diff --git a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql index 437b13f7f9..15d895c1f0 100644 --- a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql +++ b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.ql @@ -20,7 +20,7 @@ import cpp import codingstandards.c.cert -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.PossiblyUnsafeStringOperation /** diff --git a/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected b/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected index 9a87a6775b..71e713d120 100644 --- a/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected +++ b/c/cert/test/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.expected @@ -1,9 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,55-63) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,31-39) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,54-62) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:62,5-18) -WARNING: module 'TaintTracking' has been deprecated and may be removed in future (StringsHasSufficientSpaceForTheNullTerminator.ql:68,5-18) | test.c:10:20:10:24 | Cod | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | | test.c:16:3:16:9 | call to strncpy | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | | test.c:26:3:26:10 | call to snprintf | Expression produces or consumes a string that may not have sufficient space for a null-terminator. | diff --git a/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected b/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected index d7dfc6c13f..afbb275c6c 100644 --- a/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected +++ b/c/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected @@ -1,20 +1,29 @@ problems -| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:8:11:12 | c_str | The object returned by the function getenv should not be modified. | +| test.c:11:7:11:12 | * ... | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | +| test.c:11:8:11:12 | c_str | test.c:18:16:18:21 | call to getenv | test.c:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | | test.c:67:5:67:9 | conv4 | test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | The object returned by the function localeconv should not be modified. | | test.c:76:5:76:8 | conv | test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | The object returned by the function localeconv should not be modified. | edges -| test.c:8:18:8:22 | c_str | test.c:11:8:11:12 | c_str | provenance | | +| test.c:8:18:8:22 | c_str | test.c:11:7:11:12 | * ... | provenance | | +| test.c:18:16:18:21 | call to getenv | test.c:18:16:18:21 | call to getenv | provenance | | | test.c:18:16:18:21 | call to getenv | test.c:24:9:24:12 | env1 | provenance | | | test.c:24:9:24:12 | env1 | test.c:8:18:8:22 | c_str | provenance | | -| test.c:64:11:64:20 | call to localeconv | test.c:67:5:67:9 | conv4 | provenance | | -| test.c:72:25:72:34 | call to localeconv | test.c:76:5:76:8 | conv | provenance | | +| test.c:64:3:64:22 | ... = ... | test.c:67:5:67:9 | conv4 | provenance | | +| test.c:64:11:64:20 | call to localeconv | test.c:64:3:64:22 | ... = ... | provenance | | +| test.c:72:25:72:34 | call to localeconv | test.c:72:25:72:34 | call to localeconv | provenance | | +| test.c:72:25:72:34 | call to localeconv | test.c:73:24:73:28 | conv4 | provenance | | +| test.c:73:24:73:28 | conv4 | test.c:76:5:76:8 | conv | provenance | | nodes | test.c:8:18:8:22 | c_str | semmle.label | c_str | -| test.c:11:8:11:12 | c_str | semmle.label | c_str | +| test.c:11:7:11:12 | * ... | semmle.label | * ... | +| test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.c:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.c:24:9:24:12 | env1 | semmle.label | env1 | +| test.c:64:3:64:22 | ... = ... | semmle.label | ... = ... | | test.c:64:11:64:20 | call to localeconv | semmle.label | call to localeconv | | test.c:67:5:67:9 | conv4 | semmle.label | conv4 | | test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.c:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.c:73:24:73:28 | conv4 | semmle.label | conv4 | | test.c:76:5:76:8 | conv | semmle.label | conv | subpaths diff --git a/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected b/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected index bda6c7ad05..8625b9793d 100644 --- a/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected +++ b/c/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected @@ -10,27 +10,35 @@ problems | test.c:25:7:25:14 | ... >= ... | test.c:7:14:7:15 | l1 | test.c:25:7:25:8 | p1 | Compare operation >= comparing left operand pointing to array $@ and other operand pointing to array $@. | test.c:2:7:2:8 | l1 | l1 | test.c:4:7:4:8 | l3 | l3 | | test.c:25:7:25:14 | ... >= ... | test.c:25:13:25:14 | l3 | test.c:25:13:25:14 | l3 | Compare operation >= comparing right operand pointing to array $@ and other operand pointing to array $@. | test.c:4:7:4:8 | l3 | l3 | test.c:2:7:2:8 | l1 | l1 | edges +| test.c:6:13:6:14 | l1 | test.c:6:13:6:14 | l1 | provenance | | | test.c:6:13:6:14 | l1 | test.c:13:12:13:13 | p0 | provenance | | -| test.c:7:14:7:15 | l1 | test.c:7:14:7:18 | access to array | provenance | Config | -| test.c:7:14:7:18 | access to array | test.c:11:7:11:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:13:7:13:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:15:13:15:14 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:17:7:17:8 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:23:13:23:14 | p1 | provenance | | -| test.c:7:14:7:18 | access to array | test.c:25:7:25:8 | p1 | provenance | | -| test.c:8:14:8:15 | l1 | test.c:8:14:8:18 | access to array | provenance | Config | -| test.c:8:14:8:18 | access to array | test.c:11:12:11:13 | p2 | provenance | | -| test.c:8:14:8:18 | access to array | test.c:21:7:21:8 | p2 | provenance | | -| test.c:9:14:9:15 | l2 | test.c:9:14:9:18 | access to array | provenance | Config | -| test.c:9:14:9:18 | access to array | test.c:21:12:21:13 | p3 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:7:13:7:18 | & ... | provenance | | +| test.c:7:13:7:18 | & ... | test.c:11:7:11:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:13:7:13:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:15:13:15:14 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:17:7:17:8 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:23:13:23:14 | p1 | provenance | | +| test.c:7:13:7:18 | & ... | test.c:25:7:25:8 | p1 | provenance | | +| test.c:7:14:7:15 | l1 | test.c:7:13:7:18 | & ... | provenance | Config | +| test.c:8:13:8:18 | & ... | test.c:8:13:8:18 | & ... | provenance | | +| test.c:8:13:8:18 | & ... | test.c:11:12:11:13 | p2 | provenance | | +| test.c:8:13:8:18 | & ... | test.c:21:7:21:8 | p2 | provenance | | +| test.c:8:14:8:15 | l1 | test.c:8:13:8:18 | & ... | provenance | Config | +| test.c:9:13:9:18 | & ... | test.c:9:13:9:18 | & ... | provenance | | +| test.c:9:13:9:18 | & ... | test.c:21:12:21:13 | p3 | provenance | | +| test.c:9:14:9:15 | l2 | test.c:9:13:9:18 | & ... | provenance | Config | nodes | test.c:6:13:6:14 | l1 | semmle.label | l1 | +| test.c:6:13:6:14 | l1 | semmle.label | l1 | +| test.c:7:13:7:18 | & ... | semmle.label | & ... | +| test.c:7:13:7:18 | & ... | semmle.label | & ... | | test.c:7:14:7:15 | l1 | semmle.label | l1 | -| test.c:7:14:7:18 | access to array | semmle.label | access to array | +| test.c:8:13:8:18 | & ... | semmle.label | & ... | +| test.c:8:13:8:18 | & ... | semmle.label | & ... | | test.c:8:14:8:15 | l1 | semmle.label | l1 | -| test.c:8:14:8:18 | access to array | semmle.label | access to array | +| test.c:9:13:9:18 | & ... | semmle.label | & ... | +| test.c:9:13:9:18 | & ... | semmle.label | & ... | | test.c:9:14:9:15 | l2 | semmle.label | l2 | -| test.c:9:14:9:18 | access to array | semmle.label | access to array | | test.c:11:7:11:8 | p1 | semmle.label | p1 | | test.c:11:12:11:13 | p2 | semmle.label | p2 | | test.c:13:7:13:8 | p1 | semmle.label | p1 | diff --git a/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected b/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected index a6c41a6d75..cdfabea26c 100644 --- a/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected +++ b/c/common/test/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.expected @@ -7,8 +7,10 @@ problems | test.c:26:8:26:8 | p | test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | Free expression frees memory which was not dynamically allocated. | edges | test.c:18:24:18:26 | ptr | test.c:18:36:18:38 | ptr | provenance | | +| test.c:25:13:25:14 | & ... | test.c:25:13:25:14 | & ... | provenance | | | test.c:25:13:25:14 | & ... | test.c:26:8:26:8 | p | provenance | | -| test.c:27:7:27:8 | & ... | test.c:28:15:28:15 | p | provenance | | +| test.c:27:3:27:8 | ... = ... | test.c:28:15:28:15 | p | provenance | | +| test.c:27:7:27:8 | & ... | test.c:27:3:27:8 | ... = ... | provenance | | | test.c:28:15:28:15 | p | test.c:18:24:18:26 | ptr | provenance | | nodes | test.c:8:8:8:10 | g_p | semmle.label | g_p | @@ -18,7 +20,9 @@ nodes | test.c:18:24:18:26 | ptr | semmle.label | ptr | | test.c:18:36:18:38 | ptr | semmle.label | ptr | | test.c:25:13:25:14 | & ... | semmle.label | & ... | +| test.c:25:13:25:14 | & ... | semmle.label | & ... | | test.c:26:8:26:8 | p | semmle.label | p | +| test.c:27:3:27:8 | ... = ... | semmle.label | ... = ... | | test.c:27:7:27:8 | & ... | semmle.label | & ... | | test.c:28:15:28:15 | p | semmle.label | p | subpaths diff --git a/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql b/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql index 0bf42ce4ca..83c73902db 100644 --- a/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql +++ b/cpp/autosar/src/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.ql @@ -16,7 +16,7 @@ import cpp import codingstandards.cpp.autosar import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.standardlibrary.Utility Expr lifetimeAffectingSmartPointerExpr(Function f) { diff --git a/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql b/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql index 3b30eb676a..a6df2fd5e5 100644 --- a/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql +++ b/cpp/autosar/src/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.ql @@ -21,7 +21,7 @@ import codingstandards.cpp.autosar import codingstandards.cpp.FunctionParameter import codingstandards.cpp.ConstHelpers import codingstandards.cpp.Operator -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow /** * Non-const T& `Parameter`s to `Function`s diff --git a/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql b/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql index 559b41527c..322430fa5b 100644 --- a/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql +++ b/cpp/autosar/src/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.ql @@ -18,7 +18,7 @@ import cpp import codingstandards.cpp.autosar -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow class ReferenceTypeWithNonConstBaseType extends ReferenceType { ReferenceTypeWithNonConstBaseType() { not this.getBaseType().isConst() } @@ -46,14 +46,16 @@ class ConstMemberFunctionWithRetNonConst extends ConstMemberFunction { from ConstMemberFunctionWithRetNonConst fun, Locatable f where not isExcluded(fun, ConstPackage::constMemberFunctionReturnsNonConstPointerQuery()) and - exists(ReturnStmt ret | + exists(ReturnStmt ret, DataFlow::Node vaNode, DataFlow::Node retNode | ret.getEnclosingFunction() = fun and + retNode.asIndirectExpr() = ret.getExpr() and ( - f.(MemberVariable).getDeclaringType() = fun.getDeclaringType() and - DataFlow::localExprFlow(f.(MemberVariable).getAnAccess(), ret.getExpr()) + vaNode.asIndirectExpr() = f.(MemberVariable).getAnAccess() and + f.(MemberVariable).getDeclaringType() = fun.getDeclaringType() or - DataFlow::localExprFlow(f.(ThisExpr), ret.getExpr()) - ) + vaNode.asIndirectExpr() = f.(ThisExpr) + ) and + DataFlow::localFlow(vaNode, retNode) ) select fun, "Const member function returns a " + fun.getReturnTypeCategory() + " to class data $@.", f, f.toString() diff --git a/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected b/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected index 2ce56fdce9..b751d81835 100644 --- a/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected +++ b/cpp/autosar/test/rules/A8-4-11/SmartPointerAsParameterWithoutLifetimeSemantics.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:47,3-11) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (SmartPointerAsParameterWithoutLifetimeSemantics.ql:56,5-13) | test.cpp:7:41:7:43 | up1 | Function $@ takes smart pointer parameter 'up1' but does not implement any lifetime-affecting operations. | test.cpp:7:6:7:18 | smart_ptr_get | smart_ptr_get | | test.cpp:16:53:16:55 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:16:6:16:29 | smart_ptr_ref_assign_ref | smart_ptr_ref_assign_ref | | test.cpp:28:55:28:57 | sp1 | Function $@ takes smart pointer parameter 'sp1' but does not implement any lifetime-affecting operations. | test.cpp:28:6:28:31 | smart_ptr_ref_noncompliant | smart_ptr_ref_noncompliant | diff --git a/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected b/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected index 25fe77d9a5..e3cfa71bb7 100644 --- a/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected +++ b/cpp/autosar/test/rules/A8-4-9/InOutParametersDeclaredAsTNotModified.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:50,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (InOutParametersDeclaredAsTNotModified.ql:64,7-15) | test.cpp:4:13:4:13 | i | In-out parameter i that is not written to. | | test.cpp:7:22:7:24 | str | In-out parameter str that is not read from. | | test.cpp:18:14:18:14 | i | In-out parameter i that is not read from. | diff --git a/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected b/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected index af7e9efc36..ee9652f505 100644 --- a/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected +++ b/cpp/autosar/test/rules/M9-3-1/ConstMemberFunctionReturnsNonConstPointer.expected @@ -1,5 +1,3 @@ -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:53,7-15) -WARNING: module 'DataFlow' has been deprecated and may be removed in future (ConstMemberFunctionReturnsNonConstPointer.ql:55,7-15) | test.cpp:8:8:8:11 | getA | Const member function returns a pointer to class data $@. | test.cpp:3:8:3:8 | a | a | | test.cpp:9:8:9:11 | getB | Const member function returns a pointer to class data $@. | test.cpp:4:8:4:8 | b | b | | test.cpp:11:6:11:12 | getThis | Const member function returns a pointer to class data $@. | test.cpp:11:36:11:39 | this | this | diff --git a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll index e27f09fd98..ad24101379 100644 --- a/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll +++ b/cpp/common/src/codingstandards/cpp/rules/basicstringmaynotbenullterminated/BasicStringMayNotBeNullTerminated.qll @@ -8,8 +8,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import semmle.code.cpp.security.BufferWrite import semmle.code.cpp.commons.Buffer -import semmle.code.cpp.dataflow.DataFlow -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import codingstandards.cpp.PossiblyUnsafeStringOperation abstract class BasicStringMayNotBeNullTerminatedSharedQuery extends Query { } @@ -40,8 +39,13 @@ query predicate problems(BasicStringConstructorCall cc, string message) { // a) is not a string literal not arg instanceof StringLiteral and // b) may exist in a dataflow from an unsafe usage of a string function - exists(PossiblyUnsafeStringOperation op | - TaintTracking::localTaint(DataFlow::exprNode(op.getAnArgument()), DataFlow::exprNode(arg)) + exists( + PossiblyUnsafeStringOperation op, DataFlow::DefinitionByReferenceNode opNode, + DataFlow::Node argNode + | + opNode.asDefiningArgument() = op.getAnArgument() and argNode.asIndirectExpr() = arg + | + TaintTracking::localTaint(opNode, argNode) ) and message = "Construction of string object with possibly non-null terminated C-style string." ) diff --git a/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll b/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll index a366991714..d17cd560bb 100644 --- a/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll +++ b/cpp/common/src/codingstandards/cpp/rules/constlikereturnvalue/ConstLikeReturnValue.qll @@ -8,7 +8,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import DFFlow::PathGraph abstract class ConstLikeReturnValueSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll index 902d0ecf1f..b81e41f256 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenmovinglambdaobject/DanglingCaptureWhenMovingLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.Expr diff --git a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll index 4ab01520f6..85fc15c565 100644 --- a/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll +++ b/cpp/common/src/codingstandards/cpp/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.qll @@ -5,7 +5,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions @@ -48,7 +48,14 @@ query predicate problems( not isExcluded(returnStmt, getQuery()) and lambda.getACapture() = danglingCapture and ( - DataFlow::localExprFlow(lambda, returnStmt.getExpr()) + returnStmt.getExpr() = lambda + or + exists(DataFlow::Node lambdaNode, DataFlow::Node returnNode | + lambdaNode.asExpr() = lambda and + returnNode.asIndirectExpr() = returnStmt.getExpr() + | + DataFlow::localFlow(lambdaNode, returnNode) + ) or // implement a rough heuristic to catch the results of constructors (such as std::function's) // which take an argument that has a dangling capture and flow to a return statement diff --git a/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll b/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll index 83266ed524..86f50c7538 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotaccessaclosedfile/DoNotAccessAClosedFile.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.standardlibrary.FileAccess import semmle.code.cpp.controlflow.SubBasicBlocks @@ -40,9 +40,10 @@ SubBasicBlock followsFileClose(SubBasicBlock source, Expr closedFile) { // the argument of a call to function `fclose(FILE*)` is subsequently accessed predicate closedFileAccess(Expr closedFile, Expr fileAccess) { - exists(DataFlow::DefinitionByReferenceNode def | + exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node va | + va.asIndirectExpr() = fileAccess.(VariableAccess) and def.asDefiningArgument() = closedFile and - DataFlow::localFlow(def, DataFlow::exprNode(fileAccess.(VariableAccess))) + DataFlow::localFlow(def, va) ) } diff --git a/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll b/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll index 79eda7714d..edd3e8305e 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotpassaliasedpointertorestrictqualifiedparamshared/DoNotPassAliasedPointerToRestrictQualifiedParamShared.qll @@ -7,7 +7,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.types.Pointers import codingstandards.cpp.Variable -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.pointsto.PointsTo import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis diff --git a/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll b/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll index aa8fa29bfd..ca0aeb8618 100644 --- a/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll +++ b/cpp/common/src/codingstandards/cpp/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import ArrayToRelationalOperationOperandFlow::PathGraph abstract class DoNotUseRelationalOperatorsWithDifferingArraysSharedQuery extends Query { } @@ -43,6 +43,8 @@ module ArrayToRelationalOperationOperandConfig implements DataFlow::ConfigSig { // Add a flow step from the base to the array expression to track pointers to elements of the array. exists(ArrayExpr e | e.getArrayBase() = pred.asExpr() and e = succ.asExpr()) } + + predicate isBarrierIn(DataFlow::Node node) { isSource(node) } } module ArrayToRelationalOperationOperandFlow = diff --git a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll index 93177e4f46..e7e25cf7b0 100644 --- a/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll +++ b/cpp/common/src/codingstandards/cpp/rules/functionerroneousreturnvaluenottested/FunctionErroneousReturnValueNotTested.qll @@ -4,7 +4,7 @@ import cpp import codingstandards.cpp.Customizations -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import semmle.code.cpp.controlflow.Guards import codingstandards.cpp.Exclusions diff --git a/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll b/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll index 50b27d819d..38215c602f 100644 --- a/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll +++ b/cpp/common/src/codingstandards/cpp/rules/invalidatedenvstringpointers/InvalidatedEnvStringPointers.qll @@ -6,7 +6,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow abstract class InvalidatedEnvStringPointersSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll b/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll index f17da7e457..ad1d9f009f 100644 --- a/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll +++ b/cpp/common/src/codingstandards/cpp/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.qll @@ -4,7 +4,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.Exclusions import codingstandards.cpp.standardlibrary.Utility @@ -75,9 +75,10 @@ query predicate problems(Expr e, string message, StdMoveCall f, string argDesc) not e instanceof ReassignedExpression and // object moved to safe functions are preserved not exists(SafeRead safe | f = safe.getArgument(0)) and - exists(DataFlow::DefinitionByReferenceNode def | - def.asDefiningArgument() = f and - DataFlow::localFlow(def, DataFlow::exprNode(e)) + exists(DataFlow::DefinitionByReferenceNode def, DataFlow::Node n | + f.getArgument(0) = def.getArgument() and + n.asIndirectExpr() = e and + DataFlow::localFlow(def, n) ) and message = "The argument of the $@ may be indeterminate when accessed at this location." and argDesc = f.toString() diff --git a/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll b/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll index 89c732ff5a..d89755c999 100644 --- a/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll +++ b/cpp/common/src/codingstandards/cpp/rules/onlyfreememoryallocateddynamicallyshared/OnlyFreeMemoryAllocatedDynamicallyShared.qll @@ -7,7 +7,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.Allocations -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import NonDynamicPointerToFreeFlow::PathGraph /** diff --git a/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll b/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll index 2ee92b1611..677271db44 100644 --- a/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll +++ b/cpp/common/src/codingstandards/cpp/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.qll @@ -8,7 +8,7 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.SmartPointers -import semmle.code.cpp.dataflow.TaintTracking +import semmle.code.cpp.dataflow.new.TaintTracking import PointerToSmartPointerConstructorFlowFlow::PathGraph abstract class OwnedPointerValueStoredInUnrelatedSmartPointerSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll b/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll index 6b2c6c87c9..6eda89ed0b 100644 --- a/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll +++ b/cpp/common/src/codingstandards/cpp/rules/placementnewinsufficientstorage/PlacementNewInsufficientStorage.qll @@ -7,7 +7,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.allocations.PlacementNew -import semmle.code.cpp.dataflow.DataFlow import PlacementNewOriginFlow::PathGraph abstract class PlacementNewInsufficientStorageSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll b/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll index d250061a23..edbb5b8979 100644 --- a/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll +++ b/cpp/common/src/codingstandards/cpp/rules/placementnewnotproperlyaligned/PlacementNewNotProperlyAligned.qll @@ -7,7 +7,6 @@ import cpp import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.allocations.PlacementNew -import semmle.code.cpp.dataflow.DataFlow import PlacementNewOriginFlow::PathGraph abstract class PlacementNewNotProperlyAlignedSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll b/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll index ba2f6ed82a..7e3732fab0 100644 --- a/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll +++ b/cpp/common/src/codingstandards/cpp/rules/predicatefunctionobjectsshouldnotbemutable/PredicateFunctionObjectsShouldNotBeMutable.qll @@ -9,7 +9,7 @@ import codingstandards.cpp.Customizations import codingstandards.cpp.Exclusions import codingstandards.cpp.SideEffect import codingstandards.cpp.sideeffect.DefaultEffects -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow abstract class PredicateFunctionObjectsShouldNotBeMutableSharedQuery extends Query { } diff --git a/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll b/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll index e28ef7ab07..827bfc7c7e 100644 --- a/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll +++ b/cpp/common/src/codingstandards/cpp/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.qll @@ -4,7 +4,7 @@ */ import cpp -import semmle.code.cpp.dataflow.DataFlow +import semmle.code.cpp.dataflow.new.DataFlow import codingstandards.cpp.allocations.CustomOperatorNewDelete import codingstandards.cpp.exceptions.ExceptionSpecifications import codingstandards.cpp.Customizations diff --git a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll index 99eec1f5e0..4714fde6a2 100644 --- a/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll +++ b/cpp/common/src/codingstandards/cpp/standardlibrary/FileStreams.qll @@ -10,8 +10,8 @@ */ import cpp -private import semmle.code.cpp.dataflow.DataFlow -private import semmle.code.cpp.dataflow.TaintTracking +private import semmle.code.cpp.dataflow.new.DataFlow +private import semmle.code.cpp.dataflow.new.TaintTracking private import codingstandards.cpp.Operator /** diff --git a/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected b/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected index 2caa0d197c..dbbff59c9f 100644 --- a/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected +++ b/cpp/common/test/rules/constlikereturnvalue/ConstLikeReturnValue.expected @@ -1,20 +1,29 @@ problems -| test.cpp:11:8:11:12 | c_str | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:8:11:12 | c_str | The object returned by the function getenv should not be modified. | +| test.cpp:11:7:11:12 | * ... | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | +| test.cpp:11:8:11:12 | c_str | test.cpp:18:16:18:21 | call to getenv | test.cpp:11:7:11:12 | * ... | The object returned by the function getenv should not be modified. | | test.cpp:67:5:67:9 | conv4 | test.cpp:64:11:64:20 | call to localeconv | test.cpp:67:5:67:9 | conv4 | The object returned by the function localeconv should not be modified. | | test.cpp:76:5:76:8 | conv | test.cpp:72:25:72:34 | call to localeconv | test.cpp:76:5:76:8 | conv | The object returned by the function localeconv should not be modified. | edges -| test.cpp:8:18:8:22 | c_str | test.cpp:11:8:11:12 | c_str | provenance | | +| test.cpp:8:18:8:22 | c_str | test.cpp:11:7:11:12 | * ... | provenance | | +| test.cpp:18:16:18:21 | call to getenv | test.cpp:18:16:18:21 | call to getenv | provenance | | | test.cpp:18:16:18:21 | call to getenv | test.cpp:24:9:24:12 | env1 | provenance | | | test.cpp:24:9:24:12 | env1 | test.cpp:8:18:8:22 | c_str | provenance | | -| test.cpp:64:11:64:20 | call to localeconv | test.cpp:67:5:67:9 | conv4 | provenance | | -| test.cpp:72:25:72:34 | call to localeconv | test.cpp:76:5:76:8 | conv | provenance | | +| test.cpp:64:3:64:22 | ... = ... | test.cpp:67:5:67:9 | conv4 | provenance | | +| test.cpp:64:11:64:20 | call to localeconv | test.cpp:64:3:64:22 | ... = ... | provenance | | +| test.cpp:72:25:72:34 | call to localeconv | test.cpp:72:25:72:34 | call to localeconv | provenance | | +| test.cpp:72:25:72:34 | call to localeconv | test.cpp:73:24:73:28 | conv4 | provenance | | +| test.cpp:73:24:73:28 | conv4 | test.cpp:76:5:76:8 | conv | provenance | | nodes | test.cpp:8:18:8:22 | c_str | semmle.label | c_str | -| test.cpp:11:8:11:12 | c_str | semmle.label | c_str | +| test.cpp:11:7:11:12 | * ... | semmle.label | * ... | +| test.cpp:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.cpp:18:16:18:21 | call to getenv | semmle.label | call to getenv | | test.cpp:24:9:24:12 | env1 | semmle.label | env1 | +| test.cpp:64:3:64:22 | ... = ... | semmle.label | ... = ... | | test.cpp:64:11:64:20 | call to localeconv | semmle.label | call to localeconv | | test.cpp:67:5:67:9 | conv4 | semmle.label | conv4 | | test.cpp:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.cpp:72:25:72:34 | call to localeconv | semmle.label | call to localeconv | +| test.cpp:73:24:73:28 | conv4 | semmle.label | conv4 | | test.cpp:76:5:76:8 | conv | semmle.label | conv | subpaths diff --git a/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected b/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected index 15fe8afa2f..a85d60399f 100644 --- a/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected +++ b/cpp/common/test/rules/danglingcapturewhenreturninglambdaobject/DanglingCaptureWhenReturningLambdaObject.expected @@ -1,7 +1,6 @@ | test.cpp:6:3:6:12 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:5:12:5:27 | [...](...){...} | object | test.cpp:5:21:5:21 | l1 | l1 | | test.cpp:17:5:17:36 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:17:5:17:36 | [...](...){...} | object | test.cpp:17:27:17:27 | (captured this) | this | | test.cpp:27:5:27:17 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:26:17:26:42 | [...](...){...} | object | test.cpp:26:33:26:33 | val | val | -| test.cpp:27:5:27:17 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:26:18:26:42 | [...](...){...} | object | test.cpp:26:33:26:33 | val | val | | test.cpp:33:3:33:33 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:33:3:33:33 | [...](...){...} | object | test.cpp:33:25:33:25 | i | i | | test.cpp:37:3:37:33 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:37:3:37:33 | [...](...){...} | object | test.cpp:37:25:37:25 | i | i | | test.cpp:46:3:46:45 | return ... | Returning lambda $@ with potentially dangling capture $@. | test.cpp:46:11:46:43 | [...](...){...} | object | test.cpp:46:13:46:16 | data | data | diff --git a/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected b/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected index cab80e0fe0..94210200fc 100644 --- a/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected +++ b/cpp/common/test/rules/donotuserelationaloperatorswithdifferingarrays/DoNotUseRelationalOperatorsWithDifferingArrays.expected @@ -10,27 +10,35 @@ problems | test.cpp:25:7:25:14 | ... >= ... | test.cpp:7:14:7:15 | l1 | test.cpp:25:7:25:8 | p1 | Compare operation >= comparing left operand pointing to array $@ and other operand pointing to array $@. | test.cpp:2:7:2:8 | l1 | l1 | test.cpp:4:7:4:8 | l3 | l3 | | test.cpp:25:7:25:14 | ... >= ... | test.cpp:25:13:25:14 | l3 | test.cpp:25:13:25:14 | l3 | Compare operation >= comparing right operand pointing to array $@ and other operand pointing to array $@. | test.cpp:4:7:4:8 | l3 | l3 | test.cpp:2:7:2:8 | l1 | l1 | edges +| test.cpp:6:13:6:14 | l1 | test.cpp:6:13:6:14 | l1 | provenance | | | test.cpp:6:13:6:14 | l1 | test.cpp:13:12:13:13 | p0 | provenance | | -| test.cpp:7:14:7:15 | l1 | test.cpp:7:14:7:18 | access to array | provenance | Config | -| test.cpp:7:14:7:18 | access to array | test.cpp:11:7:11:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:13:7:13:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:15:13:15:14 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:17:7:17:8 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:23:13:23:14 | p1 | provenance | | -| test.cpp:7:14:7:18 | access to array | test.cpp:25:7:25:8 | p1 | provenance | | -| test.cpp:8:14:8:15 | l1 | test.cpp:8:14:8:18 | access to array | provenance | Config | -| test.cpp:8:14:8:18 | access to array | test.cpp:11:12:11:13 | p2 | provenance | | -| test.cpp:8:14:8:18 | access to array | test.cpp:21:7:21:8 | p2 | provenance | | -| test.cpp:9:14:9:15 | l2 | test.cpp:9:14:9:18 | access to array | provenance | Config | -| test.cpp:9:14:9:18 | access to array | test.cpp:21:12:21:13 | p3 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:7:13:7:18 | & ... | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:11:7:11:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:13:7:13:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:15:13:15:14 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:17:7:17:8 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:23:13:23:14 | p1 | provenance | | +| test.cpp:7:13:7:18 | & ... | test.cpp:25:7:25:8 | p1 | provenance | | +| test.cpp:7:14:7:15 | l1 | test.cpp:7:13:7:18 | & ... | provenance | Config | +| test.cpp:8:13:8:18 | & ... | test.cpp:8:13:8:18 | & ... | provenance | | +| test.cpp:8:13:8:18 | & ... | test.cpp:11:12:11:13 | p2 | provenance | | +| test.cpp:8:13:8:18 | & ... | test.cpp:21:7:21:8 | p2 | provenance | | +| test.cpp:8:14:8:15 | l1 | test.cpp:8:13:8:18 | & ... | provenance | Config | +| test.cpp:9:13:9:18 | & ... | test.cpp:9:13:9:18 | & ... | provenance | | +| test.cpp:9:13:9:18 | & ... | test.cpp:21:12:21:13 | p3 | provenance | | +| test.cpp:9:14:9:15 | l2 | test.cpp:9:13:9:18 | & ... | provenance | Config | nodes | test.cpp:6:13:6:14 | l1 | semmle.label | l1 | +| test.cpp:6:13:6:14 | l1 | semmle.label | l1 | +| test.cpp:7:13:7:18 | & ... | semmle.label | & ... | +| test.cpp:7:13:7:18 | & ... | semmle.label | & ... | | test.cpp:7:14:7:15 | l1 | semmle.label | l1 | -| test.cpp:7:14:7:18 | access to array | semmle.label | access to array | +| test.cpp:8:13:8:18 | & ... | semmle.label | & ... | +| test.cpp:8:13:8:18 | & ... | semmle.label | & ... | | test.cpp:8:14:8:15 | l1 | semmle.label | l1 | -| test.cpp:8:14:8:18 | access to array | semmle.label | access to array | +| test.cpp:9:13:9:18 | & ... | semmle.label | & ... | +| test.cpp:9:13:9:18 | & ... | semmle.label | & ... | | test.cpp:9:14:9:15 | l2 | semmle.label | l2 | -| test.cpp:9:14:9:18 | access to array | semmle.label | access to array | | test.cpp:11:7:11:8 | p1 | semmle.label | p1 | | test.cpp:11:12:11:13 | p2 | semmle.label | p2 | | test.cpp:13:7:13:8 | p1 | semmle.label | p1 | diff --git a/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected b/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected index 7f8c6b9a50..48cce53ea6 100644 --- a/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected +++ b/cpp/common/test/rules/movedfromobjectsunspecifiedstate/MovedFromObjectsUnspecifiedState.expected @@ -1,5 +1,5 @@ | test.cpp:9:16:9:17 | s1 | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:7:18:7:26 | call to move | call to move | | test.cpp:30:5:30:5 | s | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | -| test.cpp:31:11:31:22 | call to basic_string | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | +| test.cpp:31:11:31:19 | call to move | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | | test.cpp:31:21:31:21 | s | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:31:11:31:19 | call to move | call to move | | test.cpp:79:16:79:23 | s_global | The argument of the $@ may be indeterminate when accessed at this location. | test.cpp:78:18:78:26 | call to move | call to move | diff --git a/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected b/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected index 7790582443..00f3128a8b 100644 --- a/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected +++ b/cpp/common/test/rules/ownedpointervaluestoredinunrelatedsmartpointer/OwnedPointerValueStoredInUnrelatedSmartPointer.expected @@ -1,44 +1,64 @@ problems +| test.cpp:5:27:5:28 | v1 | test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:5:27:5:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:5:27:5:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | +| test.cpp:6:31:6:33 | call to get | test.cpp:4:13:4:14 | v1 | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:6:31:6:33 | call to get | test.cpp:16:13:16:22 | new | test.cpp:6:31:6:33 | call to get | Raw pointer flows to initialize multiple unrelated smart pointers. | +| test.cpp:7:28:7:29 | v2 | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:7:28:7:29 | v2 | test.cpp:16:13:16:22 | new | test.cpp:7:28:7:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:11:28:11:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:12:28:12:29 | v2 | test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | Raw pointer flows to initialize multiple unrelated smart pointers. | | test.cpp:17:27:17:28 | v1 | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | Raw pointer flows to initialize multiple unrelated smart pointers. | edges +| test.cpp:3:14:3:15 | v1 | test.cpp:4:13:4:14 | v1 | provenance | | | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | | test.cpp:3:14:3:15 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | -| test.cpp:3:14:3:15 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:4:13:4:14 | v1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:5:27:5:28 | v1 | provenance | | | test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | -| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance | | -| test.cpp:5:27:5:28 | v1 | test.cpp:5:27:5:29 | call to shared_ptr | provenance | Config | -| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | -| test.cpp:5:27:5:29 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:4:13:4:14 | v1 | test.cpp:7:28:7:29 | v2 | provenance | | +| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:5:24:5:25 | call to shared_ptr | test.cpp:6:28:6:29 | p1 | provenance | | +| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config | +| test.cpp:5:27:5:28 | v1 | test.cpp:5:24:5:25 | call to shared_ptr | provenance | Config | | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config | | test.cpp:6:28:6:29 | p1 | test.cpp:6:31:6:33 | call to get | provenance | Config | -| test.cpp:8:8:8:14 | 0 | test.cpp:9:28:9:29 | v2 | provenance | | -| test.cpp:10:8:10:17 | new | test.cpp:11:28:11:29 | v2 | provenance | | -| test.cpp:10:8:10:17 | new | test.cpp:12:28:12:29 | v2 | provenance | | +| test.cpp:8:3:8:14 | ... = ... | test.cpp:9:28:9:29 | v2 | provenance | | +| test.cpp:8:8:8:14 | 0 | test.cpp:8:3:8:14 | ... = ... | provenance | | +| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance | | +| test.cpp:10:3:10:17 | ... = ... | test.cpp:11:28:11:29 | v2 | provenance | | +| test.cpp:10:8:10:17 | new | test.cpp:10:3:10:17 | ... = ... | provenance | | +| test.cpp:11:28:11:29 | v2 | test.cpp:12:28:12:29 | v2 | provenance | | +| test.cpp:16:13:16:22 | new | test.cpp:16:13:16:22 | new | provenance | | +| test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance | | | test.cpp:16:13:16:22 | new | test.cpp:17:27:17:28 | v1 | provenance | | -| test.cpp:16:13:16:22 | new | test.cpp:19:6:19:7 | v1 | provenance | | +| test.cpp:17:27:17:28 | v1 | test.cpp:19:6:19:7 | v1 | provenance | | | test.cpp:19:6:19:7 | v1 | test.cpp:3:14:3:15 | v1 | provenance | | nodes | test.cpp:3:14:3:15 | v1 | semmle.label | v1 | | test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:4:13:4:14 | v1 | semmle.label | v1 | +| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr | +| test.cpp:5:24:5:25 | call to shared_ptr | semmle.label | call to shared_ptr | +| test.cpp:5:27:5:28 | v1 | semmle.label | v1 | | test.cpp:5:27:5:28 | v1 | semmle.label | v1 | | test.cpp:5:27:5:28 | v1 | semmle.label | v1 | -| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr | -| test.cpp:5:27:5:29 | call to shared_ptr | semmle.label | call to shared_ptr | | test.cpp:6:28:6:29 | p1 | semmle.label | p1 | | test.cpp:6:28:6:29 | p1 | semmle.label | p1 | | test.cpp:6:31:6:33 | call to get | semmle.label | call to get | | test.cpp:7:28:7:29 | v2 | semmle.label | v2 | +| test.cpp:8:3:8:14 | ... = ... | semmle.label | ... = ... | | test.cpp:8:8:8:14 | 0 | semmle.label | 0 | | test.cpp:9:28:9:29 | v2 | semmle.label | v2 | +| test.cpp:10:3:10:17 | ... = ... | semmle.label | ... = ... | | test.cpp:10:8:10:17 | new | semmle.label | new | | test.cpp:11:28:11:29 | v2 | semmle.label | v2 | +| test.cpp:11:28:11:29 | v2 | semmle.label | v2 | | test.cpp:12:28:12:29 | v2 | semmle.label | v2 | | test.cpp:16:13:16:22 | new | semmle.label | new | +| test.cpp:16:13:16:22 | new | semmle.label | new | +| test.cpp:17:27:17:28 | v1 | semmle.label | v1 | | test.cpp:17:27:17:28 | v1 | semmle.label | v1 | | test.cpp:19:6:19:7 | v1 | semmle.label | v1 | subpaths diff --git a/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected b/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected index 5e047a77da..5b77245dbd 100644 --- a/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected +++ b/cpp/common/test/rules/throwingoperatornewreturnsnull/ThrowingOperatorNewReturnsNull.expected @@ -3,10 +3,16 @@ problems | test.cpp:12:5:12:19 | return ... | test.cpp:12:12:12:18 | 0 | test.cpp:12:12:12:18 | 0 | operator new(size_t) may return null instead of throwing a std::bad_alloc exception. | | test.cpp:14:5:14:33 | return ... | test.cpp:4:10:4:23 | call to operator new | test.cpp:14:12:14:26 | call to can_return_null | operator new(size_t) may return null instead of throwing a std::bad_alloc exception. | edges -| test.cpp:4:10:4:23 | call to operator new | test.cpp:14:12:14:26 | call to can_return_null | provenance | | +| test.cpp:3:7:3:21 | *can_return_null | test.cpp:14:12:14:26 | call to can_return_null | provenance | | +| test.cpp:4:10:4:23 | call to operator new | test.cpp:3:7:3:21 | *can_return_null | provenance | | +| test.cpp:4:10:4:23 | call to operator new | test.cpp:4:10:4:23 | call to operator new | provenance | | +| test.cpp:8:23:8:23 | 0 | test.cpp:8:23:8:23 | 0 | provenance | | | test.cpp:8:23:8:23 | 0 | test.cpp:10:12:10:24 | localVariable | provenance | | nodes +| test.cpp:3:7:3:21 | *can_return_null | semmle.label | *can_return_null | | test.cpp:4:10:4:23 | call to operator new | semmle.label | call to operator new | +| test.cpp:4:10:4:23 | call to operator new | semmle.label | call to operator new | +| test.cpp:8:23:8:23 | 0 | semmle.label | 0 | | test.cpp:8:23:8:23 | 0 | semmle.label | 0 | | test.cpp:10:12:10:24 | localVariable | semmle.label | localVariable | | test.cpp:12:12:12:18 | 0 | semmle.label | 0 |