Skip to content

Commit 6a61549

Browse files
author
Paolo Tranquilli
committed
Merge branch 'main' into redsun82/rust-str
2 parents 36d8a6d + 295626d commit 6a61549

File tree

173 files changed

+8386
-2226
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

173 files changed

+8386
-2226
lines changed

cpp/ql/src/Critical/UseAfterFree.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<p>
99
This rule finds accesses through a pointer of a memory location that has already been freed (i.e. through a dangling pointer).
1010
Such memory blocks have already been released to the dynamic memory manager, and modifying them can lead to anything
11-
from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manger to behave
11+
from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manager to behave
1212
erratically, to a possible security vulnerability.
1313
</p>
1414

cpp/ql/src/experimental/Best Practices/GuardedFree.ql

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,9 +18,31 @@ class FreeCall extends FunctionCall {
1818
FreeCall() { this.getTarget().hasGlobalName("free") }
1919
}
2020

21+
predicate blockContainsPreprocessorBranches(BasicBlock bb) {
22+
exists(PreprocessorBranch ppb, Location bbLoc, Location ppbLoc |
23+
bbLoc = bb.(Stmt).getLocation() and ppbLoc = ppb.getLocation()
24+
|
25+
bbLoc.getFile() = ppb.getFile() and
26+
bbLoc.getStartLine() < ppbLoc.getStartLine() and
27+
ppbLoc.getEndLine() < bbLoc.getEndLine()
28+
)
29+
}
30+
2131
from GuardCondition gc, FreeCall fc, Variable v, BasicBlock bb
2232
where
2333
gc.ensuresEq(v.getAnAccess(), 0, bb, false) and
2434
fc.getArgument(0) = v.getAnAccess() and
25-
bb = fc.getEnclosingStmt()
35+
bb = fc.getBasicBlock() and
36+
(
37+
// No block statement: if (x) free(x);
38+
bb = fc.getEnclosingStmt()
39+
or
40+
// Block statement with a single nested statement: if (x) { free(x); }
41+
strictcount(bb.(BlockStmt).getAStmt()) = 1
42+
) and
43+
strictcount(BasicBlock bb2 | gc.ensuresEq(_, 0, bb2, _) | bb2) = 1 and
44+
not fc.isInMacroExpansion() and
45+
not blockContainsPreprocessorBranches(bb) and
46+
not (gc instanceof BinaryOperation and not gc instanceof ComparisonOperation) and
47+
not exists(CommaExpr c | c.getAChild*() = fc)
2648
select gc, "unnecessary NULL check before call to $@", fc, "free"
Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,5 @@
11
| test.cpp:5:7:5:7 | x | unnecessary NULL check before call to $@ | test.cpp:6:5:6:8 | call to free | free |
2-
| test.cpp:23:7:23:7 | x | unnecessary NULL check before call to $@ | test.cpp:26:5:26:8 | call to free | free |
3-
| test.cpp:31:7:31:8 | ! ... | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
4-
| test.cpp:31:7:31:24 | ... \|\| ... | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
5-
| test.cpp:31:8:31:8 | x | unnecessary NULL check before call to $@ | test.cpp:35:3:35:6 | call to free | free |
6-
| test.cpp:94:12:94:12 | x | unnecessary NULL check before call to $@ | test.cpp:94:3:94:13 | call to free | free |
7-
| test.cpp:98:7:98:8 | ! ... | unnecessary NULL check before call to $@ | test.cpp:101:3:101:6 | call to free | free |
8-
| test.cpp:98:8:98:8 | x | unnecessary NULL check before call to $@ | test.cpp:101:3:101:6 | call to free | free |
2+
| test.cpp:10:7:10:7 | x | unnecessary NULL check before call to $@ | test.cpp:11:5:11:8 | call to free | free |
3+
| test.cpp:42:7:42:7 | x | unnecessary NULL check before call to $@ | test.cpp:43:5:43:8 | call to free | free |
4+
| test.cpp:49:7:49:7 | x | unnecessary NULL check before call to $@ | test.cpp:50:5:50:8 | call to free | free |
95
| test.cpp:106:7:106:18 | ... != ... | unnecessary NULL check before call to $@ | test.cpp:107:5:107:8 | call to free | free |
10-
| test.cpp:113:7:113:18 | ... != ... | unnecessary NULL check before call to $@ | test.cpp:114:17:114:20 | call to free | free |

cpp/ql/test/experimental/query-tests/Best Practices/GuardedFree/test.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,15 +20,15 @@ void test2(int *x) {
2020
}
2121

2222
void test3(int *x, bool b) {
23-
if (x) { // GOOD [FALSE POSITIVE]: x is being accessed in the body of the if
23+
if (x) { // GOOD: x is being accessed in the body of the if
2424
if (b)
2525
*x = 42;
2626
free(x);
2727
}
2828
}
2929

3030
bool test4(char *x, char *y) {
31-
if (!x || strcmp(x, y)) { // GOOD [FALSE POSITIVE]: x is being accessed in the guard and return value depends on x
31+
if (!x || strcmp(x, y)) { // GOOD: x is being accessed in the guard and return value depends on x
3232
free(x);
3333
return true;
3434
}
@@ -91,11 +91,11 @@ void test10(char *x) {
9191
if (x) free(x);
9292

9393
void test11(char *x) {
94-
TRY_FREE(x) // BAD
94+
TRY_FREE(x) // BAD [NOT DETECTED]
9595
}
9696

9797
bool test12(char *x) {
98-
if (!x) // GOOD [FALSE POSITIVE]: return value depends on x
98+
if (!x) // GOOD: return value depends on x
9999
return false;
100100

101101
free(x);
@@ -110,6 +110,6 @@ void test13(char *x) {
110110
void inspect(char *x);
111111

112112
void test14(char *x) {
113-
if (x != nullptr) // GOOD [FALSE POSITIVE]: x might be accessed in the first operand of the comma operator
113+
if (x != nullptr) // GOOD: x might be accessed in the first operand of the comma operator
114114
inspect(x), free(x);
115115
}

csharp/.vscode/launch.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
"type": "coreclr",
77
"request": "launch",
88
"preLaunchTask": "dotnet: build",
9-
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net8.0/Semmle.Extraction.CSharp.Standalone.dll",
9+
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net9.0/Semmle.Extraction.CSharp.Standalone.dll",
1010
"args": [],
1111
// Set the path to the folder that should be extracted:
1212
"cwd": "${workspaceFolder}/ql/test/library-tests/standalone/standalonemode",
@@ -35,7 +35,7 @@
3535
"type": "coreclr",
3636
"request": "launch",
3737
"preLaunchTask": "dotnet: build",
38-
"program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net8.0/Semmle.Autobuild.CSharp.dll",
38+
"program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net9.0/Semmle.Autobuild.CSharp.dll",
3939
// Set the path to the folder that should be extracted:
4040
"cwd": "${workspaceFolder}/ql/integration-tests/all-platforms/autobuild",
4141
"stopAtEntry": true,
@@ -53,7 +53,7 @@
5353
"type": "coreclr",
5454
"request": "launch",
5555
"preLaunchTask": "dotnet: build",
56-
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net8.0/Semmle.Extraction.CSharp.Driver.dll",
56+
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
5757
"stopAtEntry": true,
5858
"args": [
5959
"--binlog",

csharp/autobuilder/Semmle.Autobuild.CSharp/AutoBuildRule.cs

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -49,11 +49,9 @@ public BuildScript Analyse(IAutobuilder<CSharpAutobuildOptions> builder, bool au
4949
tryCleanExtractorArgsLogs &
5050
BuildScript.DeleteFile(Extractor.GetCSharpLogPath());
5151

52-
/// <summary>
53-
/// Execute script `s` and check that the C# extractor has been executed.
54-
/// If either fails, attempt to cleanup any artifacts produced by the extractor,
55-
/// and exit with code 1, in order to proceed to the next attempt.
56-
/// </summary>
52+
// Execute script `s` and check that the C# extractor has been executed.
53+
// If either fails, attempt to cleanup any artifacts produced by the extractor,
54+
// and exit with code 1, in order to proceed to the next attempt.
5755
BuildScript IntermediateAttempt(BuildScript s) =>
5856
(s & this.autobuilder.CheckExtractorRun(false)) |
5957
(attemptExtractorCleanup & BuildScript.Failure);

csharp/autobuilder/Semmle.Autobuild.Shared/Autobuilder.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -195,7 +195,7 @@ protected Autobuilder(IBuildActions actions, TAutobuildOptions options, Diagnost
195195
}
196196

197197
/// <summary>
198-
/// Retrieves the value of an environment variable named <paramref name="name"> or throws
198+
/// Retrieves the value of an environment variable named <paramref name="name"/> or throws
199199
/// an exception if no such environment variable has been set.
200200
/// </summary>
201201
/// <param name="name">The name of the environment variable.</param>
@@ -228,7 +228,7 @@ protected string RequireEnvironmentVariable(string name)
228228
private readonly IDiagnosticsWriter diagnostics;
229229

230230
/// <summary>
231-
/// Makes <see cref="path" /> relative to the root source directory.
231+
/// Makes <paramref name="path"/> relative to the root source directory.
232232
/// </summary>
233233
/// <param name="path">The path which to make relative.</param>
234234
/// <returns>The relative path.</returns>

csharp/autobuilder/Semmle.Autobuild.Shared/MarkdownUtil.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ public static class MarkdownUtil
2222
public static string ToMarkdownLink(this string link, string title) => $"[{title}]({link})";
2323

2424
/// <summary>
25-
/// Renders <see cref="projects" /> as a markdown list of the project paths.
25+
/// Renders <paramref name="projects"/> as a markdown list of the project paths.
2626
/// </summary>
2727
/// <param name="projects">
2828
/// The list of projects whose paths should be rendered as a markdown list.
@@ -35,7 +35,7 @@ public static string ToMarkdownList(this IEnumerable<IProjectOrSolution> project
3535
}
3636

3737
/// <summary>
38-
/// Renders <see cref="items" /> as a markdown list.
38+
/// Renders <paramref name="items" /> as a markdown list.
3939
/// </summary>
4040
/// <typeparam name="T">The item type.</typeparam>
4141
/// <param name="items">The list that should be formatted as a markdown list.</param>

csharp/documentation/library-coverage/coverage.csv

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,39 +8,40 @@ ILLink.Shared,,,31,,,,,,,,,,,,,,,,,,,11,20
88
ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1
99
Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26
1010
Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7
11-
Internal.TypeSystem,,,328,,,,,,,,,,,,,,,,,,,201,127
11+
Internal.TypeSystem,,,329,,,,,,,,,,,,,,,,,,,201,128
1212
JsonToItemsTaskFactory,,,11,,,,,,,,,,,,,,,,,,,1,10
1313
Microsoft.Android.Build,,1,14,,,,,,,,,,,,,1,,,,,,12,2
1414
Microsoft.Apple.Build,,,7,,,,,,,,,,,,,,,,,,,7,
1515
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
1616
Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2,
17-
Microsoft.Diagnostics.Tools.Pgo,,,23,,,,,,,,,,,,,,,,,,,2,21
17+
Microsoft.Diagnostics.Tools.Pgo,,,25,,,,,,,,,,,,,,,,,,,2,23
1818
Microsoft.DotNet.Build.Tasks,,,10,,,,,,,,,,,,,,,,,,,8,2
19+
Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1,
1920
Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
2021
Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3
21-
Microsoft.Extensions.Caching.Memory,,,31,,,,,,,,,,,,,,,,,,,5,26
22-
Microsoft.Extensions.Configuration,,3,91,,,,,,,,,,,,,3,,,,,,25,66
23-
Microsoft.Extensions.DependencyInjection,,,130,,,,,,,,,,,,,,,,,,,17,113
22+
Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32
23+
Microsoft.Extensions.Configuration,,3,101,,,,,,,,,,,,,3,,,,,,29,72
24+
Microsoft.Extensions.DependencyInjection,,,202,,,,,,,,,,,,,,,,,,,15,187
2425
Microsoft.Extensions.DependencyModel,,1,16,,,,,,,,,,,,,1,,,,,,14,2
2526
Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13
2627
Microsoft.Extensions.FileProviders,,,17,,,,,,,,,,,,,,,,,,,7,10
27-
Microsoft.Extensions.FileSystemGlobbing,,,22,,,,,,,,,,,,,,,,,,,11,11
28-
Microsoft.Extensions.Hosting,,,39,,,,,,,,,,,,,,,,,,,29,10
28+
Microsoft.Extensions.FileSystemGlobbing,,,21,,,,,,,,,,,,,,,,,,,10,11
29+
Microsoft.Extensions.Hosting,,,58,,,,,,,,,,,,,,,,,,,29,29
2930
Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2
30-
Microsoft.Extensions.Logging,,,64,,,,,,,,,,,,,,,,,,,25,39
31-
Microsoft.Extensions.Options,,,14,,,,,,,,,,,,,,,,,,,14,
32-
Microsoft.Extensions.Primitives,,,72,,,,,,,,,,,,,,,,,,,67,5
33-
Microsoft.Interop,,,137,,,,,,,,,,,,,,,,,,,70,67
31+
Microsoft.Extensions.Logging,,,91,,,,,,,,,,,,,,,,,,,25,66
32+
Microsoft.Extensions.Options,,,68,,,,,,,,,,,,,,,,,,,44,24
33+
Microsoft.Extensions.Primitives,,,73,,,,,,,,,,,,,,,,,,,67,6
34+
Microsoft.Interop,,,159,,,,,,,,,,,,,,,,,,,75,84
3435
Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2
3536
Microsoft.NET.Sdk.WebAssembly,,,2,,,,,,,,,,,,,,,,,,,1,1
3637
Microsoft.NET.WebAssembly.Webcil,,,6,,,,,,,,,,,,,,,,,,,6,
3738
Microsoft.VisualBasic,,,13,,,,,,,,,,,,,,,,,,,1,12
3839
Microsoft.WebAssembly.Build.Tasks,,,9,,,,,,,,,,,,,,,,,,,8,1
3940
Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2
40-
Mono.Linker,,,287,,,,,,,,,,,,,,,,,,,145,142
41+
Mono.Linker,,,293,,,,,,,,,,,,,,,,,,,145,148
4142
MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
4243
Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
4344
ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
4445
SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5
45-
System,54,47,10313,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5351,4962
46+
System,54,47,10818,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5511,5307
4647
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,

csharp/documentation/library-coverage/coverage.rst

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ C# framework & library support
88

99
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
1010
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
11-
System,"``System.*``, ``System``",47,10313,54,5
12-
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",57,1848,148,
13-
Totals,,104,12168,396,5
11+
System,"``System.*``, ``System``",47,10818,54,5
12+
Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",57,2068,148,
13+
Totals,,104,12893,396,5
1414

0 commit comments

Comments
 (0)