microsoft
diff --git a/‎cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
Lines changed: 18 additions & 1 deletion b/‎cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
Lines changed: 18 additions & 1 deletion
diff --git a/‎cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c
Lines changed: 7 additions & 0 deletions b/‎cpp/ql/test/query-tests/Likely Bugs/Format/WrongNumberOfFormatArguments/syntax_errors.c
Lines changed: 7 additions & 0 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected
Lines changed: 33 additions & 33 deletions b/‎csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected
Lines changed: 33 additions & 33 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected
Lines changed: 62 additions & 62 deletions b/‎csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected
Lines changed: 62 additions & 62 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
Lines changed: 4 additions & 4 deletions b/‎csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
Lines changed: 4 additions & 4 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
Lines changed: 4 additions & 4 deletions b/‎csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
Lines changed: 4 additions & 4 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
Lines changed: 4 additions & 4 deletions b/‎csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
Lines changed: 4 additions & 4 deletions
diff --git a/‎csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
Lines changed: 7 additions & 7 deletions b/‎csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
Lines changed: 7 additions & 7 deletions
@@ -16,6 +16,20 @@
 
 import cpp
 
+class SyntaxError extends CompilerError {
+  SyntaxError() { this.getTag().matches("exp_%") }
+
+  predicate affects(Element e) {
+    exists(Location l1, Location l2 |
+      l1 = this.getLocation() and
+      l2 = e.getLocation()
+    |
+      l1.getFile() = l2.getFile() and
+      l1.getStartLine() = l2.getStartLine()
+    )
+  }
+}
+
 from FormatLiteral fl, FormattingFunctionCall ffc, int expected, int given, string ffcName
 where
   ffc = fl.getUse() and
@@ -27,7 +41,10 @@ where
     if ffc.isInMacroExpansion()
     then ffcName = ffc.getTarget().getName() + " (in a macro expansion)"
     else ffcName = ffc.getTarget().getName()
-  )
+  ) and
+  // A typical problem is that string literals are concatenated, but if one of the string
+  // literals is an undefined macro, then this just leads to a syntax error.
+  not exists(SyntaxError e | e.affects(fl))
 select ffc,
   "Format for " + ffcName + " expects " + expected.toString() + " arguments but given " +
     given.toString()
@@ -0,0 +1,7 @@
+// semmle-extractor-options: --expect_errors
+
+extern int printf(const char *fmt, ...);
+
+void test_syntax_error() {
+    printf("Error code %d: " FMT_MSG, 0, "");
+}
@@ -8,8 +8,8 @@ models
 | 7 | Summary: System.Linq; Queryable; false; AsQueryable<TElement>; (System.Collections.Generic.IEnumerable<TElement>); ; Argument[0].Element; ReturnValue.Element; value; manual |
 | 8 | Summary: System.Linq; Queryable; false; First<TSource>; (System.Linq.IQueryable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
 | 9 | Summary: System.Linq; Queryable; false; Select<TSource,TResult>; (System.Linq.IQueryable<TSource>,System.Linq.Expressions.Expression<System.Func<TSource,TResult>>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
-| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
-| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
+| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
+| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
 | 12 | Summary: System.Threading.Tasks; Task; false; Run<TResult>; (System.Func<TResult>); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual |
 | 13 | Summary: System.Threading.Tasks; Task<TResult>; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual |
 | 14 | Summary: System; Lazy<T>; false; Lazy; (System.Func<T>); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual |
@@ -412,10 +412,10 @@ edges
 | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:13 |
 | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
 | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
-| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:10 |
+| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:11 |
 | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
 | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance |  |
-| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:11 |
+| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:10 |
 | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance |  |
 | GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance |  |
 | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance |  |
 
@@ -10,8 +10,8 @@ models
 | 9 | Summary: System.Linq; Queryable; false; AsQueryable<TElement>; (System.Collections.Generic.IEnumerable<TElement>); ; Argument[0].Element; ReturnValue.Element; value; manual |
 | 10 | Summary: System.Linq; Queryable; false; First<TSource>; (System.Linq.IQueryable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
 | 11 | Summary: System.Linq; Queryable; false; Select<TSource,TResult>; (System.Linq.IQueryable<TSource>,System.Linq.Expressions.Expression<System.Func<TSource,TResult>>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
-| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
-| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
+| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
+| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
 | 14 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual |
 | 15 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual |
 | 16 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual |
@@ -452,10 +452,10 @@ edges
 | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:19 |
 | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
 | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
-| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:12 |
+| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:13 |
 | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance |  |
 | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance |  |
-| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:13 |
+| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:12 |
 | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance |  |
 | GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance |  |
 | GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance |  |
 
@@ -1,14 +1,14 @@
 models
 | 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
-| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
-| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
+| 2 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
+| 3 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
 | 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
 edges
 | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance |  |
 | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
 | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance |  |
-| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3  |
-| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
+| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:2  |
+| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:3 |
 | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance |  |
 | Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
 | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance |  |
 
@@ -1,21 +1,21 @@
 models
 | 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
-| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
+| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
 | 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
-| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
-| 5 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
+| 4 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
+| 5 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
 edges
 | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance |  |
-| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
+| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:5 |
 | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance |  |
 | Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3  |
-| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
+| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:4 |
 | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance |  |
 | Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
 | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance |  |
-| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
+| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:5 |
 | Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
-| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:5  |
+| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:2  |
 nodes
 | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
 | Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |