975:9 | s6 | | +| atl.cpp:973:24:973:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s6 | | +| atl.cpp:974:3:974:4 | ref arg s6 | atl.cpp:975:8:975:9 | s6 | | +| atl.cpp:974:3:974:4 | ref arg s6 | atl.cpp:1011:1:1011:1 | s6 | | +| atl.cpp:977:8:977:14 | buffer1 | atl.cpp:978:35:978:41 | buffer1 | | +| atl.cpp:977:8:977:14 | buffer1 | atl.cpp:979:8:979:14 | buffer1 | | +| atl.cpp:978:35:978:41 | ref arg buffer1 | atl.cpp:979:8:979:14 | buffer1 | | +| atl.cpp:981:8:981:14 | buffer2 | atl.cpp:982:35:982:41 | buffer2 | | +| atl.cpp:981:8:981:14 | buffer2 | atl.cpp:983:8:983:14 | buffer2 | | +| atl.cpp:982:35:982:41 | ref arg buffer2 | atl.cpp:983:8:983:14 | buffer2 | | +| atl.cpp:985:8:985:14 | buffer3 | atl.cpp:986:45:986:51 | buffer3 | | +| atl.cpp:985:8:985:14 | buffer3 | atl.cpp:987:8:987:14 | buffer3 | | +| atl.cpp:986:45:986:51 | ref arg buffer3 | atl.cpp:987:8:987:14 | buffer3 | | +| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:991:8:991:9 | s4 | | +| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | +| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | +| atl.cpp:990:8:990:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:992:8:992:9 | s4 | | +| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | +| atl.cpp:991:8:991:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:992:8:992:9 | ref arg s4 | atl.cpp:994:8:994:9 | s4 | | +| atl.cpp:992:8:992:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:994:8:994:9 | ref arg s4 | atl.cpp:1011:1:1011:1 | s4 | | +| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:997:3:997:4 | s7 | | +| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:998:8:998:9 | s7 | | +| atl.cpp:996:24:996:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s7 | | +| atl.cpp:997:3:997:4 | ref arg s7 | atl.cpp:998:8:998:9 | s7 | | +| atl.cpp:997:3:997:4 | ref arg s7 | atl.cpp:1011:1:1011:1 | s7 | | +| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1001:3:1001:4 | s8 | | +| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1002:8:1002:9 | s8 | | +| atl.cpp:1000:24:1000:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s8 | | +| atl.cpp:1001:3:1001:4 | ref arg s8 | atl.cpp:1002:8:1002:9 | s8 | | +| atl.cpp:1001:3:1001:4 | ref arg s8 | atl.cpp:1011:1:1011:1 | s8 | | +| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1005:3:1005:4 | s9 | | +| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1006:8:1006:9 | s9 | | +| atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s9 | | +| atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1006:8:1006:9 | s9 | | +| atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1011:1:1011:1 | s9 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index f2c86c8c8465..66826c50badd 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -83,6 +83,8 @@ signatureMatches | atl.cpp:846:15:846:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:847:15:847:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:848:15:848:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:921:8:921:13 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:938:8:938:16 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | @@ -670,6 +672,37 @@ getParameterTypeName | atl.cpp:846:15:846:27 | SetSchemeName | 0 | LPCTSTR | | atl.cpp:847:15:847:24 | SetUrlPath | 0 | LPCTSTR | | atl.cpp:848:15:848:25 | SetUserName | 0 | LPCTSTR | +| atl.cpp:903:8:903:8 | operator= | 0 | IAtlStringMgr && | +| atl.cpp:903:8:903:8 | operator= | 0 | const IAtlStringMgr & | +| atl.cpp:914:3:914:16 | CSimpleStringT | 0 | const XCHAR * | +| atl.cpp:914:3:914:16 | CSimpleStringT | 1 | int | +| atl.cpp:914:3:914:16 | CSimpleStringT | 2 | IAtlStringMgr * | +| atl.cpp:915:3:915:16 | CSimpleStringT | 0 | PCXSTR | +| atl.cpp:915:3:915:16 | CSimpleStringT | 1 | IAtlStringMgr * | +| atl.cpp:916:3:916:16 | CSimpleStringT | 0 | const CSimpleStringT & | +| atl.cpp:920:8:920:13 | Append | 0 | const CSimpleStringT & | +| atl.cpp:921:8:921:13 | Append | 0 | PCXSTR | +| atl.cpp:921:8:921:13 | Append | 1 | int | +| atl.cpp:922:8:922:13 | Append | 0 | PCXSTR | +| atl.cpp:926:15:926:23 | CopyChars | 0 | XCHAR * | +| atl.cpp:926:15:926:23 | CopyChars | 1 | const XCHAR * | +| atl.cpp:926:15:926:23 | CopyChars | 2 | int | +| atl.cpp:927:15:927:23 | CopyChars | 0 | XCHAR * | +| atl.cpp:927:15:927:23 | CopyChars | 1 | size_t | +| atl.cpp:927:15:927:23 | CopyChars | 2 | const XCHAR * | +| atl.cpp:927:15:927:23 | CopyChars | 3 | int | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 0 | XCHAR * | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 1 | const XCHAR * | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | 2 | int | +| atl.cpp:930:9:930:13 | GetAt | 0 | int | +| atl.cpp:931:9:931:17 | GetBuffer | 0 | int | +| atl.cpp:933:9:933:26 | GetBufferSetLength | 0 | int | +| atl.cpp:937:8:937:12 | SetAt | 0 | int | +| atl.cpp:937:8:937:12 | SetAt | 1 | XCHAR | +| atl.cpp:938:8:938:16 | SetString | 0 | PCXSTR | +| atl.cpp:938:8:938:16 | SetString | 1 | int | +| atl.cpp:939:8:939:16 | SetString | 0 | PCXSTR | +| atl.cpp:941:9:941:18 | operator[] | 0 | int | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | From ba0ba15e881972e447a21315c84cf4b82ffe1793 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:12:22 +0000 Subject: [PATCH 03/16] C++: Add CSimpleStringT model and accept tests. --- cpp/ql/lib/ext/CSimpleStringT.model.yml | 41 ++++++++++++ .../dataflow/external-models/flow.expected | 10 +-- .../external-models/validatemodels.expected | 7 +++ .../dataflow/taint-tests/atl.cpp | 36 +++++------ .../taint-tests/test_mad-signatures.expected | 63 +++++++++++++++++++ 5 files changed, 134 insertions(+), 23 deletions(-) create mode 100644 cpp/ql/lib/ext/CSimpleStringT.model.yml diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml new file mode 100644 index 000000000000..820f375e791a --- /dev/null +++ b/cpp/ql/lib/ext/CSimpleStringT.model.yml @@ -0,0 +1,41 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CSimpleStringT", True, "CSimpleStringT", "(const XCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "CSimpleStringT", "(PCXSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"] + - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "value", "manual"] + - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"] + - ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CSimpleStringT", True, "LockString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CSimpleStringT", True, "operator[]", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 42435f6c44f7..864979fd02b3 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -10,14 +10,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:801 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:799 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:800 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:837 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:835 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:836 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:800 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:836 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:801 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:837 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index b2c54e67c2ff..15cc054d5042 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -18,11 +18,17 @@ | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | | Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. | | Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. | +| Dubious signature "(PCXSTR,IAtlStringMgr *)" in summary model. | +| Dubious signature "(XCHAR *,const XCHAR *,int)" in summary model. | +| Dubious signature "(XCHAR *,size_t,const XCHAR *,int)" in summary model. | | Dubious signature "(const CComBSTR &)" in summary model. | | Dubious signature "(const CComSafeArray &)" in summary model. | +| Dubious signature "(const CSimpleStringT &)" in summary model. | +| Dubious signature "(const CStaticString &)" in summary model. | | Dubious signature "(const SAFEARRAY &)" in summary model. | | Dubious signature "(const SAFEARRAY *)" in summary model. | | Dubious signature "(const T &,BOOL)" in summary model. | +| Dubious signature "(const XCHAR *,int,IAtlStringMgr *)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | | Dubious signature "(const forward_list &)" in summary model. | @@ -43,5 +49,6 @@ | Dubious signature "(list &&,const Allocator &)" in summary model. | | Dubious signature "(size_type,const T &)" in summary model. | | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. | +| Dubious signature "(unsigned char)" in summary model. | | Dubious signature "(vector &&)" in summary model. | | Dubious signature "(vector &&,const Allocator &)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 699666c09b57..b6f614c45a3e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -954,58 +954,58 @@ void test_CSimpleStringT() { char* x = indirect_source(); CSimpleStringT s1(x, 10, nullptr); - sink(s1.GetString()); // $ MISSING: ir + sink(s1.GetString()); // $ ir CSimpleStringT s2(x, nullptr); - sink(s2.GetString()); // $ MISSING: ir + sink(s2.GetString()); // $ ir CSimpleStringT s3(s2); - sink(s3.GetString()); // $ MISSING: ir + sink(s3.GetString()); // $ ir CSimpleStringT s4; s4.Append(indirect_source()); - sink(s4.GetString()); // $ MISSING: ir + sink(s4.GetString()); // $ ir CSimpleStringT s5; s5.Append(s4); - sink(s5.GetString()); // $ MISSING: ir + sink(s5.GetString()); // $ ir CSimpleStringT s6; s6.Append(indirect_source(), 42); - sink(s6.GetString()); // $ MISSING: ir + sink(s6.GetString()); // $ ir char buffer1[128]; CSimpleStringT::CopyChars(buffer1, x, 10); - sink(buffer1); // $ ast MISSING: ir + sink(buffer1); // $ ast ir char buffer2[128]; CSimpleStringT::CopyChars(buffer2, 128, x, 10); - sink(buffer2); // $ ast MISSING: ir + sink(buffer2); // $ ast ir char buffer3[128]; CSimpleStringT::CopyCharsOverlapped(buffer3, x, 10); - sink(buffer3); // $ ast MISSING: ir + sink(buffer3); // $ ast ir - sink(s4.GetAt(0)); // $ MISSING: ir - sink(s4.GetBuffer(10)); // $ MISSING: ir - sink(s4.GetBuffer()); // $ MISSING: ir - sink(s4.GetBufferSetLength(10)); // $ MISSING: ir + sink(s4.GetAt(0)); // $ ir + sink(s4.GetBuffer(10)); // $ ir + sink(s4.GetBuffer()); // $ ir + sink(s4.GetBufferSetLength(10)); // $ ir sink(s4.LockBuffer()); CSimpleStringT s7; s7.SetAt(0, source()); - sink(s7.GetAt(0)); // $ MISSING: ir + sink(s7.GetAt(0)); // $ ir CSimpleStringT s8; s8.SetString(indirect_source()); - sink(s8.GetAt(0)); // $ MISSING: ir + sink(s8.GetAt(0)); // $ ir CSimpleStringT s9; s9.SetString(indirect_source(), 1024); - sink(s9.GetAt(0)); // $ MISSING: ir + sink(s9.GetAt(0)); // $ ir - sink(static_cast::PCXSTR>(s1)); // $ MISSING: ir + sink(static_cast::PCXSTR>(s1)); // $ ir - sink(s1[0]); // $ MISSING: ir + sink(s1[0]); // $ ir } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 66826c50badd..071e446a5f5a 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -22,7 +22,9 @@ signatureMatches | atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | | atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | | atl.cpp:420:11:420:16 | Append | (wchar_t) | CComBSTR | Append | 0 | +| atl.cpp:420:11:420:16 | Append | (wchar_t) | CSimpleStringT | operator+= | 0 | | atl.cpp:421:11:421:16 | Append | (char) | CComBSTR | Append | 0 | +| atl.cpp:421:11:421:16 | Append | (char) | CSimpleStringT | operator+= | 0 | | atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | | atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | Append | 0 | @@ -49,6 +51,11 @@ signatureMatches | atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | | atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | | atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:617:8:617:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | CSimpleStringT | operator+= | 0 | | atl.cpp:764:8:764:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | | atl.cpp:764:8:764:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | | atl.cpp:764:8:764:10 | Add | (const list &,const Allocator &) | list | list | 1 | @@ -83,8 +90,35 @@ signatureMatches | atl.cpp:846:15:846:27 | SetSchemeName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:847:15:847:24 | SetUrlPath | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:848:15:848:25 | SetUserName | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | +| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | +| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | | atl.cpp:921:8:921:13 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:922:8:922:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | +| atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:927:15:927:23 | CopyChars | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 3 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | +| atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | atl.cpp:938:8:938:16 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CSimpleStringT | operator+= | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | @@ -357,13 +391,20 @@ signatureMatches | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 0 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 1 | | string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 | +| string.cpp:20:6:20:9 | sink | (char) | CSimpleStringT | operator+= | 0 | | taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:142:5:142:10 | select | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| taint.cpp:142:5:142:10 | select | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| taint.cpp:190:7:190:12 | memcpy | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| taint.cpp:190:7:190:12 | memcpy | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 | | taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 | | taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 | | taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 | | taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 | | taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:725:10:725:15 | strtol | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | +| taint.cpp:725:10:725:15 | strtol | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 | getSignatureParameterName | (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & | @@ -409,19 +450,39 @@ getSignatureParameterName | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR | | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR | | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * | +| (PCXSTR) | CSimpleStringT | operator+= | 0 | PCXSTR | +| (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | PCXSTR | +| (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | IAtlStringMgr * | | (UINT) | CComBSTR | LoadString | 0 | UINT | | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | XCHAR * | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | const XCHAR * | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | int | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | XCHAR * | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | const XCHAR * | +| (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | int | +| (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | XCHAR * | +| (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | size_t | +| (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | const XCHAR * | +| (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 3 | int | | (char) | CComBSTR | Append | 0 | char | +| (char) | CSimpleStringT | operator+= | 0 | char | | (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & | | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & | | (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & | | (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & | +| (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | const CSimpleStringT & | +| (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | const CSimpleStringT & | +| (const CStaticString &) | CSimpleStringT | operator+= | 0 | const CStaticString & | | (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & | | (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * | | (const T &,BOOL) | CComSafeArray | Add | 0 | const class:0 & | | (const T &,BOOL) | CComSafeArray | Add | 1 | BOOL | +| (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | const XCHAR * | +| (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | int | +| (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | IAtlStringMgr * | | (const deque &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 1 | const class:1 & | @@ -509,10 +570,12 @@ getSignatureParameterName | (size_type,const T &,const Allocator &) | vector | vector | 0 | size_type | | (size_type,const T &,const Allocator &) | vector | vector | 1 | const class:0 & | | (size_type,const T &,const Allocator &) | vector | vector | 2 | const class:1 & | +| (unsigned char) | CSimpleStringT | operator+= | 0 | unsigned char | | (vector &&) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 1 | const class:1 & | | (wchar_t) | CComBSTR | Append | 0 | wchar_t | +| (wchar_t) | CSimpleStringT | operator+= | 0 | wchar_t | getParameterTypeName | arrayassignment.cpp:3:6:3:9 | sink | 0 | int | | arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt | From 73ff33888beee117f789ed53e3f083ee9343951e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:18:37 +0000 Subject: [PATCH 04/16] C++: Add CStringT tests. --- .../dataflow/taint-tests/atl.cpp | 201 +++++++++++++ .../dataflow/taint-tests/localTaint.expected | 271 ++++++++++++++++++ .../taint-tests/test_mad-signatures.expected | 57 ++++ 3 files changed, 529 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index b6f614c45a3e..ecea0f7a53b8 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1009,3 +1009,204 @@ void test_CSimpleStringT() { sink(s1[0]); // $ ir } + +template +struct MakeOther {}; + +template<> +struct MakeOther { + using other_t = wchar_t; +}; + +template<> +struct MakeOther { + using other_t = char; +}; + +template +struct CStringT : public CSimpleStringT { + using XCHAR = BaseType; // simplified + using YCHAR = typename MakeOther::other_t; // simplified + using PCXSTR = typename CSimpleStringT::PCXSTR; + using PXSTR = typename CSimpleStringT::PXSTR; + CStringT() throw(); + + CStringT(IAtlStringMgr* pStringMgr) throw(); + CStringT(const VARIANT& varSrc); + CStringT(const VARIANT& varSrc, IAtlStringMgr* pStringMgr); + CStringT(const CStringT& strSrc); + CStringT(const CSimpleStringT& strSrc); + CStringT(const XCHAR* pszSrc); + CStringT(const YCHAR* pszSrc); + CStringT(LPCSTR pszSrc, IAtlStringMgr* pStringMgr); + CStringT(LPCWSTR pszSrc, IAtlStringMgr* pStringMgr); + CStringT(const unsigned char* pszSrc); + CStringT(char* pszSrc); + CStringT(unsigned char* pszSrc); + CStringT(wchar_t* pszSrc); + CStringT(const unsigned char* pszSrc, IAtlStringMgr* pStringMgr); + CStringT(char ch, int nLength = 1); + CStringT(wchar_t ch, int nLength = 1); + CStringT(const XCHAR* pch, int nLength); + CStringT(const YCHAR* pch, int nLength); + CStringT(const XCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); + CStringT(const YCHAR* pch, int nLength, IAtlStringMgr* pStringMgr); + + operator CSimpleStringT &(); + + ~CStringT() throw(); + + BSTR AllocSysString() const; + void AppendFormat(PCXSTR pszFormat, ...); + void AppendFormat(UINT nFormatID, ...); + int Delete(int iIndex, int nCount = 1); + int Find(PCXSTR pszSub, int iStart=0) const throw(); + int Find(XCHAR ch, int iStart=0) const throw(); + int FindOneOf(PCXSTR pszCharSet) const throw(); + void Format(UINT nFormatID, ...); + void Format(PCXSTR pszFormat, ...); + BOOL GetEnvironmentVariable(PCXSTR pszVar); + int Insert(int iIndex, PCXSTR psz); + int Insert(int iIndex, XCHAR ch); + CStringT Left(int nCount) const; + BOOL LoadString(HINSTANCE hInstance, UINT nID, WORD wLanguageID); + BOOL LoadString(HINSTANCE hInstance, UINT nID); + BOOL LoadString(UINT nID); + CStringT& MakeLower(); + CStringT& MakeReverse(); + CStringT& MakeUpper(); + CStringT Mid(int iFirst, int nCount) const; + CStringT Mid(int iFirst) const; + int Replace(PCXSTR pszOld, PCXSTR pszNew); + int Replace(XCHAR chOld, XCHAR chNew); + CStringT Right(int nCount) const; + BSTR SetSysString(BSTR* pbstr) const; + CStringT SpanExcluding(PCXSTR pszCharSet) const; + CStringT SpanIncluding(PCXSTR pszCharSet) const; + CStringT Tokenize(PCXSTR pszTokens, int& iStart) const; + CStringT& Trim(XCHAR chTarget); + CStringT& Trim(PCXSTR pszTargets); + CStringT& Trim(); + CStringT& TrimLeft(XCHAR chTarget); + CStringT& TrimLeft(PCXSTR pszTargets); + CStringT& TrimLeft(); + CStringT& TrimRight(XCHAR chTarget); + CStringT& TrimRight(PCXSTR pszTargets); + CStringT& TrimRight(); +}; + +void test_CStringT() { + VARIANT v = source(); + + CStringT s1(v); + sink(s1.GetString()); // $ ir + + CStringT s2(v, nullptr); + sink(s2.GetString()); // $ MISSING: ir + + CStringT s3(s2); + sink(s3.GetString()); // $ MISSING: ir + + char* x = indirect_source(); + CStringT s4(x); + sink(s4.GetString()); // $ ir + + wchar_t* y = indirect_source(); + CStringT s5(y); + sink(s5.GetString()); // $ ir + + CStringT s6(x, nullptr); + sink(s6.GetString()); // $ MISSING: ir + + CStringT s7(y, nullptr); + sink(s7.GetString()); // $ MISSING: ir + + unsigned char* ucs = indirect_source(); + CStringT s8(ucs); + sink(s8.GetString()); // $ ir + + char c = source(); + CStringT s9(c); + sink(s9.GetString()); // $ ir + + wchar_t wc = source(); + CStringT s10(wc); + sink(s10.GetString()); // $ ir + + sink(&s1); // $ ast ir + + auto bstr = s1.AllocSysString(); + sink(bstr); // $ MISSING: ir + + CStringT s11; + s11.AppendFormat("%d", source()); + sink(s11.GetString()); // $ MISSING: ir + + CStringT s12; + s12.AppendFormat(indirect_source()); + sink(s12.GetString()); // $ MISSING: ir + + CStringT s13; + s13.AppendFormat(source()); + sink(s13.GetString()); // $ MISSING: ir + + CStringT s14; + s14.AppendFormat(42, source()); + sink(s14.GetString()); // $ MISSING: ir + + CStringT s15; + s15.AppendFormat(42, source()); + sink(s15.GetString()); // $ MISSING: ir + + CStringT s16; + s16.AppendFormat("%s", indirect_source()); + + CStringT s17; + s17.Insert(0, x); + sink(s17.GetString()); // $ MISSING: ir + + CStringT s18; + s18.Insert(0, source()); + sink(s18.GetString()); // $ MISSING: ir + + sink(s1.Left(42).GetString()); // $ MISSING: ir + + CStringT s20; + s20.LoadString(source()); + sink(s20.GetString()); // $ MISSING: ir + + sink(s1.MakeLower().GetString()); // $ MISSING: ir + sink(s1.MakeReverse().GetString()); // $ MISSING: ir + sink(s1.MakeUpper().GetString()); // $ MISSING: ir + sink(s1.Mid(0, 42).GetString()); // $ MISSING: ir + + CStringT s21; + s21.Replace("abc", x); + sink(s21.GetString()); // $ MISSING: ir + + CStringT s22; + s22.Replace('\n', source()); + sink(s22.GetString()); // $ MISSING: ir + + sink(s2.Right(42).GetString()); // $ MISSING: ir + + BSTR bstr2; + s1.SetSysString(&bstr2); + sink(bstr2); // $ ast MISSING: ir + + sink(s1.SpanExcluding("abc").GetString()); // $ MISSING: ir + sink(s1.SpanIncluding("abc").GetString()); // $ MISSING: ir + + int start = 0; + sink(s1.Tokenize("abc", start).GetString()); // $ MISSING: ir + + sink(s1.Trim('a').GetString()); // $ MISSING: ir + sink(s1.Trim("abc").GetString()); // $ MISSING: ir + sink(s1.Trim().GetString()); // $ MISSING: ir + sink(s1.TrimLeft('a').GetString()); // $ MISSING: ir + sink(s1.TrimLeft("abc").GetString()); // $ MISSING: ir + sink(s1.TrimLeft().GetString()); // $ MISSING: ir + sink(s1.TrimRight('a').GetString()); // $ MISSING: ir + sink(s1.TrimRight("abc").GetString()); // $ MISSING: ir + sink(s1.TrimRight().GetString()); // $ MISSING: ir +} diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 12f9044de8b3..7d032aef8f9f 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -1022,6 +1022,277 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:1004:24:1004:25 | call to CSimpleStringT | atl.cpp:1011:1:1011:1 | s9 | | | atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1006:8:1006:9 | s9 | | | atl.cpp:1005:3:1005:4 | ref arg s9 | atl.cpp:1011:1:1011:1 | s9 | | +| atl.cpp:1099:15:1099:29 | call to source | atl.cpp:1101:21:1101:21 | v | | +| atl.cpp:1099:15:1099:29 | call to source | atl.cpp:1104:21:1104:21 | v | | +| atl.cpp:1101:21:1101:21 | v | atl.cpp:1101:21:1101:22 | call to CStringT | TAINT | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1102:8:1102:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1136:9:1136:10 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1138:15:1138:16 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1172:8:1172:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1178:8:1178:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1179:8:1179:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1180:8:1180:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1105:8:1105:9 | s2 | | +| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1107:21:1107:22 | s2 | | +| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1191:8:1191:9 | s2 | | +| atl.cpp:1104:21:1104:31 | call to CStringT | atl.cpp:1212:1:1212:1 | s2 | | +| atl.cpp:1107:21:1107:22 | s2 | atl.cpp:1107:21:1107:23 | call to CStringT | | +| atl.cpp:1107:21:1107:23 | call to CStringT | atl.cpp:1108:8:1108:9 | s3 | | +| atl.cpp:1107:21:1107:23 | call to CStringT | atl.cpp:1212:1:1212:1 | s3 | | +| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1111:21:1111:21 | x | | +| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1118:21:1118:21 | x | | +| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1165:17:1165:17 | x | | +| atl.cpp:1110:13:1110:33 | call to indirect_source | atl.cpp:1184:22:1184:22 | x | | +| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1118:21:1118:21 | x | | +| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1165:17:1165:17 | x | | +| atl.cpp:1111:21:1111:21 | ref arg x | atl.cpp:1184:22:1184:22 | x | | +| atl.cpp:1111:21:1111:21 | x | atl.cpp:1111:21:1111:22 | call to CStringT | TAINT | +| atl.cpp:1111:21:1111:22 | call to CStringT | atl.cpp:1112:8:1112:9 | s4 | | +| atl.cpp:1111:21:1111:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s4 | | +| atl.cpp:1114:16:1114:39 | call to indirect_source | atl.cpp:1115:24:1115:24 | y | | +| atl.cpp:1114:16:1114:39 | call to indirect_source | atl.cpp:1121:24:1121:24 | y | | +| atl.cpp:1115:24:1115:24 | ref arg y | atl.cpp:1121:24:1121:24 | y | | +| atl.cpp:1115:24:1115:24 | y | atl.cpp:1115:24:1115:25 | call to CStringT | TAINT | +| atl.cpp:1115:24:1115:25 | call to CStringT | atl.cpp:1116:8:1116:9 | s5 | | +| atl.cpp:1115:24:1115:25 | call to CStringT | atl.cpp:1212:1:1212:1 | s5 | | +| atl.cpp:1118:21:1118:31 | call to CStringT | atl.cpp:1119:8:1119:9 | s6 | | +| atl.cpp:1118:21:1118:31 | call to CStringT | atl.cpp:1212:1:1212:1 | s6 | | +| atl.cpp:1121:24:1121:34 | call to CStringT | atl.cpp:1122:8:1122:9 | s7 | | +| atl.cpp:1121:24:1121:34 | call to CStringT | atl.cpp:1212:1:1212:1 | s7 | | +| atl.cpp:1124:24:1124:53 | call to indirect_source | atl.cpp:1125:21:1125:23 | ucs | | +| atl.cpp:1125:21:1125:23 | ucs | atl.cpp:1125:21:1125:24 | call to CStringT | TAINT | +| atl.cpp:1125:21:1125:24 | call to CStringT | atl.cpp:1126:8:1126:9 | s8 | | +| atl.cpp:1125:21:1125:24 | call to CStringT | atl.cpp:1212:1:1212:1 | s8 | | +| atl.cpp:1128:12:1128:23 | call to source | atl.cpp:1129:21:1129:21 | c | | +| atl.cpp:1129:21:1129:21 | c | atl.cpp:1129:21:1129:22 | call to CStringT | TAINT | +| atl.cpp:1129:21:1129:22 | call to CStringT | atl.cpp:1130:8:1130:9 | s9 | | +| atl.cpp:1129:21:1129:22 | call to CStringT | atl.cpp:1212:1:1212:1 | s9 | | +| atl.cpp:1132:16:1132:30 | call to source | atl.cpp:1133:25:1133:26 | wc | | +| atl.cpp:1133:25:1133:26 | wc | atl.cpp:1133:25:1133:27 | call to CStringT | TAINT | +| atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1134:8:1134:10 | s10 | | +| atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1212:1:1212:1 | s10 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1136:9:1136:10 | s1 [inner post update] | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1138:15:1138:16 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1172:8:1172:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1178:8:1178:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1179:8:1179:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1180:8:1180:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1136:9:1136:10 | s1 | atl.cpp:1136:8:1136:10 | & ... | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1172:8:1172:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1178:8:1178:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1179:8:1179:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1138:18:1138:31 | call to AllocSysString | atl.cpp:1139:8:1139:11 | bstr | | +| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1142:3:1142:5 | s11 | | +| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1143:8:1143:10 | s11 | | +| atl.cpp:1141:18:1141:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s11 | | +| atl.cpp:1142:3:1142:5 | ref arg s11 | atl.cpp:1143:8:1143:10 | s11 | | +| atl.cpp:1142:3:1142:5 | ref arg s11 | atl.cpp:1212:1:1212:1 | s11 | | +| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1146:3:1146:5 | s12 | | +| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1147:8:1147:10 | s12 | | +| atl.cpp:1145:18:1145:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s12 | | +| atl.cpp:1146:3:1146:5 | ref arg s12 | atl.cpp:1147:8:1147:10 | s12 | | +| atl.cpp:1146:3:1146:5 | ref arg s12 | atl.cpp:1212:1:1212:1 | s12 | | +| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1150:3:1150:5 | s13 | | +| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1151:8:1151:10 | s13 | | +| atl.cpp:1149:18:1149:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s13 | | +| atl.cpp:1150:3:1150:5 | ref arg s13 | atl.cpp:1151:8:1151:10 | s13 | | +| atl.cpp:1150:3:1150:5 | ref arg s13 | atl.cpp:1212:1:1212:1 | s13 | | +| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1154:3:1154:5 | s14 | | +| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1155:8:1155:10 | s14 | | +| atl.cpp:1153:18:1153:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s14 | | +| atl.cpp:1154:3:1154:5 | ref arg s14 | atl.cpp:1155:8:1155:10 | s14 | | +| atl.cpp:1154:3:1154:5 | ref arg s14 | atl.cpp:1212:1:1212:1 | s14 | | +| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1158:3:1158:5 | s15 | | +| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1159:8:1159:10 | s15 | | +| atl.cpp:1157:18:1157:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s15 | | +| atl.cpp:1158:3:1158:5 | ref arg s15 | atl.cpp:1159:8:1159:10 | s15 | | +| atl.cpp:1158:3:1158:5 | ref arg s15 | atl.cpp:1212:1:1212:1 | s15 | | +| atl.cpp:1161:18:1161:20 | call to CStringT | atl.cpp:1162:3:1162:5 | s16 | | +| atl.cpp:1161:18:1161:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s16 | | +| atl.cpp:1162:3:1162:5 | ref arg s16 | atl.cpp:1212:1:1212:1 | s16 | | +| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1165:3:1165:5 | s17 | | +| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1166:8:1166:10 | s17 | | +| atl.cpp:1164:18:1164:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s17 | | +| atl.cpp:1165:3:1165:5 | ref arg s17 | atl.cpp:1166:8:1166:10 | s17 | | +| atl.cpp:1165:3:1165:5 | ref arg s17 | atl.cpp:1212:1:1212:1 | s17 | | +| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1169:3:1169:5 | s18 | | +| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1170:8:1170:10 | s18 | | +| atl.cpp:1168:18:1168:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s18 | | +| atl.cpp:1169:3:1169:5 | ref arg s18 | atl.cpp:1170:8:1170:10 | s18 | | +| atl.cpp:1169:3:1169:5 | ref arg s18 | atl.cpp:1212:1:1212:1 | s18 | | +| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1175:3:1175:5 | s20 | | +| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1176:8:1176:10 | s20 | | +| atl.cpp:1174:18:1174:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s20 | | +| atl.cpp:1175:3:1175:5 | ref arg s20 | atl.cpp:1176:8:1176:10 | s20 | | +| atl.cpp:1175:3:1175:5 | ref arg s20 | atl.cpp:1212:1:1212:1 | s20 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1179:8:1179:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1178:8:1178:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1180:8:1180:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1179:8:1179:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1181:8:1181:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1194:3:1194:4 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1180:8:1180:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1184:3:1184:5 | s21 | | +| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1185:8:1185:10 | s21 | | +| atl.cpp:1183:18:1183:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s21 | | +| atl.cpp:1184:3:1184:5 | ref arg s21 | atl.cpp:1185:8:1185:10 | s21 | | +| atl.cpp:1184:3:1184:5 | ref arg s21 | atl.cpp:1212:1:1212:1 | s21 | | +| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1188:3:1188:5 | s22 | | +| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1189:8:1189:10 | s22 | | +| atl.cpp:1187:18:1187:20 | call to CStringT | atl.cpp:1212:1:1212:1 | s22 | | +| atl.cpp:1188:3:1188:5 | ref arg s22 | atl.cpp:1189:8:1189:10 | s22 | | +| atl.cpp:1188:3:1188:5 | ref arg s22 | atl.cpp:1212:1:1212:1 | s22 | | +| atl.cpp:1193:8:1193:12 | bstr2 | atl.cpp:1194:20:1194:24 | bstr2 | | +| atl.cpp:1193:8:1193:12 | bstr2 | atl.cpp:1195:8:1195:12 | bstr2 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1197:8:1197:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1198:8:1198:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1201:8:1201:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1203:8:1203:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1194:3:1194:4 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1194:19:1194:24 | ref arg & ... | atl.cpp:1194:20:1194:24 | bstr2 [inner post update] | | +| atl.cpp:1194:19:1194:24 | ref arg & ... | atl.cpp:1195:8:1195:12 | bstr2 | | +| atl.cpp:1194:20:1194:24 | bstr2 | atl.cpp:1194:19:1194:24 | & ... | | +| atl.cpp:1200:14:1200:15 | 0 | atl.cpp:1201:27:1201:31 | start | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1204:8:1204:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1203:8:1203:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1205:8:1205:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1204:8:1204:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1206:8:1206:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1205:8:1205:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1207:8:1207:9 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1206:8:1206:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1208:8:1208:9 | s1 | | +| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1207:8:1207:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1209:8:1209:9 | s1 | | +| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1208:8:1208:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1210:8:1210:9 | s1 | | +| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1209:8:1209:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | +| atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1211:8:1211:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index 071e446a5f5a..f79abc9b7afc 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -119,6 +119,22 @@ signatureMatches | atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | atl.cpp:938:8:938:16 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | | atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1036:3:1036:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1041:3:1041:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1042:3:1042:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1048:3:1048:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1049:3:1049:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:1074:8:1074:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | +| atl.cpp:1074:8:1074:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:1078:12:1078:14 | Mid | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | CSimpleStringT | operator+= | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | @@ -766,6 +782,47 @@ getParameterTypeName | atl.cpp:938:8:938:16 | SetString | 1 | int | | atl.cpp:939:8:939:16 | SetString | 0 | PCXSTR | | atl.cpp:941:9:941:18 | operator[] | 0 | int | +| atl.cpp:1035:3:1035:10 | CStringT | 0 | const VARIANT & | +| atl.cpp:1036:3:1036:10 | CStringT | 0 | const VARIANT & | +| atl.cpp:1036:3:1036:10 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1037:3:1037:10 | CStringT | 0 | const CStringT & | +| atl.cpp:1041:3:1041:10 | CStringT | 0 | LPCSTR | +| atl.cpp:1041:3:1041:10 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1042:3:1042:10 | CStringT | 0 | LPCWSTR | +| atl.cpp:1042:3:1042:10 | CStringT | 1 | IAtlStringMgr * | +| atl.cpp:1044:3:1044:10 | CStringT | 0 | char * | +| atl.cpp:1045:3:1045:10 | CStringT | 0 | unsigned char * | +| atl.cpp:1046:3:1046:10 | CStringT | 0 | wchar_t * | +| atl.cpp:1048:3:1048:10 | CStringT | 0 | char | +| atl.cpp:1048:3:1048:10 | CStringT | 1 | int | +| atl.cpp:1049:3:1049:10 | CStringT | 0 | wchar_t | +| atl.cpp:1049:3:1049:10 | CStringT | 1 | int | +| atl.cpp:1060:8:1060:19 | AppendFormat | 0 | PCXSTR | +| atl.cpp:1061:8:1061:19 | AppendFormat | 0 | UINT | +| atl.cpp:1069:7:1069:12 | Insert | 0 | int | +| atl.cpp:1069:7:1069:12 | Insert | 1 | PCXSTR | +| atl.cpp:1070:7:1070:12 | Insert | 0 | int | +| atl.cpp:1070:7:1070:12 | Insert | 1 | XCHAR | +| atl.cpp:1071:12:1071:15 | Left | 0 | int | +| atl.cpp:1074:8:1074:17 | LoadString | 0 | UINT | +| atl.cpp:1078:12:1078:14 | Mid | 0 | int | +| atl.cpp:1078:12:1078:14 | Mid | 1 | int | +| atl.cpp:1080:7:1080:13 | Replace | 0 | PCXSTR | +| atl.cpp:1080:7:1080:13 | Replace | 1 | PCXSTR | +| atl.cpp:1081:7:1081:13 | Replace | 0 | XCHAR | +| atl.cpp:1081:7:1081:13 | Replace | 1 | XCHAR | +| atl.cpp:1082:12:1082:16 | Right | 0 | int | +| atl.cpp:1083:8:1083:19 | SetSysString | 0 | BSTR * | +| atl.cpp:1084:12:1084:24 | SpanExcluding | 0 | PCXSTR | +| atl.cpp:1085:12:1085:24 | SpanIncluding | 0 | PCXSTR | +| atl.cpp:1086:12:1086:19 | Tokenize | 0 | PCXSTR | +| atl.cpp:1086:12:1086:19 | Tokenize | 1 | int & | +| atl.cpp:1087:13:1087:16 | Trim | 0 | XCHAR | +| atl.cpp:1088:13:1088:16 | Trim | 0 | PCXSTR | +| atl.cpp:1090:13:1090:20 | TrimLeft | 0 | XCHAR | +| atl.cpp:1091:13:1091:20 | TrimLeft | 0 | PCXSTR | +| atl.cpp:1093:13:1093:21 | TrimRight | 0 | XCHAR | +| atl.cpp:1094:13:1094:21 | TrimRight | 0 | PCXSTR | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | From c604c44a5544c792ceca271839261cfa45c67d09 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:20:14 +0000 Subject: [PATCH 05/16] C++: Add CStringT model and accept tests. --- cpp/ql/lib/ext/CStringT.model.yml | 118 ++++++++ .../dataflow/external-models/flow.expected | 10 +- .../external-models/validatemodels.expected | 25 ++ .../dataflow/taint-tests/atl.cpp | 60 ++-- .../taint-tests/test_mad-signatures.expected | 261 ++++++++++++++++++ 5 files changed, 439 insertions(+), 35 deletions(-) create mode 100644 cpp/ql/lib/ext/CStringT.model.yml diff --git a/cpp/ql/lib/ext/CStringT.model.yml b/cpp/ql/lib/ext/CStringT.model.yml new file mode 100644 index 000000000000..ee0e0a03cc69 --- /dev/null +++ b/cpp/ql/lib/ext/CStringT.model.yml @@ -0,0 +1,118 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance + - ["", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const YCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(LPCSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(LPCWSTR,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(char,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const YCHAR *,int,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "AllocSysString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "AppendFormat", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "AppendFormat", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Format", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(PCXSTR,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessage", "(UINT,...)", "", "Argument[*1..8]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatMessageV", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatV", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "FormatV", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Insert", "(int,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Insert", "(int,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Left", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "Right", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "LoadString", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "LoadString", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "MakeLower", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "MakeReverse", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "MakeUpper", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "Mid", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "Replace", "(PCXSTR,PCXSTR)", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "Replace", "(XCHAR,XCHAR)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] + - ["", "CStringT", True, "SetSysString", "", "", "Argument[-1]", "Argument[**0]", "value", "manual"] + - ["", "CStringT", True, "SpanExcluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "SpanIncluding", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "Tokenize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["", "CStringT", True, "Trim", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "TrimLeft", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "TrimRight", "", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const CStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const unsigned char *)", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(XCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(YCHAR)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "operator=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "value", "manual"] + - ["", "", True, "operator+", "(const CStringT &,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(const CStringT &,PCXSTR)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(PCXSTR,const CStringT &)", "", "Argument[*0..1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(char,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(const CStringT &,char)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[*0]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(const CStringT &,wchar_t)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(wchar_t, const CStringT &)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+", "(wchar_t,const CStringT &)", "", "Argument[*1]", "ReturnValue", "taint", "manual"] + - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(const CSimpleStringT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(const CStaticString &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCXSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(PCYSTR)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(unsigned char)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(wchar_t)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] + - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "", True, "operator+=", "(const VARIANT &)", "", "Argument[-1]", "ReturnValue[*]", "taint", "manual"] \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 864979fd02b3..4090e60b7695 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -10,14 +10,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:837 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:835 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:836 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:950 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:948 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:949 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:836 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:949 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:837 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:950 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 15cc054d5042..85793f40aee0 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -7,6 +7,7 @@ | Dubious member name "operator PCXSTR" in summary model. | | Dubious member name "operator&" in summary model. | | Dubious member name "operator*" in summary model. | +| Dubious member name "operator+" in summary model. | | Dubious member name "operator+=" in summary model. | | Dubious member name "operator->" in summary model. | | Dubious member name "operator=" in summary model. | @@ -16,25 +17,45 @@ | Dubious signature "(CRegKey &)" in summary model. | | Dubious signature "(DWORD &,LPCTSTR)" in summary model. | | Dubious signature "(InputIterator,InputIterator,const Allocator &)" in summary model. | +| Dubious signature "(LPCSTR,IAtlStringMgr *)" in summary model. | | Dubious signature "(LPCTSTR,DWORD *,void *,ULONG *)" in summary model. | +| Dubious signature "(LPCWSTR,IAtlStringMgr *)" in summary model. | | Dubious signature "(LPTSTR,LPCTSTR,DWORD *)" in summary model. | | Dubious signature "(PCXSTR,IAtlStringMgr *)" in summary model. | +| Dubious signature "(PCXSTR,const CStringT &)" in summary model. | | Dubious signature "(XCHAR *,const XCHAR *,int)" in summary model. | | Dubious signature "(XCHAR *,size_t,const XCHAR *,int)" in summary model. | +| Dubious signature "(char *)" in summary model. | +| Dubious signature "(char,const CStringT &)" in summary model. | | Dubious signature "(const CComBSTR &)" in summary model. | | Dubious signature "(const CComSafeArray &)" in summary model. | | Dubious signature "(const CSimpleStringT &)" in summary model. | | Dubious signature "(const CStaticString &)" in summary model. | +| Dubious signature "(const CStringT &)" in summary model. | +| Dubious signature "(const CStringT &,PCXSTR)" in summary model. | +| Dubious signature "(const CStringT &,char)" in summary model. | +| Dubious signature "(const CStringT &,const CStringT &)" in summary model. | +| Dubious signature "(const CStringT &,wchar_t)" in summary model. | | Dubious signature "(const SAFEARRAY &)" in summary model. | | Dubious signature "(const SAFEARRAY *)" in summary model. | | Dubious signature "(const T &,BOOL)" in summary model. | +| Dubious signature "(const VARIANT &)" in summary model. | +| Dubious signature "(const VARIANT &,IAtlStringMgr *)" in summary model. | +| Dubious signature "(const XCHAR *)" in summary model. | +| Dubious signature "(const XCHAR *,int)" in summary model. | +| Dubious signature "(const XCHAR *,int,AtlStringMgr *)" in summary model. | | Dubious signature "(const XCHAR *,int,IAtlStringMgr *)" in summary model. | +| Dubious signature "(const YCHAR *)" in summary model. | +| Dubious signature "(const YCHAR *,int)" in summary model. | +| Dubious signature "(const YCHAR *,int,IAtlStringMgr *)" in summary model. | | Dubious signature "(const deque &)" in summary model. | | Dubious signature "(const deque &,const Allocator &)" in summary model. | | Dubious signature "(const forward_list &)" in summary model. | | Dubious signature "(const forward_list &,const Allocator &)" in summary model. | | Dubious signature "(const list &)" in summary model. | | Dubious signature "(const list &,const Allocator &)" in summary model. | +| Dubious signature "(const unsigned char *)" in summary model. | +| Dubious signature "(const unsigned char *,IAtlStringMgr *)" in summary model. | | Dubious signature "(const vector &)" in summary model. | | Dubious signature "(const vector &,const Allocator &)" in summary model. | | Dubious signature "(const_iterator,T &&)" in summary model. | @@ -49,6 +70,10 @@ | Dubious signature "(list &&,const Allocator &)" in summary model. | | Dubious signature "(size_type,const T &)" in summary model. | | Dubious signature "(size_type,const T &,const Allocator &)" in summary model. | +| Dubious signature "(unsigned char *)" in summary model. | | Dubious signature "(unsigned char)" in summary model. | | Dubious signature "(vector &&)" in summary model. | | Dubious signature "(vector &&,const Allocator &)" in summary model. | +| Dubious signature "(wchar_t *)" in summary model. | +| Dubious signature "(wchar_t, const CStringT &)" in summary model. | +| Dubious signature "(wchar_t,const CStringT &)" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index ecea0f7a53b8..a20d0b1b899e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1102,10 +1102,10 @@ void test_CStringT() { sink(s1.GetString()); // $ ir CStringT s2(v, nullptr); - sink(s2.GetString()); // $ MISSING: ir + sink(s2.GetString()); // $ ir CStringT s3(s2); - sink(s3.GetString()); // $ MISSING: ir + sink(s3.GetString()); // $ ir char* x = indirect_source(); CStringT s4(x); @@ -1116,10 +1116,10 @@ void test_CStringT() { sink(s5.GetString()); // $ ir CStringT s6(x, nullptr); - sink(s6.GetString()); // $ MISSING: ir + sink(s6.GetString()); // $ ir CStringT s7(y, nullptr); - sink(s7.GetString()); // $ MISSING: ir + sink(s7.GetString()); // $ ir unsigned char* ucs = indirect_source(); CStringT s8(ucs); @@ -1136,7 +1136,7 @@ void test_CStringT() { sink(&s1); // $ ast ir auto bstr = s1.AllocSysString(); - sink(bstr); // $ MISSING: ir + sink(bstr); // $ ir CStringT s11; s11.AppendFormat("%d", source()); @@ -1163,50 +1163,50 @@ void test_CStringT() { CStringT s17; s17.Insert(0, x); - sink(s17.GetString()); // $ MISSING: ir + sink(s17.GetString()); // $ ir CStringT s18; s18.Insert(0, source()); - sink(s18.GetString()); // $ MISSING: ir + sink(s18.GetString()); // $ ir - sink(s1.Left(42).GetString()); // $ MISSING: ir + sink(s1.Left(42).GetString()); // $ ir CStringT s20; s20.LoadString(source()); - sink(s20.GetString()); // $ MISSING: ir + sink(s20.GetString()); // $ ir - sink(s1.MakeLower().GetString()); // $ MISSING: ir - sink(s1.MakeReverse().GetString()); // $ MISSING: ir - sink(s1.MakeUpper().GetString()); // $ MISSING: ir - sink(s1.Mid(0, 42).GetString()); // $ MISSING: ir + sink(s1.MakeLower().GetString()); // $ ir + sink(s1.MakeReverse().GetString()); // $ ir + sink(s1.MakeUpper().GetString()); // $ ir + sink(s1.Mid(0, 42).GetString()); // $ ir CStringT s21; s21.Replace("abc", x); - sink(s21.GetString()); // $ MISSING: ir + sink(s21.GetString()); // $ ir CStringT s22; s22.Replace('\n', source()); - sink(s22.GetString()); // $ MISSING: ir + sink(s22.GetString()); // $ ir - sink(s2.Right(42).GetString()); // $ MISSING: ir + sink(s2.Right(42).GetString()); // $ ir BSTR bstr2; s1.SetSysString(&bstr2); - sink(bstr2); // $ ast MISSING: ir + sink(bstr2); // $ ast ir - sink(s1.SpanExcluding("abc").GetString()); // $ MISSING: ir - sink(s1.SpanIncluding("abc").GetString()); // $ MISSING: ir + sink(s1.SpanExcluding("abc").GetString()); // $ ir + sink(s1.SpanIncluding("abc").GetString()); // $ ir int start = 0; - sink(s1.Tokenize("abc", start).GetString()); // $ MISSING: ir - - sink(s1.Trim('a').GetString()); // $ MISSING: ir - sink(s1.Trim("abc").GetString()); // $ MISSING: ir - sink(s1.Trim().GetString()); // $ MISSING: ir - sink(s1.TrimLeft('a').GetString()); // $ MISSING: ir - sink(s1.TrimLeft("abc").GetString()); // $ MISSING: ir - sink(s1.TrimLeft().GetString()); // $ MISSING: ir - sink(s1.TrimRight('a').GetString()); // $ MISSING: ir - sink(s1.TrimRight("abc").GetString()); // $ MISSING: ir - sink(s1.TrimRight().GetString()); // $ MISSING: ir + sink(s1.Tokenize("abc", start).GetString()); // $ ir + + sink(s1.Trim('a').GetString()); // $ ir + sink(s1.Trim("abc").GetString()); // $ ir + sink(s1.Trim().GetString()); // $ ir + sink(s1.TrimLeft('a').GetString()); // $ ir + sink(s1.TrimLeft("abc").GetString()); // $ ir + sink(s1.TrimLeft().GetString()); // $ ir + sink(s1.TrimRight('a').GetString()); // $ ir + sink(s1.TrimRight("abc").GetString()); // $ ir + sink(s1.TrimRight().GetString()); // $ ir } diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index f79abc9b7afc..a890610c695c 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -21,8 +21,10 @@ signatureMatches | atl.cpp:416:3:416:10 | CComBSTR | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | | atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | Append | 0 | | atl.cpp:419:11:419:16 | Append | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | +| atl.cpp:420:11:420:16 | Append | (wchar_t) | | operator+= | 0 | | atl.cpp:420:11:420:16 | Append | (wchar_t) | CComBSTR | Append | 0 | | atl.cpp:420:11:420:16 | Append | (wchar_t) | CSimpleStringT | operator+= | 0 | +| atl.cpp:421:11:421:16 | Append | (char) | | operator+= | 0 | | atl.cpp:421:11:421:16 | Append | (char) | CComBSTR | Append | 0 | | atl.cpp:421:11:421:16 | Append | (char) | CSimpleStringT | operator+= | 0 | | atl.cpp:422:11:422:16 | Append | (LPCOLESTR) | CComBSTR | Append | 0 | @@ -31,7 +33,15 @@ signatureMatches | atl.cpp:423:11:423:16 | Append | (LPCSTR) | CComBSTR | CComBSTR | 0 | | atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 0 | | atl.cpp:424:11:424:16 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:424:11:424:16 | Append | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:424:11:424:16 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:424:11:424:16 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:424:11:424:16 | Append | (wchar_t,int) | CStringT | CStringT | 1 | | atl.cpp:426:11:426:21 | AppendBytes | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:426:11:426:21 | AppendBytes | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:426:11:426:21 | AppendBytes | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:426:11:426:21 | AppendBytes | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:426:11:426:21 | AppendBytes | (wchar_t,int) | CStringT | CStringT | 1 | | atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | Add | 0 | | atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | | atl.cpp:427:11:427:21 | ArrayToBSTR | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | @@ -51,11 +61,25 @@ signatureMatches | atl.cpp:543:11:543:13 | Add | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | | atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 0 | | atl.cpp:545:11:545:13 | Add | (const T &,BOOL) | CComSafeArray | Add | 1 | +| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | | operator+= | 0 | | atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:611:3:611:8 | CPathT | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | | operator+= | 0 | | atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:616:8:616:19 | AddExtension | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:617:8:617:13 | Append | (PCXSTR) | | operator+= | 0 | | atl.cpp:617:8:617:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:617:8:617:13 | Append | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:620:8:620:14 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | +| atl.cpp:620:8:620:14 | Combine | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:620:8:620:14 | Combine | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:620:8:620:14 | Combine | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | | operator+= | 0 | | atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:621:22:621:33 | CommonPrefix | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | | operator+= | 0 | | atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:658:23:658:32 | operator+= | (PCXSTR) | CStringT | operator= | 0 | | atl.cpp:764:8:764:10 | Add | (const deque &,const Allocator &) | deque | deque | 1 | | atl.cpp:764:8:764:10 | Add | (const forward_list &,const Allocator &) | forward_list | forward_list | 1 | | atl.cpp:764:8:764:10 | Add | (const list &,const Allocator &) | list | list | 1 | @@ -93,14 +117,32 @@ signatureMatches | atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | | atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | | atl.cpp:914:3:914:16 | CSimpleStringT | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | +| atl.cpp:914:3:914:16 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:914:3:914:16 | CSimpleStringT | (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 2 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | | atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | | atl.cpp:915:3:915:16 | CSimpleStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:915:3:915:16 | CSimpleStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | | operator+= | 0 | | atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | | atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | +| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CStringT | CStringT | 0 | +| atl.cpp:916:3:916:16 | CSimpleStringT | (const CSimpleStringT &) | CStringT | operator= | 0 | +| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | | operator+= | 0 | | atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | | atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | +| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CStringT | CStringT | 0 | +| atl.cpp:920:8:920:13 | Append | (const CSimpleStringT &) | CStringT | operator= | 0 | | atl.cpp:921:8:921:13 | Append | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:921:8:921:13 | Append | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:921:8:921:13 | Append | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:921:8:921:13 | Append | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:921:8:921:13 | Append | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:922:8:922:13 | Append | (PCXSTR) | | operator+= | 0 | | atl.cpp:922:8:922:13 | Append | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:922:8:922:13 | Append | (PCXSTR) | CStringT | operator= | 0 | | atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | | atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | | atl.cpp:926:15:926:23 | CopyChars | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | @@ -117,27 +159,116 @@ signatureMatches | atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 0 | | atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 1 | | atl.cpp:928:15:928:33 | CopyCharsOverlapped | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| atl.cpp:937:8:937:12 | SetAt | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:937:8:937:12 | SetAt | (int,XCHAR) | CStringT | Insert | 0 | +| atl.cpp:937:8:937:12 | SetAt | (int,XCHAR) | CStringT | Insert | 1 | | atl.cpp:938:8:938:16 | SetString | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:938:8:938:16 | SetString | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:938:8:938:16 | SetString | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:938:8:938:16 | SetString | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:938:8:938:16 | SetString | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | | operator+= | 0 | | atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:939:8:939:16 | SetString | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | | operator+= | 0 | +| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | CStringT | CStringT | 0 | +| atl.cpp:1035:3:1035:10 | CStringT | (const VARIANT &) | CStringT | operator= | 0 | +| atl.cpp:1036:3:1036:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1036:3:1036:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | | atl.cpp:1036:3:1036:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1036:3:1036:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1036:3:1036:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1036:3:1036:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1037:3:1037:10 | CStringT | (const CStringT &) | CStringT | CStringT | 0 | +| atl.cpp:1037:3:1037:10 | CStringT | (const CStringT &) | CStringT | operator= | 0 | +| atl.cpp:1041:3:1041:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1041:3:1041:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1041:3:1041:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | | atl.cpp:1041:3:1041:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1041:3:1041:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1041:3:1041:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:3:1042:10 | CStringT | (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:3:1042:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | +| atl.cpp:1042:3:1042:10 | CStringT | (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | | atl.cpp:1042:3:1042:10 | CStringT | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | +| atl.cpp:1042:3:1042:10 | CStringT | (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1042:3:1042:10 | CStringT | (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | +| atl.cpp:1044:3:1044:10 | CStringT | (char *) | CStringT | CStringT | 0 | +| atl.cpp:1045:3:1045:10 | CStringT | (unsigned char *) | CStringT | CStringT | 0 | +| atl.cpp:1046:3:1046:10 | CStringT | (wchar_t *) | CStringT | CStringT | 0 | | atl.cpp:1048:3:1048:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1048:3:1048:10 | CStringT | (char,int) | CStringT | CStringT | 0 | +| atl.cpp:1048:3:1048:10 | CStringT | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1048:3:1048:10 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1048:3:1048:10 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1048:3:1048:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | | atl.cpp:1049:3:1049:10 | CStringT | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1049:3:1049:10 | CStringT | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:3:1049:10 | CStringT | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:3:1049:10 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 0 | +| atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | | operator+= | 0 | | atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | CStringT | operator= | 0 | | atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | CComBSTR | LoadString | 0 | | atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:1069:7:1069:12 | Insert | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:1069:7:1069:12 | Insert | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:1069:7:1069:12 | Insert | (int,PCXSTR) | CStringT | Insert | 0 | +| atl.cpp:1069:7:1069:12 | Insert | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:1070:7:1070:12 | Insert | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:1070:7:1070:12 | Insert | (int,XCHAR) | CStringT | Insert | 0 | +| atl.cpp:1070:7:1070:12 | Insert | (int,XCHAR) | CStringT | Insert | 1 | | atl.cpp:1074:8:1074:17 | LoadString | (UINT) | CComBSTR | LoadString | 0 | | atl.cpp:1074:8:1074:17 | LoadString | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | | atl.cpp:1078:12:1078:14 | Mid | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| atl.cpp:1078:12:1078:14 | Mid | (char,int) | CStringT | CStringT | 1 | +| atl.cpp:1078:12:1078:14 | Mid | (const XCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1078:12:1078:14 | Mid | (const YCHAR *,int) | CStringT | CStringT | 1 | +| atl.cpp:1078:12:1078:14 | Mid | (wchar_t,int) | CStringT | CStringT | 1 | +| atl.cpp:1080:7:1080:13 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 0 | +| atl.cpp:1080:7:1080:13 | Replace | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | +| atl.cpp:1080:7:1080:13 | Replace | (const CStringT &,PCXSTR) | | operator+ | 1 | +| atl.cpp:1080:7:1080:13 | Replace | (int,PCXSTR) | CStringT | Insert | 1 | +| atl.cpp:1081:7:1081:13 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 0 | +| atl.cpp:1081:7:1081:13 | Replace | (XCHAR,XCHAR) | CStringT | Replace | 1 | +| atl.cpp:1081:7:1081:13 | Replace | (int,XCHAR) | CStringT | Insert | 1 | +| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | | operator+= | 0 | | atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1084:12:1084:24 | SpanExcluding | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | | operator+= | 0 | | atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1085:12:1085:24 | SpanIncluding | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1087:13:1087:16 | Trim | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | | operator+= | 0 | | atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1088:13:1088:16 | Trim | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1090:13:1090:20 | TrimLeft | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | | operator+= | 0 | | atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1091:13:1091:20 | TrimLeft | (PCXSTR) | CStringT | operator= | 0 | +| atl.cpp:1093:13:1093:21 | TrimRight | (XCHAR) | CStringT | operator= | 0 | +| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | | operator+= | 0 | | atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | CSimpleStringT | operator+= | 0 | +| atl.cpp:1094:13:1094:21 | TrimRight | (PCXSTR) | CStringT | operator= | 0 | | constructor_delegation.cpp:10:2:10:8 | MyValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (char,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (const XCHAR *,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (const YCHAR *,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:10:2:10:8 | MyValue | (wchar_t,int) | CStringT | CStringT | 1 | | constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (char,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (const XCHAR *,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (const YCHAR *,int) | CStringT | CStringT | 1 | +| constructor_delegation.cpp:19:2:19:15 | MyDerivedValue | (wchar_t,int) | CStringT | CStringT | 1 | +| map.cpp:8:6:8:9 | sink | (char *) | CStringT | CStringT | 0 | +| set.cpp:8:6:8:9 | sink | (char *) | CStringT | CStringT | 0 | | standalone_iterators.cpp:103:27:103:36 | operator+= | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (char,int) | CStringT | CStringT | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (const XCHAR *,int) | CStringT | CStringT | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (const YCHAR *,int) | CStringT | CStringT | 1 | +| standalone_iterators.cpp:103:27:103:36 | operator+= | (wchar_t,int) | CStringT | CStringT | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 0 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | deque | assign | 1 | | stl.h:182:17:182:22 | assign | (InputIt,InputIt) | forward_list | assign | 0 | @@ -406,22 +537,69 @@ signatureMatches | stl.h:678:33:678:38 | format | (format_string,Args &&) | | format | 1 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 0 | | stl.h:683:6:683:48 | same_signature_as_format_but_different_name | (format_string,Args &&) | | format | 1 | +| string.cpp:20:6:20:9 | sink | (char) | | operator+= | 0 | | string.cpp:20:6:20:9 | sink | (char) | CComBSTR | Append | 0 | | string.cpp:20:6:20:9 | sink | (char) | CSimpleStringT | operator+= | 0 | | taint.cpp:4:6:4:21 | arithAssignments | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:4:6:4:21 | arithAssignments | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:4:6:4:21 | arithAssignments | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:4:6:4:21 | arithAssignments | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:4:6:4:21 | arithAssignments | (wchar_t,int) | CStringT | CStringT | 1 | | taint.cpp:142:5:142:10 | select | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | | taint.cpp:142:5:142:10 | select | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | taint.cpp:190:7:190:12 | memcpy | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | | taint.cpp:190:7:190:12 | memcpy | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | | taint.cpp:249:13:249:13 | _FUN | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | _FUN | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | _FUN | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | _FUN | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | _FUN | (wchar_t,int) | CStringT | CStringT | 1 | | taint.cpp:249:13:249:13 | operator() | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:249:13:249:13 | operator() | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | operator() | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | operator() | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:249:13:249:13 | operator() | (wchar_t,int) | CStringT | CStringT | 1 | | taint.cpp:302:6:302:14 | myAssign2 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:302:6:302:14 | myAssign2 | (wchar_t,int) | CStringT | CStringT | 1 | | taint.cpp:307:6:307:14 | myAssign3 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:307:6:307:14 | myAssign3 | (wchar_t,int) | CStringT | CStringT | 1 | | taint.cpp:312:6:312:14 | myAssign4 | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:312:6:312:14 | myAssign4 | (wchar_t,int) | CStringT | CStringT | 1 | +| taint.cpp:367:6:367:16 | test_strdup | (char *) | CStringT | CStringT | 0 | +| taint.cpp:387:6:387:16 | test_wcsdup | (wchar_t *) | CStringT | CStringT | 0 | +| taint.cpp:397:6:397:17 | test_strdupa | (char *) | CStringT | CStringT | 0 | +| taint.cpp:514:6:514:16 | test_strtok | (char *) | CStringT | CStringT | 0 | | taint.cpp:523:7:523:13 | _strset | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| taint.cpp:523:7:523:13 | _strset | (char,int) | CStringT | CStringT | 1 | +| taint.cpp:523:7:523:13 | _strset | (const XCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:523:7:523:13 | _strset | (const YCHAR *,int) | CStringT | CStringT | 1 | +| taint.cpp:523:7:523:13 | _strset | (wchar_t,int) | CStringT | CStringT | 1 | +| taint.cpp:525:6:525:18 | test_strset_1 | (const CStringT &,char) | | operator+ | 1 | +| taint.cpp:531:6:531:18 | test_strset_2 | (char *) | CStringT | CStringT | 0 | +| taint.cpp:591:6:591:16 | test_strsep | (char *) | CStringT | CStringT | 0 | +| taint.cpp:603:16:603:22 | _mbsinc | (const unsigned char *) | CStringT | CStringT | 0 | +| taint.cpp:603:16:603:22 | _mbsinc | (const unsigned char *) | CStringT | operator= | 0 | +| taint.cpp:665:6:665:25 | test_no_const_member | (char *) | CStringT | CStringT | 0 | +| taint.cpp:677:6:677:27 | test_with_const_member | (char *) | CStringT | CStringT | 0 | | taint.cpp:725:10:725:15 | strtol | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | | taint.cpp:725:10:725:15 | strtol | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyCharsOverlapped | 2 | +| taint.cpp:727:6:727:16 | test_strtol | (char *) | CStringT | CStringT | 0 | +| taint.cpp:785:6:785:15 | fopen_test | (char *) | CStringT | CStringT | 0 | | vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (LPCOLESTR,int) | CComBSTR | Append | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (char,int) | CStringT | CStringT | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (const XCHAR *,int) | CStringT | CStringT | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (const YCHAR *,int) | CStringT | CStringT | 1 | +| vector.cpp:333:6:333:35 | vector_iterator_assign_wrapper | (wchar_t,int) | CStringT | CStringT | 1 | +| vector.cpp:417:6:417:25 | test_vector_inserter | (char *) | CStringT | CStringT | 0 | getSignatureParameterName | (CAtlFile &) | CAtlFile | CAtlFile | 0 | CAtlFile & | | (CComBSTR &&) | CComBSTR | CComBSTR | 0 | CComBSTR && | @@ -458,19 +636,43 @@ getSignatureParameterName | (LPCOLESTR,int) | CComBSTR | Append | 1 | int | | (LPCSTR) | CComBSTR | Append | 0 | LPCSTR | | (LPCSTR) | CComBSTR | CComBSTR | 0 | LPCSTR | +| (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | LPCSTR | +| (LPCSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | IAtlStringMgr * | | (LPCTSTR) | _U_STRINGorID | _U_STRINGorID | 0 | LPCTSTR | | (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 0 | LPCTSTR | | (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 1 | DWORD * | | (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 2 | void * | | (LPCTSTR,DWORD *,void *,ULONG *) | CRegKey | QueryValue | 3 | ULONG * | +| (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 0 | LPCWSTR | +| (LPCWSTR,IAtlStringMgr *) | CStringT | CStringT | 1 | IAtlStringMgr * | | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 0 | LPTSTR | | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 1 | LPCTSTR | | (LPTSTR,LPCTSTR,DWORD *) | CRegKey | QueryValue | 2 | DWORD * | +| (PCXSTR) | | operator+= | 0 | PCXSTR | | (PCXSTR) | CSimpleStringT | operator+= | 0 | PCXSTR | +| (PCXSTR) | CStringT | operator= | 0 | PCXSTR | +| (PCXSTR,...) | CStringT | AppendFormat | 0 | PCXSTR | +| (PCXSTR,...) | CStringT | AppendFormat | 1 | ... | +| (PCXSTR,...) | CStringT | Format | 0 | PCXSTR | +| (PCXSTR,...) | CStringT | Format | 1 | ... | +| (PCXSTR,...) | CStringT | FormatMessage | 0 | PCXSTR | +| (PCXSTR,...) | CStringT | FormatMessage | 1 | ... | | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | PCXSTR | | (PCXSTR,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | IAtlStringMgr * | +| (PCXSTR,PCXSTR) | CStringT | Replace | 0 | PCXSTR | +| (PCXSTR,PCXSTR) | CStringT | Replace | 1 | PCXSTR | +| (PCXSTR,const CStringT &) | | operator+ | 0 | PCXSTR | +| (PCXSTR,const CStringT &) | | operator+ | 1 | const CStringT & | +| (PCYSTR) | | operator+= | 0 | PCYSTR | +| (PCYSTR) | CStringT | operator= | 0 | PCYSTR | | (UINT) | CComBSTR | LoadString | 0 | UINT | | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | UINT | +| (UINT,...) | CStringT | AppendFormat | 0 | UINT | +| (UINT,...) | CStringT | AppendFormat | 1 | ... | +| (UINT,...) | CStringT | Format | 0 | UINT | +| (UINT,...) | CStringT | Format | 1 | ... | +| (UINT,...) | CStringT | FormatMessage | 0 | UINT | +| (UINT,...) | CStringT | FormatMessage | 1 | ... | | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 0 | XCHAR * | | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | const XCHAR * | | (XCHAR *,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | int | @@ -481,24 +683,65 @@ getSignatureParameterName | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 1 | size_t | | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 2 | const XCHAR * | | (XCHAR *,size_t,const XCHAR *,int) | CSimpleStringT | CopyChars | 3 | int | +| (XCHAR) | CStringT | operator= | 0 | XCHAR | +| (XCHAR,XCHAR) | CStringT | Replace | 0 | XCHAR | +| (XCHAR,XCHAR) | CStringT | Replace | 1 | XCHAR | +| (YCHAR) | CStringT | operator= | 0 | YCHAR | +| (char *) | CStringT | CStringT | 0 | char * | +| (char) | | operator+= | 0 | char | | (char) | CComBSTR | Append | 0 | char | | (char) | CSimpleStringT | operator+= | 0 | char | +| (char,const CStringT &) | | operator+ | 0 | char | +| (char,const CStringT &) | | operator+ | 1 | const CStringT & | +| (char,int) | CStringT | CStringT | 0 | char | +| (char,int) | CStringT | CStringT | 1 | int | | (const CComBSTR &) | CComBSTR | Append | 0 | const CComBSTR & | | (const CComBSTR &) | CComBSTR | CComBSTR | 0 | const CComBSTR & | | (const CComSafeArray &) | CComSafeArray | CComSafeArray | 0 | const CComSafeArray & | | (const CComSafeArray &) | CComSafeArray | operator= | 0 | const CComSafeArray & | +| (const CSimpleStringT &) | | operator+= | 0 | const CSimpleStringT & | | (const CSimpleStringT &) | CSimpleStringT | CSimpleStringT | 0 | const CSimpleStringT & | | (const CSimpleStringT &) | CSimpleStringT | operator+= | 0 | const CSimpleStringT & | +| (const CSimpleStringT &) | CStringT | CStringT | 0 | const CSimpleStringT & | +| (const CSimpleStringT &) | CStringT | operator= | 0 | const CSimpleStringT & | +| (const CStaticString &) | | operator+= | 0 | const CStaticString & | | (const CStaticString &) | CSimpleStringT | operator+= | 0 | const CStaticString & | +| (const CStringT &) | CStringT | CStringT | 0 | const CStringT & | +| (const CStringT &) | CStringT | operator= | 0 | const CStringT & | +| (const CStringT &,PCXSTR) | | operator+ | 0 | const CStringT & | +| (const CStringT &,PCXSTR) | | operator+ | 1 | PCXSTR | +| (const CStringT &,char) | | operator+ | 0 | const CStringT & | +| (const CStringT &,char) | | operator+ | 1 | char | +| (const CStringT &,const CStringT &) | | operator+ | 0 | const CStringT & | +| (const CStringT &,const CStringT &) | | operator+ | 1 | const CStringT & | +| (const CStringT &,wchar_t) | | operator+ | 0 | const CStringT & | +| (const CStringT &,wchar_t) | | operator+ | 1 | wchar_t | | (const SAFEARRAY &) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY & | | (const SAFEARRAY *) | CComSafeArray | Add | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | CComSafeArray | 0 | const SAFEARRAY * | | (const SAFEARRAY *) | CComSafeArray | operator= | 0 | const SAFEARRAY * | | (const T &,BOOL) | CComSafeArray | Add | 0 | const class:0 & | | (const T &,BOOL) | CComSafeArray | Add | 1 | BOOL | +| (const VARIANT &) | | operator+= | 0 | const VARIANT & | +| (const VARIANT &) | CStringT | CStringT | 0 | const VARIANT & | +| (const VARIANT &) | CStringT | operator= | 0 | const VARIANT & | +| (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 0 | const VARIANT & | +| (const VARIANT &,IAtlStringMgr *) | CStringT | CStringT | 1 | IAtlStringMgr * | +| (const XCHAR *) | CStringT | CStringT | 0 | const XCHAR * | +| (const XCHAR *,int) | CStringT | CStringT | 0 | const XCHAR * | +| (const XCHAR *,int) | CStringT | CStringT | 1 | int | +| (const XCHAR *,int,AtlStringMgr *) | CStringT | CStringT | 0 | const XCHAR * | +| (const XCHAR *,int,AtlStringMgr *) | CStringT | CStringT | 1 | int | +| (const XCHAR *,int,AtlStringMgr *) | CStringT | CStringT | 2 | AtlStringMgr * | | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 0 | const XCHAR * | | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 1 | int | | (const XCHAR *,int,IAtlStringMgr *) | CSimpleStringT | CSimpleStringT | 2 | IAtlStringMgr * | +| (const YCHAR *) | CStringT | CStringT | 0 | const YCHAR * | +| (const YCHAR *,int) | CStringT | CStringT | 0 | const YCHAR * | +| (const YCHAR *,int) | CStringT | CStringT | 1 | int | +| (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 0 | const YCHAR * | +| (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 1 | int | +| (const YCHAR *,int,IAtlStringMgr *) | CStringT | CStringT | 2 | IAtlStringMgr * | | (const deque &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 0 | const deque & | | (const deque &,const Allocator &) | deque | deque | 1 | const class:1 & | @@ -508,6 +751,10 @@ getSignatureParameterName | (const list &) | list | list | 0 | const list & | | (const list &,const Allocator &) | list | list | 0 | const list & | | (const list &,const Allocator &) | list | list | 1 | const class:1 & | +| (const unsigned char *) | CStringT | CStringT | 0 | const unsigned char * | +| (const unsigned char *) | CStringT | operator= | 0 | const unsigned char * | +| (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 0 | const unsigned char * | +| (const unsigned char *,IAtlStringMgr *) | CStringT | CStringT | 1 | IAtlStringMgr * | | (const vector &) | vector | vector | 0 | const vector & | | (const vector &,const Allocator &) | vector | vector | 0 | const vector & | | (const vector &,const Allocator &) | vector | vector | 1 | const class:1 & | @@ -563,6 +810,10 @@ getSignatureParameterName | (int,LPCOLESTR) | CComBSTR | CComBSTR | 1 | LPCOLESTR | | (int,LPCSTR) | CComBSTR | CComBSTR | 0 | int | | (int,LPCSTR) | CComBSTR | CComBSTR | 1 | LPCSTR | +| (int,PCXSTR) | CStringT | Insert | 0 | int | +| (int,PCXSTR) | CStringT | Insert | 1 | PCXSTR | +| (int,XCHAR) | CStringT | Insert | 0 | int | +| (int,XCHAR) | CStringT | Insert | 1 | XCHAR | | (list &&) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 0 | list && | | (list &&,const Allocator &) | list | list | 1 | const class:1 & | @@ -586,12 +837,22 @@ getSignatureParameterName | (size_type,const T &,const Allocator &) | vector | vector | 0 | size_type | | (size_type,const T &,const Allocator &) | vector | vector | 1 | const class:0 & | | (size_type,const T &,const Allocator &) | vector | vector | 2 | const class:1 & | +| (unsigned char *) | CStringT | CStringT | 0 | unsigned char * | +| (unsigned char) | | operator+= | 0 | unsigned char | | (unsigned char) | CSimpleStringT | operator+= | 0 | unsigned char | | (vector &&) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 0 | vector && | | (vector &&,const Allocator &) | vector | vector | 1 | const class:1 & | +| (wchar_t *) | CStringT | CStringT | 0 | wchar_t * | +| (wchar_t) | | operator+= | 0 | wchar_t | | (wchar_t) | CComBSTR | Append | 0 | wchar_t | | (wchar_t) | CSimpleStringT | operator+= | 0 | wchar_t | +| (wchar_t, const CStringT &) | | operator+ | 0 | wchar_t | +| (wchar_t, const CStringT &) | | operator+ | 1 | const CStringT & | +| (wchar_t,const CStringT &) | | operator+ | 0 | wchar_t | +| (wchar_t,const CStringT &) | | operator+ | 1 | const CStringT & | +| (wchar_t,int) | CStringT | CStringT | 0 | wchar_t | +| (wchar_t,int) | CStringT | CStringT | 1 | int | getParameterTypeName | arrayassignment.cpp:3:6:3:9 | sink | 0 | int | | arrayassignment.cpp:4:6:4:9 | sink | 0 | MyInt | From c5bb907fe07ca9f06bfe3054bb47bf731a82bff6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:23:01 +0000 Subject: [PATCH 06/16] C++: Also handle varargs in MaD parsing. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 4 +++ .../dataflow/taint-tests/atl.cpp | 10 +++--- .../taint-tests/test_mad-signatures.expected | 33 ++++++++++++++++--- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index d234dbc8e3ab..0b6c8fe7ecf4 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -491,6 +491,10 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n) { parseAngles(s, base, _, specifiers) and result = base + specifiers ) + or + f.isVarargs() and + n = f.getNumberOfParameters() and + result = "..." } /** diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index a20d0b1b899e..af3f7add0e8e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1140,23 +1140,23 @@ void test_CStringT() { CStringT s11; s11.AppendFormat("%d", source()); - sink(s11.GetString()); // $ MISSING: ir + sink(s11.GetString()); // $ ir CStringT s12; s12.AppendFormat(indirect_source()); - sink(s12.GetString()); // $ MISSING: ir + sink(s12.GetString()); // $ ir CStringT s13; s13.AppendFormat(source()); - sink(s13.GetString()); // $ MISSING: ir + sink(s13.GetString()); // $ ir CStringT s14; s14.AppendFormat(42, source()); - sink(s14.GetString()); // $ MISSING: ir + sink(s14.GetString()); // $ ir CStringT s15; s15.AppendFormat(42, source()); - sink(s15.GetString()); // $ MISSING: ir + sink(s15.GetString()); // $ ir CStringT s16; s16.AppendFormat("%s", indirect_source()); diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index a890610c695c..e24b4d8cd80e 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -208,11 +208,24 @@ signatureMatches | atl.cpp:1049:3:1049:10 | CStringT | (const YCHAR *,int) | CStringT | CStringT | 1 | | atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 0 | | atl.cpp:1049:3:1049:10 | CStringT | (wchar_t,int) | CStringT | CStringT | 1 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | | operator+= | 0 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | CSimpleStringT | operator+= | 0 | -| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR) | CStringT | operator= | 0 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | CComBSTR | LoadString | 0 | -| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT) | _U_STRINGorID | _U_STRINGorID | 0 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 0 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 0 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 0 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | Format | 1 | +| atl.cpp:1060:8:1060:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | Format | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (PCXSTR,...) | CStringT | FormatMessage | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 0 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | AppendFormat | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | Format | 0 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | Format | 1 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 0 | +| atl.cpp:1061:8:1061:19 | AppendFormat | (UINT,...) | CStringT | FormatMessage | 1 | | atl.cpp:1069:7:1069:12 | Insert | (PCXSTR,PCXSTR) | CStringT | Replace | 1 | | atl.cpp:1069:7:1069:12 | Insert | (const CStringT &,PCXSTR) | | operator+ | 1 | | atl.cpp:1069:7:1069:12 | Insert | (int,PCXSTR) | CStringT | Insert | 0 | @@ -867,6 +880,7 @@ getParameterTypeName | arrayassignment.cpp:88:7:88:9 | get | 0 | int | | arrayassignment.cpp:90:7:90:16 | operator[] | 0 | int | | arrayassignment.cpp:124:6:124:9 | sink | 0 | int * | +| atl.cpp:4:8:4:11 | sink | 0 | ... | | atl.cpp:29:8:29:8 | operator= | 0 | __POSITION && | | atl.cpp:29:8:29:8 | operator= | 0 | const __POSITION & | | atl.cpp:51:16:51:16 | operator= | 0 | const tagSAFEARRAYBOUND & | @@ -1059,7 +1073,9 @@ getParameterTypeName | atl.cpp:1049:3:1049:10 | CStringT | 0 | wchar_t | | atl.cpp:1049:3:1049:10 | CStringT | 1 | int | | atl.cpp:1060:8:1060:19 | AppendFormat | 0 | PCXSTR | +| atl.cpp:1060:8:1060:19 | AppendFormat | 1 | ... | | atl.cpp:1061:8:1061:19 | AppendFormat | 0 | UINT | +| atl.cpp:1061:8:1061:19 | AppendFormat | 1 | ... | | atl.cpp:1069:7:1069:12 | Insert | 0 | int | | atl.cpp:1069:7:1069:12 | Insert | 1 | PCXSTR | | atl.cpp:1070:7:1070:12 | Insert | 0 | int | @@ -1123,11 +1139,14 @@ getParameterTypeName | format.cpp:5:5:5:12 | snprintf | 0 | char * | | format.cpp:5:5:5:12 | snprintf | 1 | size_t | | format.cpp:5:5:5:12 | snprintf | 2 | const char * | +| format.cpp:5:5:5:12 | snprintf | 3 | ... | | format.cpp:6:5:6:11 | sprintf | 0 | char * | | format.cpp:6:5:6:11 | sprintf | 1 | const char * | +| format.cpp:6:5:6:11 | sprintf | 2 | ... | | format.cpp:7:5:7:12 | swprintf | 0 | wchar_t * | | format.cpp:7:5:7:12 | swprintf | 1 | size_t | | format.cpp:7:5:7:12 | swprintf | 2 | const wchar_t * | +| format.cpp:7:5:7:12 | swprintf | 3 | ... | | format.cpp:14:5:14:13 | vsnprintf | 0 | char * | | format.cpp:14:5:14:13 | vsnprintf | 1 | size_t | | format.cpp:14:5:14:13 | vsnprintf | 2 | const char * | @@ -1135,8 +1154,10 @@ getParameterTypeName | format.cpp:16:5:16:13 | mysprintf | 0 | char * | | format.cpp:16:5:16:13 | mysprintf | 1 | size_t | | format.cpp:16:5:16:13 | mysprintf | 2 | const char * | +| format.cpp:16:5:16:13 | mysprintf | 3 | ... | | format.cpp:28:5:28:10 | sscanf | 0 | const char * | | format.cpp:28:5:28:10 | sscanf | 1 | const char * | +| format.cpp:28:5:28:10 | sscanf | 2 | ... | | format.cpp:142:8:142:13 | strlen | 0 | const char * | | format.cpp:143:8:143:13 | wcslen | 0 | const wchar_t * | | format.cpp:169:6:169:9 | test | 0 | format_string | @@ -1151,6 +1172,7 @@ getParameterTypeName | map.cpp:16:6:16:9 | sink | 0 | unordered_map, hash, equal_to, allocator>>> | | map.cpp:17:6:17:9 | sink | 0 | iterator | | map.cpp:442:7:442:19 | indirect_sink | 0 | int * | +| movableclass.cpp:3:6:3:9 | sink | 0 | ... | | movableclass.cpp:5:7:5:7 | MyMovableClass | 0 | const MyMovableClass & | | movableclass.cpp:5:7:5:7 | operator= | 0 | const MyMovableClass & | | movableclass.cpp:8:2:8:15 | MyMovableClass | 0 | int | @@ -1788,6 +1810,7 @@ getParameterTypeName | taint.cpp:751:9:751:9 | operator= | 0 | const A & | | taint.cpp:758:5:758:11 | sprintf | 0 | char * | | taint.cpp:758:5:758:11 | sprintf | 1 | const char * | +| taint.cpp:758:5:758:11 | sprintf | 2 | ... | | taint.cpp:760:6:760:23 | call_sprintf_twice | 0 | char * | | taint.cpp:760:6:760:23 | call_sprintf_twice | 1 | char * | | taint.cpp:771:8:771:8 | operator= | 0 | TaintInheritingContentObject && | From 64464b39c628e466a5a3839ce44e12e3c66312df Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:26:48 +0000 Subject: [PATCH 07/16] C++: Add tests for a few string-related classes. --- .../dataflow/taint-tests/atl.cpp | 30 +++++++++++++++++++ .../dataflow/taint-tests/localTaint.expected | 7 +++++ .../taint-tests/test_mad-signatures.expected | 5 ++++ 3 files changed, 42 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index af3f7add0e8e..ab85e39f5a74 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1210,3 +1210,33 @@ void test_CStringT() { sink(s1.TrimRight("abc").GetString()); // $ ir sink(s1.TrimRight().GetString()); // $ ir } + +struct CStringData { + void* data() throw(); +}; + +void test_CStringData() { + CStringData d = source(); + sink(d.data()); // $ MISSING: ir +} + +template +struct CStrBufT { + typedef CSimpleStringT StringType; + + using PCXSTR = typename StringType::PCXSTR; + using PXSTR = typename StringType::PXSTR; + + CStrBufT(StringType& str, int nMinLength, DWORD dwFlags); + CStrBufT(StringType& str); + + operator PCXSTR() const throw(); + operator PXSTR() throw(); +}; + +void test_CStrBufT() { + CStringT s = source>(); + CStrBufT b(s, 42, 0); + sink(static_cast::PCXSTR>(b)); // $ MISSING: ir + sink(static_cast::PXSTR>(b)); // $ MISSING: ir +} \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 7d032aef8f9f..006695a2adbf 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -1293,6 +1293,13 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1211:8:1211:9 | s1 | | | atl.cpp:1210:8:1210:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | | atl.cpp:1211:8:1211:9 | ref arg s1 | atl.cpp:1212:1:1212:1 | s1 | | +| atl.cpp:1219:19:1219:37 | call to source | atl.cpp:1220:8:1220:8 | d | | +| atl.cpp:1238:22:1238:43 | call to source | atl.cpp:1239:20:1239:20 | s | | +| atl.cpp:1238:22:1238:43 | call to source | atl.cpp:1242:1:1242:1 | s | | +| atl.cpp:1239:20:1239:20 | ref arg s | atl.cpp:1242:1:1242:1 | s | | +| atl.cpp:1239:20:1239:28 | call to CStrBufT | atl.cpp:1240:44:1240:44 | b | | +| atl.cpp:1239:20:1239:28 | call to CStrBufT | atl.cpp:1241:43:1241:43 | b | | +| atl.cpp:1240:44:1240:44 | ref arg b | atl.cpp:1241:43:1241:43 | b | | | bsd.cpp:17:11:17:16 | call to source | bsd.cpp:20:18:20:18 | s | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:20:22:20:25 | addr | | | bsd.cpp:18:12:18:15 | addr | bsd.cpp:23:8:23:11 | addr | | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected index e24b4d8cd80e..06107b709b25 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/test_mad-signatures.expected @@ -1100,6 +1100,11 @@ getParameterTypeName | atl.cpp:1091:13:1091:20 | TrimLeft | 0 | PCXSTR | | atl.cpp:1093:13:1093:21 | TrimRight | 0 | XCHAR | | atl.cpp:1094:13:1094:21 | TrimRight | 0 | PCXSTR | +| atl.cpp:1214:8:1214:8 | operator= | 0 | CStringData && | +| atl.cpp:1214:8:1214:8 | operator= | 0 | const CStringData & | +| atl.cpp:1230:3:1230:10 | CStrBufT | 0 | StringType & | +| atl.cpp:1230:3:1230:10 | CStrBufT | 1 | int | +| atl.cpp:1230:3:1230:10 | CStrBufT | 2 | DWORD | | bsd.cpp:6:8:6:8 | operator= | 0 | const sockaddr & | | bsd.cpp:6:8:6:8 | operator= | 0 | sockaddr && | | bsd.cpp:12:5:12:10 | accept | 0 | int | From 0acef590b15c0415cdb287072f3b480675bf5a21 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 10 Dec 2024 18:28:49 +0000 Subject: [PATCH 08/16] C++: Add more MaD models. --- cpp/ql/lib/ext/CStrBufT.model.yml | 8 ++++++++ cpp/ql/lib/ext/CStringData.model.yml | 6 ++++++ .../dataflow/external-models/flow.expected | 10 +++++----- .../dataflow/external-models/validatemodels.expected | 1 + cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 6 +++--- 5 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 cpp/ql/lib/ext/CStrBufT.model.yml create mode 100644 cpp/ql/lib/ext/CStringData.model.yml diff --git a/cpp/ql/lib/ext/CStrBufT.model.yml b/cpp/ql/lib/ext/CStrBufT.model.yml new file mode 100644 index 000000000000..a8abace32e60 --- /dev/null +++ b/cpp/ql/lib/ext/CStrBufT.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: + - ["", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CStringData.model.yml b/cpp/ql/lib/ext/CStringData.model.yml new file mode 100644 index 000000000000..6cf0d610cb7a --- /dev/null +++ b/cpp/ql/lib/ext/CStringData.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/cpp-all + extensible: summaryModel + data: + - ["", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index 4090e60b7695..c370e57bc13b 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -10,14 +10,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:950 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:948 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:949 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:954 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:952 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:953 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:949 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:953 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:950 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:954 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected index 85793f40aee0..718cf020c4d0 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected @@ -5,6 +5,7 @@ | Dubious member name "operator LPSTR" in summary model. | | Dubious member name "operator LPWSTR" in summary model. | | Dubious member name "operator PCXSTR" in summary model. | +| Dubious member name "operator PXSTR" in summary model. | | Dubious member name "operator&" in summary model. | | Dubious member name "operator*" in summary model. | | Dubious member name "operator+" in summary model. | diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index ab85e39f5a74..29109ca7283f 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1217,7 +1217,7 @@ struct CStringData { void test_CStringData() { CStringData d = source(); - sink(d.data()); // $ MISSING: ir + sink(d.data()); // $ ir } template @@ -1237,6 +1237,6 @@ struct CStrBufT { void test_CStrBufT() { CStringT s = source>(); CStrBufT b(s, 42, 0); - sink(static_cast::PCXSTR>(b)); // $ MISSING: ir - sink(static_cast::PXSTR>(b)); // $ MISSING: ir + sink(static_cast::PCXSTR>(b)); // $ ir + sink(static_cast::PXSTR>(b)); // $ ir } \ No newline at end of file From e7773770fa93033e4a9d73e70e9e7a4256faff2e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Mon, 23 Dec 2024 11:55:45 +0100 Subject: [PATCH 09/16] C++: Fix missing return value flow out of 'operator=' in lots of MaD models. --- cpp/ql/lib/ext/CAtlFileMappingBase.model.yml | 1 + cpp/ql/lib/ext/CSimpleMap.model.yml | 3 ++- cpp/ql/lib/ext/CSimpleStringT.model.yml | 1 + cpp/ql/lib/ext/CUrl.model.yml | 3 ++- cpp/ql/lib/ext/bsl.deque.model.yml | 1 + cpp/ql/lib/ext/bsl.forward_list.model.yml | 1 + cpp/ql/lib/ext/bsl.list.model.yml | 1 + cpp/ql/lib/ext/bsl.vector.model.yml | 1 + cpp/ql/lib/ext/std.deque.model.yml | 1 + cpp/ql/lib/ext/std.forward_list.model.yml | 1 + cpp/ql/lib/ext/std.list.model.yml | 1 + cpp/ql/lib/ext/std.vector.model.yml | 1 + .../dataflow/external-models/flow.expected | 10 +++++----- 13 files changed, 19 insertions(+), 7 deletions(-) diff --git a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml index dcf9fd6ca70d..e8ccc9b2fd3b 100644 --- a/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml +++ b/cpp/ql/lib/ext/CAtlFileMappingBase.model.yml @@ -11,3 +11,4 @@ extensions: - ["", "CAtlFileMappingBase", True, "MapSharedMem", "", "", "Argument[*1]", "Argument[-1]", "taint", "manual"] - ["", "CAtlFileMappingBase", True, "OpenMapping", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CAtlFileMappingBase", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] diff --git a/cpp/ql/lib/ext/CSimpleMap.model.yml b/cpp/ql/lib/ext/CSimpleMap.model.yml index 814e814228ed..1d9422a05611 100644 --- a/cpp/ql/lib/ext/CSimpleMap.model.yml +++ b/cpp/ql/lib/ext/CSimpleMap.model.yml @@ -9,4 +9,5 @@ extensions: - ["", "CSimpleMap", True, "SetAt", "", "", "Argument[*@1]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CSimpleMap", True, "SetAtIndex", "", "", "Argument[*@2]", "Argument[-1].Element[@]", "value", "manual"] - ["", "CSimpleMap", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] \ No newline at end of file + - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["", "CSimpleMap", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml index 820f375e791a..c5425cdc328f 100644 --- a/cpp/ql/lib/ext/CSimpleStringT.model.yml +++ b/cpp/ql/lib/ext/CSimpleStringT.model.yml @@ -36,6 +36,7 @@ extensions: - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "ReturnValue[*]", "taint", "manual"] - ["", "CSimpleStringT", True, "operator+=", "(wchar_t)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CSimpleStringT", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] - ["", "CSimpleStringT", True, "GetAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["", "CSimpleStringT", True, "GetBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CSimpleStringT", True, "GetBufferSetLength", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/CUrl.model.yml b/cpp/ql/lib/ext/CUrl.model.yml index 3a4f8fe2ff5a..db51b205d4b5 100644 --- a/cpp/ql/lib/ext/CUrl.model.yml +++ b/cpp/ql/lib/ext/CUrl.model.yml @@ -18,4 +18,5 @@ extensions: - ["", "CUrl", True, "SetSchemeName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CUrl", True, "SetUrlPath", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CUrl", True, "SetUserName", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] \ No newline at end of file + - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CUrl", True, "operator=", "", "", "Argument[*0]", "ReturnValue[*]", "value", "manual"] \ No newline at end of file diff --git a/cpp/ql/lib/ext/bsl.deque.model.yml b/cpp/ql/lib/ext/bsl.deque.model.yml index 54ac89da5111..cbdd57c97782 100644 --- a/cpp/ql/lib/ext/bsl.deque.model.yml +++ b/cpp/ql/lib/ext/bsl.deque.model.yml @@ -53,6 +53,7 @@ extensions: - ["bsl", "deque", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "deque", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["bsl", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["bsl", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["bsl", "deque", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["bsl", "deque", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "deque", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/bsl.forward_list.model.yml b/cpp/ql/lib/ext/bsl.forward_list.model.yml index 0f34f944626f..51ac4a157ad6 100644 --- a/cpp/ql/lib/ext/bsl.forward_list.model.yml +++ b/cpp/ql/lib/ext/bsl.forward_list.model.yml @@ -40,6 +40,7 @@ extensions: - ["bsl", "forward_list", True, "insert_after", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "forward_list", True, "insert_after", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["bsl", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["bsl", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["bsl", "forward_list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "forward_list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["bsl", "forward_list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/bsl.list.model.yml b/cpp/ql/lib/ext/bsl.list.model.yml index f4bc683db9f9..fcc1929ccac5 100644 --- a/cpp/ql/lib/ext/bsl.list.model.yml +++ b/cpp/ql/lib/ext/bsl.list.model.yml @@ -52,6 +52,7 @@ extensions: - ["bsl", "list", True, "list", "(const list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "list", True, "list", "(list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["bsl", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["bsl", "list", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/bsl.vector.model.yml b/cpp/ql/lib/ext/bsl.vector.model.yml index dc1c44ab0bea..88351b2950f9 100644 --- a/cpp/ql/lib/ext/bsl.vector.model.yml +++ b/cpp/ql/lib/ext/bsl.vector.model.yml @@ -39,6 +39,7 @@ extensions: - ["bsl", "vector", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "vector", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["bsl", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["bsl", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["bsl", "vector", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["bsl", "vector", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["bsl", "vector", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/std.deque.model.yml b/cpp/ql/lib/ext/std.deque.model.yml index e630f224192d..f1701311e75c 100644 --- a/cpp/ql/lib/ext/std.deque.model.yml +++ b/cpp/ql/lib/ext/std.deque.model.yml @@ -53,6 +53,7 @@ extensions: - ["std", "deque", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "deque", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["std", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["std", "deque", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["std", "deque", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["std", "deque", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "deque", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/std.forward_list.model.yml b/cpp/ql/lib/ext/std.forward_list.model.yml index 7d0e560a6d7e..80c0d402f23e 100644 --- a/cpp/ql/lib/ext/std.forward_list.model.yml +++ b/cpp/ql/lib/ext/std.forward_list.model.yml @@ -40,6 +40,7 @@ extensions: - ["std", "forward_list", True, "insert_after", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "forward_list", True, "insert_after", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["std", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["std", "forward_list", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["std", "forward_list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "forward_list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["std", "forward_list", True, "rcbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/std.list.model.yml b/cpp/ql/lib/ext/std.list.model.yml index d9ed194fe1e9..c25ac778ce0b 100644 --- a/cpp/ql/lib/ext/std.list.model.yml +++ b/cpp/ql/lib/ext/std.list.model.yml @@ -52,6 +52,7 @@ extensions: - ["std", "list", True, "list", "(const list &)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "list", True, "list", "(list &&)", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["std", "list", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["std", "list", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "list", True, "push_front", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "list", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/lib/ext/std.vector.model.yml b/cpp/ql/lib/ext/std.vector.model.yml index 0c8a82eca415..71d5aafb5f66 100644 --- a/cpp/ql/lib/ext/std.vector.model.yml +++ b/cpp/ql/lib/ext/std.vector.model.yml @@ -39,6 +39,7 @@ extensions: - ["std", "vector", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "vector", True, "insert", "(const_iterator,InputIt,InputIt)", "", "Argument[1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] - ["std", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "Argument[-1].Element[@]", "value", "manual"] + - ["std", "vector", True, "operator=", "", "", "Argument[*0].Element[@]", "ReturnValue[*].Element[@]", "value", "manual"] - ["std", "vector", True, "operator[]", "", "", "Argument[-1].Element[@]", "ReturnValue[*@]", "value", "manual"] - ["std", "vector", True, "push_back", "", "", "Argument[*@0]", "Argument[-1].Element[@]", "value", "manual"] - ["std", "vector", True, "rbegin", "", "", "Argument[-1].Element[@]", "ReturnValue.Element[@]", "value", "manual"] diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected index c370e57bc13b..eb58dc0a9c77 100644 --- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected +++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected @@ -10,14 +10,14 @@ edges | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | | | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 | -| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:954 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:952 | -| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:953 | +| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:966 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:964 | +| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:965 | | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance | | | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance | | -| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:953 | +| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:965 | | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance | | -| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:954 | +| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:966 | nodes | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer | | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer | From 71ca9412b02c0415425029a51c937adbf4ad5267 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 14:16:31 +0000 Subject: [PATCH 10/16] Update cpp/ql/lib/ext/CSimpleStringT.model.yml Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com> --- cpp/ql/lib/ext/CSimpleStringT.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml index c5425cdc328f..1fa1bebe4e1f 100644 --- a/cpp/ql/lib/ext/CSimpleStringT.model.yml +++ b/cpp/ql/lib/ext/CSimpleStringT.model.yml @@ -12,7 +12,7 @@ extensions: - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "value", "manual"] - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"] - ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - - ["", "CSimpleStringT", True, "LockString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] + - ["", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - ["", "CSimpleStringT", True, "SetString", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CSimpleStringT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] From 052b6f6ec4ce14eaf8b26e6694ff25311be32959 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:22:10 +0100 Subject: [PATCH 11/16] C++: Accept test changes. --- cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 29109ca7283f..b4a0e03b990b 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -991,7 +991,7 @@ void test_CSimpleStringT() { sink(s4.GetBuffer()); // $ ir sink(s4.GetBufferSetLength(10)); // $ ir - sink(s4.LockBuffer()); + sink(s4.LockBuffer()); // $ ir CSimpleStringT s7; s7.SetAt(0, source()); From b8e54627f4dee0f12e2a7caf8d073cd6f0a2501e Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:22:42 +0100 Subject: [PATCH 12/16] C++: Make some of the string models taint instead of value-preserving. --- cpp/ql/lib/ext/CSimpleStringT.model.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cpp/ql/lib/ext/CSimpleStringT.model.yml b/cpp/ql/lib/ext/CSimpleStringT.model.yml index 1fa1bebe4e1f..9902e5b60007 100644 --- a/cpp/ql/lib/ext/CSimpleStringT.model.yml +++ b/cpp/ql/lib/ext/CSimpleStringT.model.yml @@ -8,9 +8,9 @@ extensions: - ["", "CSimpleStringT", True, "CSimpleStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CSimpleStringT", True, "Append", "", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - ["", "CSimpleStringT", True, "AppendChar", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"] - - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "value", "manual"] - - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "value", "manual"] + - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] + - ["", "CSimpleStringT", True, "CopyChars", "(XCHAR *,size_t,const XCHAR *,int)", "", "Argument[*2]", "Argument[*0]", "taint", "manual"] + - ["", "CSimpleStringT", True, "CopyCharsOverlapped", "(XCHAR *,const XCHAR *,int)", "", "Argument[*1]", "Argument[*0]", "taint", "manual"] - ["", "CSimpleStringT", True, "GetString", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CSimpleStringT", True, "LockBuffer", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"] - ["", "CSimpleStringT", True, "SetAt", "", "", "Argument[1]", "Argument[-1]", "taint", "manual"] From c1b997b2cb83838f31f0bce18652c6ea8acc99a1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:25:23 +0100 Subject: [PATCH 13/16] C++: Make the string constructors value-preserving. --- cpp/ql/lib/ext/CStringT.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/ext/CStringT.model.yml b/cpp/ql/lib/ext/CStringT.model.yml index ee0e0a03cc69..bfba644f7fb1 100644 --- a/cpp/ql/lib/ext/CStringT.model.yml +++ b/cpp/ql/lib/ext/CStringT.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/cpp-all extensible: summaryModel data: # TODO this model can be improved a lot once we have MapKey content # namespace, type, subtypes, name, signature, ext, input, output, kind, provenance - - ["", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(const VARIANT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] + - ["", "CStringT", True, "CStringT", "(const VARIANT &,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const CStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const CSimpleStringT &)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const XCHAR *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] From d8cfa711adee21f0d5e5ef16656b562b26ee32c0 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:35:21 +0100 Subject: [PATCH 14/16] C++: Fix testcase for conversion operator. --- .../dataflow/taint-tests/atl.cpp | 2 +- .../dataflow/taint-tests/localTaint.expected | 24 +------------------ 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index b4a0e03b990b..0e349ae8acea 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1133,7 +1133,7 @@ void test_CStringT() { CStringT s10(wc); sink(s10.GetString()); // $ ir - sink(&s1); // $ ast ir + sink(static_cast&>(s1)); // $ ast ir auto bstr = s1.AllocSysString(); sink(bstr); // $ ir diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected index 006695a2adbf..507625c639b8 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected @@ -1026,7 +1026,7 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:1099:15:1099:29 | call to source | atl.cpp:1104:21:1104:21 | v | | | atl.cpp:1101:21:1101:21 | v | atl.cpp:1101:21:1101:22 | call to CStringT | TAINT | | atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1102:8:1102:9 | s1 | | -| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1136:9:1136:10 | s1 | | +| atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1136:43:1136:44 | s1 | | | atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1138:15:1138:16 | s1 | | | atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1172:8:1172:9 | s1 | | | atl.cpp:1101:21:1101:22 | call to CStringT | atl.cpp:1178:8:1178:9 | s1 | | @@ -1086,28 +1086,6 @@ WARNING: module 'TaintTracking' has been deprecated and may be removed in future | atl.cpp:1133:25:1133:26 | wc | atl.cpp:1133:25:1133:27 | call to CStringT | TAINT | | atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1134:8:1134:10 | s10 | | | atl.cpp:1133:25:1133:27 | call to CStringT | atl.cpp:1212:1:1212:1 | s10 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1136:9:1136:10 | s1 [inner post update] | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1138:15:1138:16 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1172:8:1172:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1178:8:1178:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1179:8:1179:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1180:8:1180:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1181:8:1181:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1194:3:1194:4 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1197:8:1197:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1198:8:1198:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1201:8:1201:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1203:8:1203:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1204:8:1204:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1205:8:1205:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1206:8:1206:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1207:8:1207:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1208:8:1208:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1209:8:1209:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1210:8:1210:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1211:8:1211:9 | s1 | | -| atl.cpp:1136:8:1136:10 | ref arg & ... | atl.cpp:1212:1:1212:1 | s1 | | -| atl.cpp:1136:9:1136:10 | s1 | atl.cpp:1136:8:1136:10 | & ... | | | atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1172:8:1172:9 | s1 | | | atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1178:8:1178:9 | s1 | | | atl.cpp:1138:15:1138:16 | ref arg s1 | atl.cpp:1179:8:1179:9 | s1 | | From 289b938b4d2e1194dac060a1a3e3113f8a18c938 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:37:39 +0100 Subject: [PATCH 15/16] C++: Fix testcase. --- cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp index 0e349ae8acea..167ba84301fd 100644 --- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp +++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp @@ -1155,7 +1155,7 @@ void test_CStringT() { sink(s14.GetString()); // $ ir CStringT s15; - s15.AppendFormat(42, source()); + s15.AppendFormat(42, indirect_source()); sink(s15.GetString()); // $ ir CStringT s16; From cda007bae7cc24940c6b428ff729973a1116497f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Jan 2025 15:39:31 +0100 Subject: [PATCH 16/16] C++: Fix constructor model. --- cpp/ql/lib/ext/CStringT.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/ext/CStringT.model.yml b/cpp/ql/lib/ext/CStringT.model.yml index bfba644f7fb1..0a8b89e03fb9 100644 --- a/cpp/ql/lib/ext/CStringT.model.yml +++ b/cpp/ql/lib/ext/CStringT.model.yml @@ -16,8 +16,8 @@ extensions: - ["", "CStringT", True, "CStringT", "(unsigned char *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(wchar_t *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const unsigned char *,IAtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - - ["", "CStringT", True, "CStringT", "(char,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] - - ["", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[*0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(char,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + - ["", "CStringT", True, "CStringT", "(wchar_t,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["", "CStringT", True, "CStringT", "(const XCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const YCHAR *,int)", "", "Argument[*0]", "Argument[-1]", "value", "manual"] - ["", "CStringT", True, "CStringT", "(const XCHAR *,int,AtlStringMgr *)", "", "Argument[*0]", "Argument[-1]", "value", "manual"]